Op 9/21/2015 om 2:34 PM schreef Hajo Locke:
Hello,
i use sieve extension sieve_extprograms to send incoming mail to some script. For security reasons it is needed that script-paths etc. are registered in dovecot.conf This is my current dovecot.conf
plugin { sieve = ~/.dovecot.sieve sieve_plugins = sieve_extprograms sieve_extensions = +vnd.dovecot.pipe +vnd.dovecot.filter +vnd.dovecot.execute sieve_pipe_bin_dir = /usr/local/bin/ sieve_filter_bin_dir = /usr/local/bin/ }
.dovecot.sieve example:
if address "to" "test@example.com" { filter "myfilter"; }
Uhh.. you're pointing extprograms to a directory where many programs can be installed by default. That is unwise to put it mildly. Do not allow Sieve to execute random programs like this. Typical use is to point it to a directory of scripts that check their arguments vigorously for malicious use, not common system tools.
This is all working without problems.
Is there a possibility to allow users the execution of individual scripts in own homepath? Some people need to pipe mails to scripts for immediately processing (some ticketsystems need this). Is there a way to make this possible with sieve?
It is generally not a good idea to let any user just execute any program they like from Sieve. The LMTP seteuid root privileges are dropped before executing the program, but still...
About your question: the extprograms plugin currently supports only one directory for programs. You could use those scripts to execute/include a script in the user's directory, e.g. based on script parameters. You can also set sieve_*_bin_dir from userdb, to make these user-specific.
Regards,
Stephan.