[Mimedefang] defang script using chown or chgrp

David F. Skoll dfs at roaringpenguin.com
Tue Apr 29 08:38:57 EDT 2008

Jon Rowlan wrote:

> I don't understand. I have around 20 domains. Sendmail filters mails so
> that I only accept mail to these domains therefore there is no ambiguity
> or window of opportunity in $recipient (it actually only holds the
> domain portion of the recipient name by this stage). $MsgID is a unique
> name that is manufactured by sendmail. I am struggling to think of a way
> that this can be abused by a third party. 

OK; I forgot that $MsgID is normally the Sendmail queue-ID.  I thought
for a moment it was the Message-ID header.



