-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
On 21-09-15 14:34, Hajo Locke wrote:
Hello,
i use sieve extension sieve_extprograms to send incoming mail to some script. For security reasons it is needed that script-paths etc. are registered in dovecot.conf This is my current dovecot.conf
plugin { sieve = ~/.dovecot.sieve sieve_plugins = sieve_extprograms sieve_extensions = +vnd.dovecot.pipe +vnd.dovecot.filter +vnd.dovecot.execute sieve_pipe_bin_dir = /usr/local/bin/ sieve_filter_bin_dir = /usr/local/bin/ }
.dovecot.sieve example:
if address "to" "test@example.com" { filter "myfilter"; }
This is all working without problems.
Is there a possibility to allow users the execution of individual scripts in own homepath? Some people need to pipe mails to scripts for immediately processing (some ticketsystems need this). Is there a way to make this possible with sieve?
I'd hope that for a ticketing system setup that needs this, the mail admin is asked to help setup a proper solution. The very design where the mail admin decides which programs are (safe to) run is based on security.
If you really want your users to define their own programs to run, you could create a simple shell script and setup it up as an extprogram, which delivers their mail to procmail. But it's surely the ugliest workaround I made up this year... ;P
Tom -----BEGIN PGP SIGNATURE----- Version: GnuPG v2
iQIcBAEBCAAGBQJWADcuAAoJEJPfMZ19VO/110oP/R9EztNAlI/QsfBPAVqRYI5k PGPAeCwb952BUKQNbx8koVChsL4nMnX8QqcUDyg0NUN1H4ImZhAGbdNBISGmpVmI 3wb1EjGkadoSC+t6NXqAP+fIljNZe9gA2T54J+w8iDl3Qv6zNCq6eIWAS8xYPLOG /0l1uJ+eVs2UvPpHMGXT+XI649nyIzsB2ac0TP6EffcxX9tY7O3LhEMvgZWBSm72 POAa+TYApb4jsZFcffgZAbFFoyDgujL3sxK8yBHNu3q8xYDJ2dLJxEVQwneKsc/1 6N18c4TWrl3TnhCEWbzq5pjSsqaEAW6wyQXFxw1j7k41cplWgZB2wuCLyMo448E6 P820HA4T4Vd19Lk0VsIaCj4CTVCE4BQ+mhRi/rDFOqa32iObtp8e9sAcz8bzsjof Si7Z2jtv6S8B8Jw8pX5e0zNeTtcguYLVwOJEFadjmmOXK0qWvkA+Cstx+2Yhcal9 1p6CaNzPSXjKV1d1RWjYtGfK8FjkWYKcpO/csfjswQjucAEUGv2+W3NLd39p/Esg /7KLlE9d4Ar86SK0GX72oDg7L2zOxSXd1rpC2DUae+WLIzzX+bY+mNxMjeabcSQl 2/baD0jiTT2g2vb+QtBUlZmB8hdqnfALC6lL47yoojBjwX1cjjZzXsiqt0O+zKb9 pZPm6gzKVTnNpdGN+LX5 =h/hT -----END PGP SIGNATURE-----