 | Start a set with this search |
 | Include this search in one of my sets |
 | Exclude this search from one of my sets |
 | Permalink to these results Paste this link in email or IM: |
 | Atom feed for tracking future search results Paste this URL into your reader: |
12 messages in net.sourceforge.lists.courier-maildropRe: [maildropl] Handling mailing lists| From | Sent On | Attachments |
|---|---|---|
| D.J. Bolderman | Jun 6, 2002 6:33 am | |
| Eduardo Gargiulo | Jun 6, 2002 6:57 am | |
| D.J. Bolderman | Jun 6, 2002 7:15 am | |
| Derrick 'dman' Hudson | Jun 6, 2002 7:28 am | |
| D.J. Bolderman | Jun 6, 2002 7:49 am | |
| D.J. Bolderman | Jun 6, 2002 8:07 am | |
| Luc Brouard | Jun 6, 2002 8:14 am | |
| D.J. Bolderman | Jun 6, 2002 8:19 am | |
| D.J. Bolderman | Jun 6, 2002 8:23 am | |
| Luc Brouard (mailing lists) | Jun 6, 2002 8:27 am | |
| Derrick 'dman' Hudson | Jun 6, 2002 9:09 am | |
| Derrick 'dman' Hudson | Jun 6, 2002 9:10 am |
| Permalink for this message Paste this link in email or IM: |
| Permalink for this thread Paste this link in email or IM: |
| Atom feed for this thread Paste this URL into your reader: |
| Subject: | Re: [maildropl] Handling mailing lists | Actions... |
|---|---|---|
| From: | Derrick 'dman' Hudson (dm...@dman.ddts.net) | |
| Date: | Jun 6, 2002 9:09:40 am | |
| List: | net.sourceforge.lists.courier-maildrop | |
On Thu, Jun 06, 2002 at 04:49:35PM +0200, D.J. Bolderman wrote:
| > This seems to be working : | > | > # (near the top of the file, so the regex is only run once) | > | > /^X-Mailing-List:[:space:]*!.*/:h | > X-Mailing-List:=$MATCH2 | > | > | > # (later on where I check for debian lists) | > | > if ( "${X-Mailing-List:}" =~ /debian-[a-z6]*!@lists\.debian\.org>/ ) { | > #log " => lists/$MATCH" | > F=$BASE/lists/$MATCH/ | > `$HOME/bin/create_maildir.sh "$F"` | > to "$F" | > } | | Hmmm nice one too :) I'm afraid this was a little to much to find out for | someone who just started, like me :)
It depends on your background -- I've used regexes a fair amount, so I had a similar setup in my exim filter and have seen examples using procmail (on d-u). There have also discussions of a potential hole in doing things like that. This pattern doesn't have the hole, but consider this : if ( /^X-Mailing-List:.*debian-!.*!@lists.debian.org/:h ) { to $BASE/$MATCH2 }
and suppose a malicious person sends a message with X-Mailing-List: debian-../../../../../../../etc/pas...@lists.debian.org
<grin>.
The solution is to not allow things like '/' in the text you substitute into your path. The pattern I posted last time is not vulnerable because it only allows lower-case english letters and the digit 6 (for the debian-ipv6 list).
I just realized that I should also include that create_maildir.sh script referenced above. It creates the folder if it doesn't yet exist. The script is the result of a complaint I have with maildrop and maildirmake that I'll bring up later in a new thread.
~~~~ #!/bin/bash
FOLDER="$1"
# no folder specified, bug out if [ -z "$FOLDER" ] ; then exit 1 fi
# already exists, go away if [ -d "$FOLDER" ] ; then exit 0 fi
# make it and any parent directories mkdir -p $F/{cur,new,tmp} ~~~~
Additionally I have set the variable BASE to "$HOME/Mail/MAILDROP" for testing, but will change it to "$HOME/Mail" when I switch.
HTH, -D
--
Trust in the Lord with all your heart and lean not on your own understanding; in all your ways acknowledge Him, and He will make your paths straight. Proverbs 3:5-6
GnuPG key : http://dman.ddts.net/~dman/public_key.gpg