I am planning to forward mail sent to [EMAIL PROTECTED] to the
address [EMAIL PROTECTED] This seems easily accomplished by creating a
forward in /var/qmail/alias/.qmail-service-default. But I want to have the
same .qmail file forward mail for service-test, service-gueydg, etc...
To achieve this I put the following in
/var/qmail/alias/.qmail-service-default:
| forward $[EMAIL PROTECTED]
Unfortunately the $EXT2 variable is under control of whoever is sending the
mail. I am worried that this setup creates a security hole because the
sender could insert special shell characters. Is there any way to avoid this
risk? Is quoting the forward argument with "" characters sufficient
protection?
Or am I overly paranoid?
Regards,
Peter
