How can I configure procmail to pass an email to a script if (and only if) it's from a whitelisted sender?

Question

I want to pass emails from specific senders to a shell script via procmail.

Here's my original starter script:

LOGFILE=/home/foouser/procmail-log
VERBOSE=yes
MAILDIR=/var/spool/mail/foouser
DEFAULT=/var/spool/mail/foouser
SHELL=/bin/sh

:0
! `/home/foouser/fooscript.sh`

This works fine but it applies to all messages going to foouser. I'd like to set a condition so it only sends the message to the script if the email is from specific people on a whitelist. Is this possible?

Incidentally, are you sure the delivery syntax is what you intend? This will try to forward the message to the address which is the output of the script `/home/foouser/fooscript.sh`. The script does receive the message as its standard input, but if your intent is to just pass the message to the script, the regular syntax for that is to drop the backticks and use a pipe character instead of an exclamation mark; i.e. `| /home/foouser/fooscript.sh` — tripleee, Aug 15 '12 at 11:14
@tripleee Interesting. Yes, that's exactly what I'm trying to do. I grabbed the syntax from somewhere else online. Is there any other major difference/vulnerability to using the backticks? I'm wondering if there would be an issue if the email had potentially dangerous content in it (e.g. `rm -fr /`). I've already hardened the script to protect against this but what about procmail? — Mike B, Aug 15 '12 at 15:02
If you don't intend to forward the message, definitely don't use the forwarding syntax. As far as security considerations are involved, nothing you have shown us indicates that the contents of the email are going to be evaluated as code; but if `fooscript.sh` does something like that internally, that's a genuine and serious concern, and you should definitely have an expert audit it. — tripleee, Aug 15 '12 at 17:56

score 3 · Accepted Answer · edited Aug 15 '12 at 11:35

3

Sure, the point of procmail is to filter messages ;-)

:0
* ^From:(.*\<)?(alice@example\.org|bob@example\.com)\>
! `/home/foouser/fooscript.sh`

Edit: Fix the missing asterisk on the condition line, and reinstate the (admittedly weird) action line.

edited Aug 15 '12 at 11:35

tripleee

1,324
3
14
24

answered Aug 14 '12 at 06:43

mgorven

30,036
7
76
121

How can I configure procmail to pass an email to a script if (and only if) it's from a whitelisted sender?

1 Answers1