Thanks Charles! I'll still dig into the docs some more....
.mark
>----------
>From: Charles Cazabon[SMTP:[EMAIL PROTECTED]]
>Sent: Friday, August 17, 2001 11:57 AM
>To: [EMAIL PROTECTED]
>Subject: Re: Perl and Qmail
>
>[EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
>> My script is going to
>> ask for some comments to be emailed to the administrator. I was going to
>> simply pipe everything into qmail-inject, but then once I got into
>> untainting the data, this could pose some problems. If I understand all
>> this correctly, would simply piping text into qmail-inject open one up
>> as a relay?? The malicious user could put valid SMTP headers right in
>> the comments and qmail-inject would take it.
>
>qmail-inject can take an option to prevent it from using any recipients
>listed in the message headers. The default is to only look at headers
>for recipients if none are specified on the commandline.
>
>Therefore, if you script opens qmail-inject like this:
>
> qmail-inject [other options] [EMAIL PROTECTED]
>
>Then it doesn't matter what the message content is; it will all go to
>[EMAIL PROTECTED], so no relaying happens.
>
>Charles
>--
>-----------------------------------------------------------------------
>Charles Cazabon <[EMAIL PROTECTED]>
>GPL'ed software available at: http://www.qcc.sk.ca/~charlesc/software/
>-----------------------------------------------------------------------
>
>
>
