------------------------------------------------------------------------------- Terms and notes... dkim, spf & reverse-dns are just DNS records. Spf is a list of IPs that your domain "owns", dkim is a hash that proves you own the originating server. reverse-dns or 'ptr' records, is the IP to a 'user friendly' FQDN hostname Greylisting is a configuration option for email relays where they reject the first attempt of unknown servers attempting to deliver mail. spam filtering: https://docs.iredmail.org/enable.dnsbl.html is a good start ------------------------------------------------------------------------------- Handling a Mailfolder To break up a mailbox folder (mail in a single file) you can... Mail box to MH Use inc to break a mailbox into a directory of separate files. Example... mkdir t; cd t inc -file ../mbox.old + MH to Mailbox packf -mbox +Work/Machines/Gremlin/ [mesg_numbers] -file mbox formail Use formail to run a command on each mail. EG formail -ds /usr/bin/procmail < mailbox ------------------------------------------------------------------------------- Download URL's from in a mail (in procmail) COMMAND='while read url; do case "$url" in *://*) lynx -traversal -realm -crawl -number_links "$url" | $SENDMAIL -oi $LOGNAME ;; esac done' :0bw * ^Subject: xxxxx | eval "$COMMAND" ------------------------------------------------------------------------------- Using Mail Exec Many unix system allow you to filter incomming mail using the .forward file. Security is THE major problem with a mail executor system. A passwd can be used but a passwd in a mail program is highly visible in the event that your mail is mis-directed, and in the mail queue of any intervening mail host or forwarders. Of course you can encript the date and or time into the password to prevent this so that passords only have a small window of validity. ____.oOo.____ Quick and dirty. (Security hazard see below) one liner for direct inclusion in the ".forward". In your .forward file add the following :- "| awk /^#781rFtd/,/^#end/ | sh" then any message containing a line starting "#781rFtd" will be executed from that line until a line starting "#end". There are far more elegant ways of doing this but few as simple. (Note the # as the range is _inclusive_). WARNING.... Sendmail has `expn' and `vrfy' commands which will list the forward destination of mail from that system. This will LIST the forward command to anyone who cares to ask for it. As such anyone in the world can see the above `mail execute hack' and also see the password. NOTE: this will not auto return results and errors, so the message itself must do this job. Also it will not keep a record of the commands and scripts executed. mail a directory listing back to me... #781rFtd ls | mail -s "My directory listing" yourself@return.host.addr #end grab all the files in my home... #781rFtd tar cf - . | gzip | uuencode myhome.tar.gz |\ mail -s "My home directory" yourself@return.host.addr #end Hey this is Unix - the simple things are difficult but the complex things are simple! ____.oOo.____ More protected version (but not very) #!/bin/sh #server program # # DO NOT USE THIS SCRIPT THE WAY IT IS. # YOU >>>MUST<<< CHECK TO MAKE SURE "OWNER" IS VALID!! # owner=you@yourhost.foo.bar # ensure a copy is sent here PATH=/bin:/usr/bin:/usr/ucb:/ucb sleep 1800 # this is to avoid terrible loops (30 minute sleep!) file1=/tmp/server.$$ file2=/tmp/server2.$$ cat > $file1 if grep -s "Subject: server (password=shazam)" $file1 then reply=`grep -i "server-reply-to:" $file1 | sed 's/server-reply-to://'` grep "^::" $file1 | sed 's/^:://' | sh -s > $file2 Mail -s "Job record: $file1" $owner < $file1 Mail -s "Job result: $file1" $owner $reply < $file2 else Mail -s "Forwarded mail (`date`)" $owner < $file1 fi rm $file1 rm $file2 To use the above, set in your .forward and then mail... mail -s "server (password=shazam)" user@machine the lines starting with :: are executed ::pwd anothing else is ignored ::ls signed: me ____.oOo.____ Alternativally for full serurity such that the mail is definately ONLY from you, you could set up a PGP decryptor that uses your public key to decrypt. In this was only mail from you, with your private pgp key, can be decrypted by the server and thus only you can send "mailed scripts". ------------------------------------------------------------------------------- > my "|command" alias fails with > getwd: can't stat . Make sure that /usr/spool/mqueue (or whatever is your queueing directory) is publically accessible -- to the extent that a general user can 'cd' to the directory, and can then use 'pwd'. If this is not done, only members of group staff (gid 10) will be able to use the piped command feature of .forward files. This also should not be a serious problem in running C programs so long as they chdir(2) elsewhere. Unless the 'prog' mailer has the 'S' flag defined, the script will NOT be running suid. And it would be a very serious security loophole to specify the 'S' flag for the prog mailer. ---- Neil W. Rickert --- rickert@cs.niu.edu ------------------------------------------------------------------------------ Environment Note that the mail program has no environment to speak of, and in all probability will not even be in your home directory. You could set an environment up for yourself. For example:- "| ( HOME=/user/contrib/dattier TZ=CST6CDT PATH=/usr/bin:/etc:/usr/ucb:/lbin:/sbin:/usr/sbin:$HOME/scripts:/bin export HOME TZ PATH filter -vo $HOME/.elm/filtererrors date +%T >> $HOME/.elm/filterlog )" I could even have thrown a cd in there if I wanted it. Note that defining a PATH absolves me from giving the full paths to filter and date. It also relieves me of specifying full paths to the commands in 'execute' instruc- tions in .elm/filter-rules. --- David W. Tamkin --- dattier@ddsw1.mcs.com ------------------------------------------------------------------------------