msmtp-scripts

Feedback on usefulness / viability of project

Asked by Daniel D.

If anyone is following this project, I'd appreciate feedback on the following:

I am concerned about the security issues implicit in using raw command lines which may be partially supplied by the user (e.g. via parameters to the sendmail command). In fact I would rather make it harder to pass unverified command lines rather than easier (in particular I'm finding it difficult to figure out how allow valid email addresses but only valid (syntax-wise) email addresses where an email address is allowed).

In fact given the low usage rate of the project and my concerns about the overall security of the approach I'm still debating whether to keep this project alive or not.

The other big issue is with the fact that non-root daemons can issues with sending mail, particularly when using SELinux or similar mechanisms to restrict the daemon or cronjob that calls sendmail.

I think these issues are best resolved by doing something like the old 'nullmailer' approach that used to exist, but I'm not sure of whether it's really worth the effort of building that.

Question information

Language:
English Edit question
Status:
Expired
For:
msmtp-scripts Edit question
Assignee:
No assignee Edit question
Last query:
Last reply:
Revision history for this message
Launchpad Janitor (janitor) said : 		#1

This question was expired because it remained in the 'Open' state without activity for the last 15 days.