TIP: Click on subject to list as thread! ANSI
echo: rberrypi
to: ELI THE BEARDED
from: MARTIN GREGORIE
date: 2020-03-20 01:07:00
subject: Re: Regexes and C
On Thu, 19 Mar 2020 21:26:22 +0000, Eli the Bearded wrote:

> You are best off if you can avoid ever letting email addresses be
> interpreted by the shell. Stick them in "files" (stream for pipes count
> as files) and have mail programs parse them out of the stream.
>
Quite, but for a long time now I've been using getmail to retrieve mail
from my ISP. It pops it into a pipeline, defined within a bash shell,
which runs mail through SpamAssassin before passing it to a C program I
wrote that quarantines any mail that got marked as spam before passing
the rest to Postfix sendmail, which hands it to my Postfix server for
delivery to local mailboxes.

I do it this way because it means that I have no open ports on my
firewall.

Meanwhile, I've needed to change the getmail configuration, which
involved talking to its author to clarify some points and during this I
got told I was a very bad boy for daring to to do something so dangerous
as feeding a bash-defined pipeline from getmail: the only thing that gets
passed as a parameter is the From: address, so I thought I should at
least make an attempt to make sure nothing bad can subvert this single
parameter being passed. The pipeline has been running for years with no
problems.

The only thing that's changed is that a new system I want to run will
require getmail to be run with a higher privilege level than at present
so it can deliver mail directly to the new system via a revised
Destination configuration.

The old pipeline will remain unchanged apart from (maybe) adding some rat
traps to passing the from address into it

So, given that I now have two versions of the address filter running (one
using a version of my original regex and the other doing an inverted
match to reject and addresses with unwanted character values, do I really
need to use either of them?


> It's probably mentioned else-thread, and I haven't seen it yet, but
> RFC821 (or is it 822?) comments in header lines are basically
> regexp-proof. The simple cases can be handled, but not the full
> complexity. The full complexity is basically only used by people being
> deliberately difficult, so you don't run into it often. The part you
> can't handle with regexp, at least in a single pass: the balanced
> parenthesis for nested comments rule.
>
Thanks: I'll look at those tomorrow.


--
Martin    | martin at
Gregorie  | gregorie dot org

--- SoupGate-Win32 v1.05
* Origin: Agency HUB, Dunedin - New Zealand | FidoUsenet Gateway (3:770/3)
SOURCE: echomail via QWK@docsplace.org

Email questions or comments to sysop@ipingthereforeiam.com
All parts of this website painstakingly hand-crafted in the U.S.A.!
IPTIA BBS/MUD/Terminal/Game Server List, © 2025 IPTIA Consulting™.