Forrest Aldrich <[EMAIL PROTECTED]> writes: > Seems we could come up with a mailer definition to the sendmail.cf > file to pass the necessary infomation in the form of command-line > arguments. It could also be, perhaps, a Class definition such that > only certain email addresses are handled by that mailer/TMDA.
TMDA could certainly get the three variables it needs from the command line. The problem is that every user of every MTA we support, with the exception of Sendmail, would have to change their configuration. In qmail, for example, you could specify this line in your .qmail file. | preline tmda-filter $SENDER $RECIPIENT $EXT I don't know how Postfix and Exim run programs from .forward, but qmail feeds program lines found in its .qmail* files through /bin/sh, which means that the above is incredibly insecure. Perhaps Sendmail execs the "mailer" directly and not through the shell? Anyhow, this is a decision Jason would have to make and I'm pretty sure nothing will change before the release of version 1.0. > Passing data in environment variables is a dirty way of transferring > information, and can be potential source of security problems. > Passing envelope information on the command line to the mailer, as > done by sendmail, is cleaner and more secure. Hogwash. The three main Unix MTAs other than Sendmail -- qmail, Postfix and Exim -- all pass the envelope information through environment variables. All three have much better security records than Sendmail. Passing secure information, such as a private key, through environment variables *is* a bad idea. But if a cracker hijacks your TMDA session, they've got... your email address. If your email address is private, then nobody's sending you mail and you don't need TMDA. If it's public, then there are a number of easier ways to get it than a local exploit on a mail delivery. 'ls /home' seems like a good start... Tim _____________________________________________ tmda-users mailing list ([EMAIL PROTECTED]) http://tmda.net/lists/listinfo/tmda-users
