martin langhoff <[EMAIL PROTECTED]> wrote:
>
> I'm starting to be fond of the easy path qmail gives me to turn email
> addresses into commands. Now, besides my nicey development box, some of
> these commands could be useful for my users, but I'd like to implement a
> 'confim source of command' feature like ezmlm has.
[...]
> The commands I'm thinking about are not sensitive (it wouldn't be
> *that* bad if someone fools the mechanism). I understand that the
> security this mechanism provides is feeble against a knowledgeable and
> determined hacker. Most users, though, will be deterred. That's my aim.
If by "confirm source of command" you mean just check the apparent envelope
sender of the message, then the manpage for qmail-command will tell you
which environment variables qmail sets for you before calling your scripts.
You could also use ezmlm's (un)subscription confirmation mechanism, where
a confirmation code is sent to (approved) sender addresses and required in
a reply before the command is invoked.
Charles
--
-----------------------------------------------------------------------
Charles Cazabon <[EMAIL PROTECTED]>
GPL'ed software available at: http://www.qcc.sk.ca/~charlesc/software/
Any opinions expressed are just that -- my opinions.
-----------------------------------------------------------------------
