Hello,
i use sieve extension sieve_extprograms to send incoming mail to some
script.
For security reasons it is needed that script-paths etc. are registered
in dovecot.conf
This is my current dovecot.conf
plugin {
sieve = ~/.dovecot.sieve
sieve_plugins = sieve_extprograms
sieve_extensions = +vnd.dovecot.pipe +vnd.dovecot.filter
+vnd.dovecot.execute
sieve_pipe_bin_dir = /usr/local/bin/
sieve_filter_bin_dir = /usr/local/bin/
}
.dovecot.sieve example:
if address "to" "test at example.com"
{
filter "myfilter";
}
This is all working without problems.
Is there a possibility to allow users the execution of individual
scripts in own homepath? Some people need to pipe mails to scripts for
immediately processing (some ticketsystems need this).
Is there a way to make this possible with sieve?
Thanks,
Hajo
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 21-09-15 14:34, Hajo Locke wrote:> Hello, > > i use sieve extension sieve_extprograms to send incoming mail to > some script. For security reasons it is needed that script-paths > etc. are registered in dovecot.conf This is my current > dovecot.conf > > plugin { sieve = ~/.dovecot.sieve sieve_plugins > sieve_extprograms sieve_extensions = +vnd.dovecot.pipe > +vnd.dovecot.filter +vnd.dovecot.execute sieve_pipe_bin_dir > /usr/local/bin/ sieve_filter_bin_dir = /usr/local/bin/ } > > .dovecot.sieve example: > > if address "to" "test at example.com" { filter "myfilter"; } > > This is all working without problems. > > Is there a possibility to allow users the execution of individual > scripts in own homepath? Some people need to pipe mails to scripts > for immediately processing (some ticketsystems need this). Is there > a way to make this possible with sieve?I'd hope that for a ticketing system setup that needs this, the mail admin is asked to help setup a proper solution. The very design where the mail admin decides which programs are (safe to) run is based on security. If you really want your users to define their own programs to run, you could create a simple shell script and setup it up as an extprogram, which delivers their mail to procmail. But it's surely the ugliest workaround I made up this year... ;P Tom -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCAAGBQJWADcuAAoJEJPfMZ19VO/110oP/R9EztNAlI/QsfBPAVqRYI5k PGPAeCwb952BUKQNbx8koVChsL4nMnX8QqcUDyg0NUN1H4ImZhAGbdNBISGmpVmI 3wb1EjGkadoSC+t6NXqAP+fIljNZe9gA2T54J+w8iDl3Qv6zNCq6eIWAS8xYPLOG /0l1uJ+eVs2UvPpHMGXT+XI649nyIzsB2ac0TP6EffcxX9tY7O3LhEMvgZWBSm72 POAa+TYApb4jsZFcffgZAbFFoyDgujL3sxK8yBHNu3q8xYDJ2dLJxEVQwneKsc/1 6N18c4TWrl3TnhCEWbzq5pjSsqaEAW6wyQXFxw1j7k41cplWgZB2wuCLyMo448E6 P820HA4T4Vd19Lk0VsIaCj4CTVCE4BQ+mhRi/rDFOqa32iObtp8e9sAcz8bzsjof Si7Z2jtv6S8B8Jw8pX5e0zNeTtcguYLVwOJEFadjmmOXK0qWvkA+Cstx+2Yhcal9 1p6CaNzPSXjKV1d1RWjYtGfK8FjkWYKcpO/csfjswQjucAEUGv2+W3NLd39p/Esg /7KLlE9d4Ar86SK0GX72oDg7L2zOxSXd1rpC2DUae+WLIzzX+bY+mNxMjeabcSQl 2/baD0jiTT2g2vb+QtBUlZmB8hdqnfALC6lL47yoojBjwX1cjjZzXsiqt0O+zKb9 pZPm6gzKVTnNpdGN+LX5 =h/hT -----END PGP SIGNATURE-----
Am 21.09.2015 um 14:34 schrieb Hajo Locke:> Hello, > > i use sieve extension sieve_extprograms to send incoming mail to some > script. > For security reasons it is needed that script-paths etc. are registered > in dovecot.conf > This is my current dovecot.conf > > plugin { > sieve = ~/.dovecot.sieve > sieve_plugins = sieve_extprograms > sieve_extensions = +vnd.dovecot.pipe +vnd.dovecot.filter > +vnd.dovecot.execute > sieve_pipe_bin_dir = /usr/local/bin/ > sieve_filter_bin_dir = /usr/local/bin/ > } > > .dovecot.sieve example: > > if address "to" "test at example.com" > { > filter "myfilter"; > } > > This is all working without problems. > > Is there a possibility to allow users the execution of individual > scripts in own homepath? Some people need to pipe mails to scripts for > immediately processing (some ticketsystems need this). > Is there a way to make this possible with sieve? > > Thanks, > Hajoperhaps includes help http://tools.ietf.org/html/rfc6609 Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstra?e 15, 81669 M?nchen Sitz der Gesellschaft: M?nchen, Amtsgericht M?nchen: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein
