sieve_extprograms - run any individual script?

Hajo Locke Hajo.Locke at gmx.de
Tue Sep 22 09:04:16 UTC 2015 

Hello,

Am 22.09.2015 um 00:37 schrieb Stephan Bosch:
> Op 9/21/2015 om 2:34 PM schreef Hajo Locke:
>> Hello,
>>
>> i use sieve extension sieve_extprograms to send incoming mail to some
>> script.
>> For security reasons it is needed that script-paths etc. are
>> registered in dovecot.conf
>> This is my current dovecot.conf
>>
>> plugin {
>>    sieve = ~/.dovecot.sieve
>>    sieve_plugins = sieve_extprograms
>>    sieve_extensions = +vnd.dovecot.pipe +vnd.dovecot.filter
>> +vnd.dovecot.execute
>>    sieve_pipe_bin_dir = /usr/local/bin/
>>    sieve_filter_bin_dir = /usr/local/bin/
>> }
>>
>> .dovecot.sieve example:
>>
>> if address "to" "test at example.com"
>> {
>>          filter "myfilter";
>> }
> Uhh.. you're pointing extprograms to a directory where many programs can
> be installed by default. That is unwise to put it mildly. Do not allow
> Sieve to execute random programs like this. Typical use is to point it
> to a directory of scripts that check their arguments vigorously for
> malicious use, not common system tools.

We use some global scripts for mail-processing which are located in 
/usr/local/bin/
Just a bunch of scripts is available, others are blocked  by 
chmod+apparmor.  Users cant upload own scripts to /usr/local/bin
>
>> This is all working without problems.
>
>> Is there a possibility to allow users the execution of individual
>> scripts in own homepath? Some people need to pipe mails to scripts for
>> immediately processing (some ticketsystems need this).
>> Is there a way to make this possible with sieve?
> It is generally not a good idea to let any user just execute any program
> they like from Sieve. The LMTP seteuid root privileges are dropped
> before executing the program, but still...
I dont see the big problem here. we migrating from mbox to mdbox and by 
the way we have to switch from procmail to sieve.
procmail is a dinosaur but reliable. starting scripts etc. all is 
possible. procmail/sieve are running with userprivileges.

Our users cant reach other mailboxes/useraccounts, additional we use 
apparmor to prevent curious OS-access.
may be 0.5 or 1% of users want to use individual scripts but in a 
hosting company it is not easy to tell that long time used technics get 
abolished.

Complete disabling to run individual scripts may be good for 
standard-users, but admins should not be restricted without chance of 
change.

>
> About your question: the extprograms plugin currently supports only one
> directory for programs. You could use those scripts to execute/include a
> script in the user's directory, e.g. based on script parameters. You can
> also set sieve_*_bin_dir from userdb, to make these user-specific.
We already use plenty userdb settings. i will try to add sieve_*bin_dir, 
but it seems of cost of our global-scripts in /usr/local/bin/ .
>
> Regards,
>
> Stephan.
>


Thanks,
Hajo

More information about the dovecot mailing list