Re: Secure popen

From: Kai Schulte (kaiat_private-essen.de)
Date: Thu Jun 21 2001 - 06:56:21 PDT

  • Next message: Glynn Clements: "Re: Secure popen"

    On Thu, 21 Jun 2001, Glynn Clements wrote:
    
    > > If you don't know anything about the local host's mailer or you can
    > > deliver straight to the the recipient's host,
    > 
    > Easier said than done. Correctly delivering mail involves (amongst
    > other things) looking up MX records and trying them in order of
    > decreasing priority until one succeeds. And queuing any messages which
    > can't be delivered due to transient failures.
    
    Yes, but you could use a relay host.  Besides, if your web interface is
    open to the public you should _really_ take care to send only to a very
    limited set of hosts so you won't end up as a spam portal.
    
    > > invoking the local delivery agent directly... or just locking
    > > their mail files and appending to them ;)
    > 
    > That overlooks aliases and a host of other configurable options which
    > together form part of the system's mail handling policy.
    
    If all recipients are known and local it's probably a custom solution
    anyway, so why would you waste your time sending to aliases or taking
    similar detours?
    
    > More generally, the only thing you can assume is that feeding the
    > message to the "sendmail" program (which may or may not be "Sendmail")
    > will result in it being handled appropriately.
    
    Yes, I agree it's the way to go for the general case, and it's not
    really hard to exec it securely.
    
    Kai
    



    This archive was generated by hypermail 2b30 : Thu Jun 21 2001 - 08:28:46 PDT