Re: [maildropl] Virtual users and safety; checking syntax
Brought to you by:
mrsam
From: Rolan Y. <ro...@om...> - 2005-01-21 17:31:40
|
I ended up going that route with a combination of web forms and sudo scripts. It is a security risk and you really have to protect the user from being allowed to write anything directly in their .mailfilter. My web scripts are simply checkbox forms which enable/disable spam and antivirus filtering and vacation autoreplies. There is a squirremail module which allows the user to create basic search/match rules and forward mail to designated folders. http://www.squirrelmail.org/plugin_view.php?id=210 It's a bit tricky to set up. Instead of using sudo, the author has devised a suid permissions hack which alters the ownership of the .mailfilter file accordingly. You can get an idea of how to write your own script by examining the source in the module. ~Rolan Troels Arvin wrote: >I'm considering creation of a web-frontend combined with a sudo-run >script, so that (virtual) users may install maildrop filters in their >virtual home directories. However, can that be made safe at all? - As far >as I can see, maildrop filters may call any system command (like "rm -fr >/var/maildirs") through command substitution. Is it possible to bring >maildrop in a "safety mode" where only a limited set of directives are >available? > >Next: If it is somehow possible, is there a way to make maildrop do syntax >checking of a filter file? - I would like to do that, so that filters with >syntax errors are not installed. > >If neither wish has a reasonable solution: Does someone know of solutions >which somehow allow virtual users to create simple filter-rules, such as >"If from X, then put in Y"? (Such as is possible with Sieve scripts.) > > > |