10 messages in net.sourceforge.lists.courier-users[courier-users] Re: Wierd Error Message
FromSent OnAttachments
Jim GiffordJul 26, 2004 6:33 pm 
Anand BuddhdevJul 26, 2004 6:55 pm 
Jim GiffordJul 26, 2004 8:31 pm 
Anand BuddhdevJul 27, 2004 2:48 am 
Jim GiffordJul 27, 2004 8:03 am 
Anand BuddhdevJul 27, 2004 8:48 am 
Gordon MessmerJul 27, 2004 10:46 am 
dgom...@eyecarenow.comJul 27, 2004 1:12 pm 
Arturo "Buanzo" BusleimanJul 28, 2004 5:34 pm 
Julian MehnleJul 28, 2004 6:06 pm 
Actions with this message:
Paste this link in email or IM:
Paste this link in email or IM:
Atom feed for this thread
Paste this URL into your reader:
Subject:[courier-users] Re: Wierd Error MessageActions...
From:dgom...@eyecarenow.com (dgom@eyecarenow.com)
Date:Jul 27, 2004 1:12:45 pm
List:net.sourceforge.lists.courier-users

Gordon Messmer writes:

Jim Gifford wrote:

The only thing I have in my shell that uses variables is amavis. Here is the amavis section

...

FROM=escape($SENDER) ... TO=escape($RECIPIENT) xfilter "/usr/sbin/amavis debug $SENDER $RECIPIENT"

/me snickers

So, you've gone to the trouble of escaping SENDER and RECIPEINT so that you have shell-safe values in FROM and TO, but then use SENDER and RECIPIENT on the command line? :)

xfilter "/usr/sbin/amavis debug $FROM $TO"

In all fairness, this was part of some (incorrect) instructions distributed with a patch or something. I'm a little fuzzy in the brain today, so I don't remember exactly where I got them from, but I ran into the same set of instructions for amavis. I pointed it out to the author, at which point he argued that he was right and I was wrong. So, I decided it wasn't worth the battle.

So, take pity on those following instructions without fully understanding what's going on...

I just think it's a real testament to the need to be careful which instructions we follow, and the possible security implications of simple mistakes.

Just my 2 cents worth, David