OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Michael Tokarev (mjttls.msk.ru)
Date: Wed Aug 01 2001 - 08:07:00 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    Wietse Venema wrote:
    >
    []
    > > Second, why "flags=R" of pipe(8) daemon? Why add Return-Path here?
    >
    > Does it hurt?

    Why use it at all here? Well, this is really a non-issue.

    > > + flags=q user=filter argv=/somewhere/filter ${sender} ${recipient}
    > ...
    > > + SENDER="$1"
    > > + shift
    > > +
    > > - $SENDMAIL "$" <in.$$
    > ....
    > > + $SENDMAIL -i -f "$SENDER" -- "$" <in.$$
    >
    > There is no need to change the argument vector, and therefore it
    > MUST NOT be changed.

    I missed you here (or vise versa). sendmail gots here *correct*
    arguments. And the *only* change here compared to original version
    is addition of "-i" flag. The reason for this change is:
     a) it is more clear what exactly sendmail gets (before a change,
       e.g. "--" delimiter was "hidden" in master.cf file; now it
       is explicit.
     b) people often wants some "report mails" aka "virus alerts" to
      be sent where it says about who was sender and who was recipient(s).
      In my variant, them are explicit again (sender is $SENDER,
      recipients are $), while in original one them are together with
      some option(s) (-f to be concretic).
     c) -i option is needed anyway, so it should be added somewhere.
      With given approach when options are in master.cf line, it
      should be added there, not into script itself. Just for
      consistence: why not add sendmail command to here too, to read
       argv=/some/where/script /usr/sbin/sendmail -i -f ${sender} -- ${recipient},
      and use
        "$" <in.$$
      in script itself? Ugly.

    Why I discovered this is: I just talks with another antivirus people,
    drweb (www.sald.com), them written a script to use as a filter.
    And (besides their poor experience with shell scripting) them made
    tons of errors (like missing quotes, using $* instead of "$",
    etc). I asked why them not used example provided in FILTER_README,
    but answer is obvious: this script does not have separate $SENDER
    and $RECIPIENTS[] to use for virus reporting etc., and not intended
    to separate them as it is called from master.cf. If the
    above proposed changes will be made, such a people will made
    less (sometimes non-obvious) mistakes (and even experienced ones).

    > Wietse

    Regards,
     Michael.
    -
    To unsubscribe, send mail to majordomopostfix.org with content
    (not subject): unsubscribe postfix-users