On 7-Mar-2009, at 08:11, Charles Marcus wrote:
On 3/7/2009, mouss (mo...@ml.netoyen.net) wrote:
if all extensions are acceptable (not very recommended),
Ok, this caught my attention...
Yes, I was planning on allowing any extension to be used/made up on
the
fly... thje purpose for using the extension will be for signing up for
different sites/lists/things, so I can use the same address, but be
able
to distinguish mail that comes to me via that service...
Yep, that's what I do, and I've yet to hear a valid security concern
other than "user could create a lot of folders in their Maildir.
It's very easy to do in /etc/procmailrc though
:0
* ! ? test -f $HOME/.procmailrc
{
ARG=$1
LOG="User has no procmailrc logname=$logn...@$host HOME=$HOME$NL"
:0 fw
| /usr/local/bin/spamc -u $LOGNAME
DROPPRIVS=YES
DEFAULT=$HOME/Maildir
:0
* ! ARG ^^^^
.$ARG/
:0
* ^X-Spam-Status:(.*\<)?Yes
.SPAM/
:0
$DEFAULT/
}
LOG="User $logn...@$host has a .procmailrc, processing...$NL"
If the user does not have a .procmailrc, get teh extension and save it
in ARG, check the message against SA, and then, if there was an
extension. Save the file in that folder. If the message is spam,
save it in .Spam, else save it in DEFAULT. (Some people will want to
put the spamcheck BEFORE the ARG check.
So, is there maybe some kind of regex that could be used to make this
safer? Ie, only allow safe characters, or something?
What unsafe characters are allowed in a username portion of the email
address?
--
if you ever get that chimp of your back, if you ever find the thing
you lack, ah but you know you're only having a laugh. Oh, oh
here we go again -- until the end.
