Re: sieve sending vacation message from vm...@ns1.domain.tld
I use dovecot-lda for delivery where the parms are: -d ${user}@${domain} -a {recipient} -f ${sender} -m ${extension} Perhaps they may work for /usr/libexec/dovecot/deliver [0:root@elmo webmaster]$ rpm -q dovecot dovecot-2.2.22-1.fc22.x86_64 Bill On 10/12/2016 10:56 AM, Wietse Venema wrote: Matthew Broadhead: [vaction messages sent by DOVECOT have vmail as the sender] I read somewhere it might have something to do with a line in master.cf dovecot unix - n n - - pipe flags=DRhu user=vmail:mail argv=/usr/libexec/dovecot/deliver -d ${recipient} Maybe a question for the Dovecot list? After all the message is sent by DOVECOT. Wietse
Re: how to proper use content_filter
Pawe? Grzesik: > I think I can do the same in Ruby using IO.popen like: > > IO.popen(["/usr/sbin/sendmail", "-G", "-i", my_str], "w") do |pipe| > > as I see in this case I don't even need to use my_str with \" \". > > But I'm still confused about -f option in master.cf, and characters "--" > between ${sender} and ${recipient}. > Why is that? Specify popen(["/usr/sbin/sendmail", "-G", "-i", "-f", sender, "--", my_str, "w") The -- is needed to close a different security hole. If you don't know about these bugs that go back to 1996 and earlier, then please don't write code that handles network data. Wietse
Re: how to proper use content_filter
I think I can do the same in Ruby using IO.popen like: IO.popen(["/usr/sbin/sendmail", "-G", "-i", my_str], "w") do |pipe| as I see in this case I don't even need to use my_str with \" \". But I'm still confused about -f option in master.cf, and characters "--" between ${sender} and ${recipient}. Why is that? Thanks, Pawel 2016-10-13 21:24 GMT+01:00 Wietse Venema: > Pawe? Grzesik: > > Good point. I changed it to: > > > > IO.popen("/usr/sbin/sendmail -G -i \"#{my_str}\"", "w") do |pipe| > > > > So now it should be secure (same as using $@ instead of $*). > > Am I right? or I'm still missing something? > > Sorry, that is still a shell command line. You need an API that > passes a vector of arguments, not a command line. > > Such as Python's > > os.popen(["/usr/sbin/sendmail", "-G", "-i", ...], "w"). > > This bug is actually very old. An early publication is at > https://www.cert.org/historical/advisories/CA-1996-06.cfm > > Wietse >
Re: how to proper use content_filter
Pawe? Grzesik: > Good point. I changed it to: > > IO.popen("/usr/sbin/sendmail -G -i \"#{my_str}\"", "w") do |pipe| > > So now it should be secure (same as using $@ instead of $*). > Am I right? or I'm still missing something? Sorry, that is still a shell command line. You need an API that passes a vector of arguments, not a command line. Such as Python's os.popen(["/usr/sbin/sendmail", "-G", "-i", ...], "w"). This bug is actually very old. An early publication is at https://www.cert.org/historical/advisories/CA-1996-06.cfm Wietse
Re: how to proper use content_filter
Good point. I changed it to: IO.popen("/usr/sbin/sendmail -G -i \"#{my_str}\"", "w") do |pipe| So now it should be secure (same as using $@ instead of $*). Am I right? or I'm still missing something? Thanks, Pawel 2016-10-13 11:50 GMT+01:00 Wietse Venema: > Pawe? Grzesik: > > IO.popen("/usr/sbin/sendmail -G -i #{my_str}", "w") do |pipe| > > And there you have a giant security hole. What happens if an email > address contains shell special characters? You specify flags=Rq in > the pipe daemon command, but that quotes email addresses according > to RFC822, not to make them resistant against shell command injection. > > (Note that the shell script example in FILTER_README does not > have this issue becasue that does not re-parse its arguments). > > Wietse >
Re: how to proper use content_filter
Pawe? Grzesik: > IO.popen("/usr/sbin/sendmail -G -i #{my_str}", "w") do |pipe| And there you have a giant security hole. What happens if an email address contains shell special characters? You specify flags=Rq in the pipe daemon command, but that quotes email addresses according to RFC822, not to make them resistant against shell command injection. (Note that the shell script example in FILTER_README does not have this issue becasue that does not re-parse its arguments). Wietse
how to proper use content_filter
Hi All, I'm trying to understand how content_filter works. According to the documentation I can create a simple script and use content_filter to send an e-mail to it. That's my config of master.cf: proxyunix - n n - 10 pipe flags=Rq user=filter null_sender= argv=/usr/local/bin/proxy -f ${sender} ${recipient} smtp inet n - n - - smtpd -o content_filter=proxy:dummy So that's exactly the same as an example from to doc. And now, my script is: IO.popen("/usr/sbin/sendmail -G -i #{my_str}", "w") do |pipe| pipe.puts @mail_content pipe.close_write end Where my_str is a string of all arguments (sender and recipients): ARGV.each { |recipient| my_str.concat("#{recipient} ") } which is basically: "-f sender@mymail user1@mymail user2@mymail" The point os using it that way is because I noticed that bcc e-mail is on that list and in the same way it's not in the mail headers. So I'm sending that list of all recipients to the sendmail so I can put an e-mail again to the queue without changing anything (and not losing bcc). It works fine but when I change it to the Golang and I did mostly the same: func sendMail(recipients string, maildata []byte) int { cmd := exec.Command("/usr/sbin/sendmail", "-G", "-i", recipients) pipe, err := cmd.StdinPipe() if err != nil { log.Fatal(err) } if err = cmd.Start(); err != nil { log.Fatal(err) } fmt.Fprintf(pipe, "%s", maildata) err = pipe.Close() if err != nil { log.Fatal(err) } return 0 } So exactly like in Ruby I'm executing sendmail: /usr/sbin/sendmail -G -i (recipients from postfix ARGS) but that does not work, on the logs I have: warning: -f option specified malformed sender: ... and fatal: Recipient addresses must be specified on the command line or via the -t option I'm not really sure why is that. Why it works in Ruby and not in Go? I'm calling it in exactly the same way and I have the same output on the console. How I should handle it? Can someone give me some hint? Thanks, Pawel
Re: so many warnings, are these spams?
On 2016-10-13 08:30, vod vos wrote: Oct 12 14:38:50 postfix/smtpd[1877]: warning: hostname 4d1q192.urbanchipps.net does not resolve to address 104.200.137.192: Name or service not known are these spams, how can I do? thanks. no its more just a badly configured mailserver that have not performed fully qualified dns reverse name for that ip basic: host dig does not match same ip vs ptr and you cant do anything to it
so many warnings, are these spams?
Hello guys, when I cat /var/log/mail.log | grep warn It shows Oct 12 14:20:55 postfix/smtpd[2431]: warning: hostname static-bbs-74-184-3-210-on-nets.com does not resolve to address 210.3.184.74: Name or service not known Oct 12 14:38:50 postfix/smtpd[1877]: warning: hostname 4d1q192.urbanchipps.net does not resolve to address 104.200.137.192: Name or service not known and many many of such logs. are these spams, how can I do? thanks. sincerely yours