The main thing to consider is that any e-mail that is fed in to your script will be taken as input. So, you'll decide on a format for your input, and write your script to handle that input when it arrives in the expected e-mail. The problem arises when you consider: what will your script do with e-mails it doesn't expect, and interprets them as valid input ?
For example, consider the following. Imagine you have a script whose purpose in life is to receive an e-mail containing a list of files or directories, and which then removes that list. Let's say you decide on a format like this for your input:
Code:
LIST
/tmp/file1.txt
/var/tmp/*
END
You write your script to read the input a line at a time, and when it sees a line starting with LIST it knows it's found valid input. It will then do an rm -rf on the contents of each line it reads from the e-mail until it sees a line starting with END, at which point it stops.
All reasonable, you might think. Now consider what would happen if your script's e-mail address were to randomly receive a spam e-mail with some lines that looked like this:
Code:
Amazing new deals !
You can trust us, because we've been
LISTED ON EBAY SINCE 2000 !
/* AMAZING BARGAINS \*
/* ASTONISHING PRICES \*
/* THESE DEALS WON'T LAST FOREVER... \*
ENDS TOMORROW !
Your script would dutifully read through the e-mail, see the line starting with LISTED, interpret the LIST as the start of input, and start removing files beginning with the next line....the first part of which is /*. So what will your script then do ? rm -rf /*, that's what. Bye-bye, server.
A very contrived example I'll grant you, but it demonstrates the point. E-mail interfaces are inherently risky because you never can say for sure what might be received in that mailbox, unless you have other ways of restricting that of course.
So you must be sure that your script checks every single bit of its input, and ensures it is absolutely 100% exactly in conformity with what you expect it to handle. If it isn't, it must handle it safely, or refuse to do anything with it.
In summary, the two main things you need to remember when writing scripts triggered by e-mails are:
Make sure only allowed senders and/or servers can e-mail your server's script address to trigger the script.
Make sure that the script does full complete sanity checking on the input anyway, just in case.
Hope this helps give you some pointers.
You are absolutely right with that example.
I will make sure that the script only works with desired inputs.
As far as security is concerned I will consult my network team...
Do you think IFS (line) would be a good option to input these variables?
this is an example:
Code:
echo -n "What is the firstname":
read FIRST
echo -n "What is the lastname":
read LAST
echo -n "Is this a new user (Y for yes, N for No)":
read NO
if [[ $NO =~ ^(y|Y)$ ]] ; then
file=`cat uid`
x=$file
y=1
userid=$(( x + y ))
#echo -n "What is the uid":
#read userid
echo $userid > uid
echo -n "What is the email":
read EMAIL
#echo -n "What is username":
#read USERNAME
===============================================
I will have my mail body consisting of these variables, and then make the script use it.
Does it sound like a good idea?
Moderator's Comments:
Please do wrap your samples/codes in CODE TAGS as per forum rules.
Last edited by RavinderSingh13; 02-06-2020 at 02:15 PM..
Hi Every One
I have a Compilation Script name scomp which takes the Program name as the command line argument
I have around 10000 Programs to compile while each program takes around 10 mins to compile
i have written a Mass Compile script Scripts which takes the list of programs as input... (15 Replies)
I have a PHP Script that works perfectly on a server that uses Sendmail. However I tried to port it to a new server that has the Postfix to Sendmail compatibility interface, and it doesn't work properly.
The php.ini file has the path for sendmail on both servers set to: /usr/sbin/sendmail -t... (0 Replies)
Hi All,
i dont have any idea about perl scripting...
i need some suggestion so that i can put my effort to find out the solution:D
let me explain....one of my tedious task which will taken care by Unix shell script which i prepared.
its a kind of routine work that i am running the... (4 Replies)
hi all.
Am using smtpd_recipient_restrictions & check_recipient_access in postfix.
The hash file looks like this:
emailaddress1 HOLD
emailaddress2 HOLD
The aim is to place email from these recipients in the hold directory,check them then reinject them back in postfix on some... (0 Replies)
Script_A.sh has
echo "In am in script A"
ksh ## K-shell is invoked.
Script B.sh ## which I am writing...
./script_A.sh
echo "I am in script B"
return 0
When I run:
$> Script_B.sh
$> I am in script A
$>
Basically, on calling Script_A.sh from within Script_B.sh I have the issue of... (2 Replies)
Hi guys
One of our clients have a problem with sending email to a certain domain. No matter what we try, the mails just dont get delivered.
What I did then, is created a new connector on their Exchange server, pointing all mail sent to their client at "domain1" to relay to our Postfix mail... (0 Replies)
I m trying to run a batch script in remote desktop which executes unix commands on the unix server...the problem is i wnt the output in HTML format.so in my batch script i m giving the cmd like
ssh hostname path ksh HC_Report.ksh>out.html
...but it generates the HTML file in
remote desktop .i... (2 Replies)
I have a mailserver with postfix
i want to alias all mail for administrator@domain.fqdn
to root@domain.fqdn
I have the aliases configured,and i did newliases
but doesn't work.
How to did this?Postfix is configured for virtual domain on ad server. (2 Replies)
Hi I am trying to implement one program, where JAVA needs to trigger the backend UNIX script. Tried with options like
String cmdArray = {"/bin/ksh","-c","/SCRIPT_ABSOLUTE_PATH/sampleScript.ksh /FILE_ABSOLUTE_PATH Test_File.dat TEST E SFTP"}
When I trigger the script from front end with... (1 Reply)
04-04-2017
