li...@datenritter.de writes:
Below is how I did it. Unfortunately the script stopped working a few months ago writing hundreds of mails to (mbox?-)files with useful names like ".@".My debug version with some extra logging needs more input, so I'll send it to this list... ["Yo dawg, I heard you like mail filters..."] Anyway, it's meant to make everything maintenance free. When the first mail from a list you subscribed to is received, a maildir ".listname@some_domain_tld" is created and added to courierimapsubscribed. # Check X-BeenThere which every good list server sets. # List-ID is okay, too. if ( /^X-BeenThere:\s+(.*)@(.*)/ ) { # Pick local part and domain part, replace the dots with # underscores. ### BUG: This leaves LPART and DPART empty. :( ### LPART=`echo $MATCH1 | sed "s/\./_/g"`
If someone were to send an email with a carefully crafted header that reads: "X-BeenThere: ; rm -rf $HOME" you'll have a lot of cleanup to do.
Maybe additional quotation marks are required around "$MATCH[1|2]"?
Maybe scrap the whole thing. Use backticks to feed the email to a Perl script that safely parses headers.
At the very least use an additional =~ operator to verify that matched pattern is sane:
LOCALPART=$MATCH1 if ($LOCALPART =~ /^[A-Za-z0-9\.\-]+$/)Then you can proceed and safely substitute $LOCALPART into an executed command.
pgpx7gjaJ2FBC.pgp
Description: PGP signature
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users