Op 9/21/2015 om 2:34 PM schreef Hajo Locke:> Hello, > > i use sieve extension sieve_extprograms to send incoming mail to some > script. > For security reasons it is needed that script-paths etc. are > registered in dovecot.conf > This is my current dovecot.conf > > plugin { > sieve = ~/.dovecot.sieve > sieve_plugins = sieve_extprograms > sieve_extensions = +vnd.dovecot.pipe +vnd.dovecot.filter > +vnd.dovecot.execute > sieve_pipe_bin_dir = /usr/local/bin/ > sieve_filter_bin_dir = /usr/local/bin/ > } > > .dovecot.sieve example: > > if address "to" "test at example.com" > { > filter "myfilter"; > }Uhh.. you're pointing extprograms to a directory where many programs can be installed by default. That is unwise to put it mildly. Do not allow Sieve to execute random programs like this. Typical use is to point it to a directory of scripts that check their arguments vigorously for malicious use, not common system tools.> This is all working without problems.> Is there a possibility to allow users the execution of individual > scripts in own homepath? Some people need to pipe mails to scripts for > immediately processing (some ticketsystems need this). > Is there a way to make this possible with sieve?It is generally not a good idea to let any user just execute any program they like from Sieve. The LMTP seteuid root privileges are dropped before executing the program, but still... About your question: the extprograms plugin currently supports only one directory for programs. You could use those scripts to execute/include a script in the user's directory, e.g. based on script parameters. You can also set sieve_*_bin_dir from userdb, to make these user-specific. Regards, Stephan.
Hello, Am 22.09.2015 um 00:37 schrieb Stephan Bosch:> Op 9/21/2015 om 2:34 PM schreef Hajo Locke: >> Hello, >> >> i use sieve extension sieve_extprograms to send incoming mail to some >> script. >> For security reasons it is needed that script-paths etc. are >> registered in dovecot.conf >> This is my current dovecot.conf >> >> plugin { >> sieve = ~/.dovecot.sieve >> sieve_plugins = sieve_extprograms >> sieve_extensions = +vnd.dovecot.pipe +vnd.dovecot.filter >> +vnd.dovecot.execute >> sieve_pipe_bin_dir = /usr/local/bin/ >> sieve_filter_bin_dir = /usr/local/bin/ >> } >> >> .dovecot.sieve example: >> >> if address "to" "test at example.com" >> { >> filter "myfilter"; >> } > Uhh.. you're pointing extprograms to a directory where many programs can > be installed by default. That is unwise to put it mildly. Do not allow > Sieve to execute random programs like this. Typical use is to point it > to a directory of scripts that check their arguments vigorously for > malicious use, not common system tools.We use some global scripts for mail-processing which are located in /usr/local/bin/ Just a bunch of scripts is available, others are blocked by chmod+apparmor. Users cant upload own scripts to /usr/local/bin> >> This is all working without problems. > >> Is there a possibility to allow users the execution of individual >> scripts in own homepath? Some people need to pipe mails to scripts for >> immediately processing (some ticketsystems need this). >> Is there a way to make this possible with sieve? > It is generally not a good idea to let any user just execute any program > they like from Sieve. The LMTP seteuid root privileges are dropped > before executing the program, but still...I dont see the big problem here. we migrating from mbox to mdbox and by the way we have to switch from procmail to sieve. procmail is a dinosaur but reliable. starting scripts etc. all is possible. procmail/sieve are running with userprivileges. Our users cant reach other mailboxes/useraccounts, additional we use apparmor to prevent curious OS-access. may be 0.5 or 1% of users want to use individual scripts but in a hosting company it is not easy to tell that long time used technics get abolished. Complete disabling to run individual scripts may be good for standard-users, but admins should not be restricted without chance of change.> > About your question: the extprograms plugin currently supports only one > directory for programs. You could use those scripts to execute/include a > script in the user's directory, e.g. based on script parameters. You can > also set sieve_*_bin_dir from userdb, to make these user-specific.We already use plenty userdb settings. i will try to add sieve_*bin_dir, but it seems of cost of our global-scripts in /usr/local/bin/ .> > Regards, > > Stephan. >Thanks, Hajo