Re: [Exim] Running Commands

Góra strony
Delete this message
Reply to this message
Autor: Joseph Kezar
Data:  
Dla: Greg Ward, exim-users
Temat: Re: [Exim] Running Commands
I am going to take the /etc/exim/vacation approach. And /etc/exim/vacation is going to be read/write to all
users.
How do I right a global filter that says if /etc/exim/vacation/$local_part exists than send an autoreply
containing the contents of /etc/exim/vacation/$local_part?
And can I use the plain mail command in conjunction with the once command? So that every time a user emails
that "away" person they only get one autoreply?
Thanks for your help!

Joseph Kezar


Greg Ward wrote:

Ouch! That sound excessively complicated. I know nothing about writing

> setuid CGI scripts, and I'd be very nervous about making the CGI script
> itself setuid. (Especially to root.)
>
> First idea: I'm sure it's possible with Exim to setup "vacation"
> messages that don't require editing a user's .forward file, and don't
> require the hoary old "vacation" program at all. Check the Exim spec;
> search for "vacation" in the index. Ditto in the filtering manual. My
> guess is you can do something like this:
>
>   * make a directory /etc/exim/vacation (it could be argued that this
>     belongs in /var: whatever)

>
>   * if a file /etc/exim/vacation/foo exists, that means user "foo"
>     is on vacation; the content of this file is the vacation message

>
>   * when a message is received for user "foo", check to see if
>     /etc/exim/vacation/foo exists.  If so, use Exim's built-in
>     "vacation" message capabilities to send notification to
>     the sender, including the contents of /etc/exim/vacation/foo.
>     Also deliver the message to foo's mailbox.

>
> I'm pretty sure you can do all this in the system filter. ISTR this is
> covered in the filtering manual; see the "mail" command.
>
> Then all you have to do is make /etc/exim/vacation writeable by your CGI
> script, and write /etc/exim/vacation/foo when user foo tells your CGI
> script he's going on vacation.
>
> Second idea: if you're absolutely wedded to the idea of using .forward
> (eg. you're not sure about this Exim thing, and might want to fallback
> on a different MTA), you can probably do it.  It'll be harder, more
> error-prone, and more likely to have security holes.  Here's what I'd
> do:
>   * write a helper program that takes exactly two arguments:
>     a username and the user's desired vacation message (as a single
>     string!).  This program's *sole* responsibility is to write
>     the .forward and .vacation file for a user.

>
>   * make it setuid root, and be VERY paranoid.  "man perlsec" until blue
>     in face.  Then it will have sufficient privileges to write any
>     user's .forward file.  You'll have to do it in C or Perl, because
>     those are your only realistic options for writing setuid programs --
>     I'd do it in Perl, personally.

>
>   * call this helper program from your CGI script.  *Avoid the shell*
>     like the plague.  Eg. if your CGI script is in Perl:
>        system "/my/setuid/helper", $username, $vacation_msg;

>
>         Greg
> --
> Greg Ward - software developer                gward@???
> MEMS Exchange                           http://www.mems-exchange.org

>
> --
> ## List details at http://www.exim.org/mailman/listinfo/exim-users Exim details at http://www.exim.org/ ##


--
Joseph Kezar