"Sebastian" == Sebastian Nielsen via dovecot dovecot@dovecot.org writes:
Dont want to pull the SMTP handler module, its pretty huge.
I think you're overlooking the security implications of NOT doing this. But you also haven't really explained why you're trying to do it this way, instead of the proper more secure way.
I have managed to get it to work better now. I did setuid the dovecot-lda, and then added www-data to the dovecot group, so now dovecot-lda executes sucessfully. This also meant I could set back the authdb to 0666 and also remove the stats-writer and stats-reader and it still works sending from www-data now. Since guest doesn't have execute rights, it means that its secure now (according to the "Multiple UID" article on the wiki)
However, I have ran into another weird problem. If I run the script like this:
sudo -u www-data ./index.cgi
The mail appears in the inbox. But if I visit index.cgi from the browser via the web server, it doesn't work.
Here is index.cgi:
#!/usr/bin/perl
use MIME::Entity; use Email::Date::Format qw(email_date); use Encode;
$mime = MIME::Entity->build(Type => "text/plain; charset=utf-8", From => "Sebastian Nielsen sebastian@sebbe.eu", To => "Dovecot-LDA Form info@localhost", Subject => encode("MIME-Header", "Räksmörgås"), Date => email_date, Data => "Testar med lite text"); open (MAILPIPE, "|/usr/lib/dovecot/dovecot-lda -d info"); $mime->print(\*MAILPIPE); close(MAILPIPE);
print "Content-Type: text/plain\n\nSuccess";
So its the exact same script, works when run from www-data via sudo, then it works, but not when done from the web server. So whats the difference? Its the same user, so it should work right?
No errors in logs either.
Why don't you just feed the data into a connection to port 25 on your system instead?
#!/usr/bin/perl
use strict;
use warnings;
use Net::SMTP;
$message = Net::SMTP->new($opts{'s'}) || die "can't talk to server $opts{'s'}\n";
$message->mail($opts{'f'});
$message->to(@ARGV) || die "failed to send to the recepients ",join(",",@ARGV),": $!";
$message->data();
$message->datasend("To: some@email.com");
$message->datasend("From: formsender@email.com");
$message->datasend("Subject: form input\n");
$message->datasend("\n");
$message->datasend("Host: $hostname ($ipaddress)\n");
$message->dataend();
$message->quit;
Doesn't seem like a bunch of overhead to me, and it keeps a nice clean seperation between your web infrastructure and your dovecot setup. I didn't try to copy your script and adapt it to Net::SMTP.
See more and better docs on: https://perldoc.perl.org/Net::SMTP
The real reason we're all harping on this is because you're opening yourself to any other badly written CGI script on your web server and giving it access to your dovecot instance. And if you decide to move your web server off this dovecot server, then you need to re-do it all anyway. With a proper script connecting to port 25, you just need to update the hostname of the mailserver and you're done.
But hey, you do you.
-----Ursprungligt meddelande----- Från: John Stoffel via dovecot dovecot@dovecot.org Skickat: den 31 oktober 2024 19:03 Till: Sebastian Nielsen sebastian@sebbe.eu Kopia: dovecot@dovecot.org Ämne: Re: dovecot-lda from www-data - doesnt work
"Sebastian" == Sebastian Nielsen via dovecot dovecot@dovecot.org writes:
m trying to deliver email from a webform, but its not working.
Why are you not feeding the email to postfix on the host, and then have postfix do all the lookups for valid users, etc. Then postfix will deliver to dovecot.
I need to be able to deliver email from "www-data" to any user on the system (that is a valid dovecot-lda mail user).
Yeah, don't do it like this, go through a proper MTA instead which handles all this for you.
It seems a security setting blocks it. I have already set authdb to 0777 in dovecot settings (because otherwise it gives an error about lookup rights), and also enabled stats-writer and stats-reader with 0666.
No no no, don't do this, you're now opening yourself up to getting hacked.
so no more error messages in log, but the above commands that does NOT work, terminate immediately, while the working command waits for email from STDIN. No error messages in either log or on STDOUT/STDERR.
How is your webform being called? If it's just a PHP handler for a submitted form, just hand it off to port 25 on localhost to deliver the email locally.
This puts all the lookups into the same place that other email is handled by, including user lookups, anti-spam, etc.
John
dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-leave@dovecot.org
dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-leave@dovecot.org