On Thu, Mar 29, 2001 at 03:06:40PM +0200, Johan Almqvist wrote:
> * Johan Almqvist <[EMAIL PROTECTED]> [010329 11:21]:
> > I wonder if anyone has written a real "bouncesaying" (qmails bouncesaying
> > just exits with an exit code that makes qmail-local do the actual
> > bouncing.
>
> With a few pointers from Frank Tegtmeyer, I've now made what I wanted
> myself. Maybe someone else finds this useful...
Without testing it, a short glance over the code reveals one quirk and
one change I'd like:
- You are using a predictable filename in /tmp without any security
whatsover. This allows a malicious users to overwrite files that you
own, perhaps gaining access to your account this way.
- It says 'this is the qmail-send program'. It is not. 'qmail-send' is
not a fixed string in the QSBMF, so why not change it?
Greetz, Peter.
