Johan Almqvist:
> > With a few pointers from Frank Tegtmeyer, I've now made what I wanted
> > myself. Maybe someone else finds this useful...

Peter van Dijk:
> Without testing it, a short glance over the code reveals one quirk and
> one change I'd like:
>
> - You are using a predictable filename in /tmp without any security
>   whatsover. This allows a malicious users to overwrite files that you
>   own, perhaps gaining access to your account this way.
> - It says 'this is the qmail-send program'. It is not. 'qmail-send' is
>   not a fixed string in the QSBMF, so why not change it?

Also, why not use the $SENDER variable that qmail provides? Not to mention
that the address mentioned in the bounce message won't match the original
recipient when using virtualdomains. That might be trickier to fix, though.
Qmail isn't handling virtual domains correctly, as far as I can tell.

/filip

Reply via email to