[Raw Msg Headers][Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Problems with :include: resolved... but aliases aren't trusted.



Another answer, and the one that I've adopted, is to define a new
transport channel for different programs you need to run. This could be
inconvenient if you have a LOT of programs you would normally run with
aliases, but it works fairly well.

For example, when we changed over to Zmailer as our MTA for ouur
Unix-Listserver host, I defined a new channel, listserv. In routes, it
says:

listserv	listserv!localhost

In aliases it says

listname: 	listname@listserv

When Zmailer gets mail for the 'listserv' channel, it passes the list name
as an argument to a perl script 'listserv', which looks it up in a table
and runs the Listserver 'catmail' program with the appropriate arguments
(also in the table).

This is a bit baroque, perhaps, but it works reasonably well, and has the
advantage (at least, I consider it so) of separating out all mail bound for
Listserv into its own queue.

 On Wed, 19 May 1993, Andy Poling wrote:

> On Wed, 19 May 1993, Michael Richardson wrote:
> [...]
> >   The problem is that the mailbox transport isn't interested in
> > delivering to the program.
> >   I note line 420 of transports/mailbox/mailbox.c:
> > 
> > 	case TO_PIPE:	/* pipe to program */
> > 		/* one should disallow this if uid == nobody? */
> > 		if (uid == nobody) {
> > 			DIAGNOSTIC(rp, EX_UNAVAILABLE,
> > 				       "mail to program disallowed", 0);
> > 			return;
> > 		}
> > 
> >   I can see the logic of this, but the pipe came from an alias
> > controlled by the administrator. Perhaps, aliases taken from the
> > aliases should be given the trust of the uid that owns the alias file.
> >   Actually, _I_ (mcr) own the alias file to make my maintenance life
> > easier. (If you can become me, you can become root without a password
> > on my system, so this matters little)
> 
> The simple solution that I use in these instances is to use a mailing-list
> of one address (rather than an alias).  It solves the problem because the
> mail is assigned the UID of the owner of the mailing list file.
> 
> -Andy
> 
> Andy Poling                              Internet: andy@jhunix.hcf.jhu.edu
> UNIX Systems Programmer                  Bitnet: ANDY@JHUNIX
> Homewood Academic Computing              Voice: (410)516-8096    
> Johns Hopkins University                 UUCP: uunet!mimsy!aplcen!jhunix!andy