kovar@NDA.COM (David Kovar) writes:
# We'd like to be able to create mailing lists via email, not just add
# people to them. This seems a) relatively easy to do and b) relatively
# easy to screw up and open up a major security hole. Before I head off
# and do this, has anyone else already done it?
#
# What I'd like to do is:
#
# 1) Accept a mail message.
# 2) Validate the user as someone who is allowed to create a list.
# 3) Set up the necessary files.
# * The password can come from the mail message.
# * The info file probably comes from the mail message
# as well.
# 4) Add the appropriate entries to the aliases file.
# 5) Log the activity.
Step 4 ("Add appropriate entries to the aliases file") has always been
the one that's worried me. How to do this is going to vary greatly
from site to site. Some of the issues:
Not everybody keeps their alias file in the same place
(I've seen /etc/aliases, /var/yp/master/aliases,
/usr/lib/aliases, /etc/ypaliases, ...)
Not everybody uses the same mailer (and thus not
necessarily the same format for the aliases file)
You've got to ensure that the "new" aliases don't conflict
with any existing aliases
And so forth
All in all, I've avoided this can of worms to the extent possible.
Coming up with a solution for a particular site is pretty easy. I'm
not sure anyone can come up with a general solution, but if they do,
I'd sure love to hear about it.
-Brent
--
Brent Chapman Great Circle Associates
Brent@GreatCircle.COM 1057 West Dana Street
+1 415 962 0841 Mountain View, CA 94041
|
|
