li...@datenritter.de writes:

Below is how I did it. Unfortunately the script stopped working a few
months ago writing hundreds of mails to (mbox?-)files with useful names
like ".@".

My debug version with some extra logging needs more input, so I'll send
it to this list... ["Yo dawg, I heard you like mail filters..."]

Anyway, it's meant to make everything maintenance free. When the first
mail from a list you subscribed to is received, a maildir
".listname@some_domain_tld" is created and added to courierimapsubscribed.


# Check X-BeenThere which every good list server sets.
# List-ID is okay, too.
if ( /^X-BeenThere:\s+(.*)@(.*)/ )
{
        # Pick local part and domain part, replace the dots with
        # underscores.
        ### BUG: This leaves LPART and DPART empty. :( ###
        LPART=`echo $MATCH1 | sed "s/\./_/g"`

If someone were to send an email with a carefully crafted header that reads: "X-BeenThere: ; rm -rf $HOME" you'll have a lot of cleanup to do.

Maybe additional quotation marks are required around "$MATCH[1|2]"?

Maybe scrap the whole thing. Use backticks to feed the email to a Perl script that safely parses headers.

At the very least use an additional =~ operator to verify that matched pattern is sane:

LOCALPART=$MATCH1

if ($LOCALPART =~ /^[A-Za-z0-9\.\-]+$/)


Then you can proceed and safely substitute $LOCALPART into an executed command.

Attachment: pgpx7gjaJ2FBC.pgp
Description: PGP signature

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Reply via email to