Re: Triggering a script via email...continued

You might want to be careful with this approach; perhaps you could consider validating the emails you received against a list of known "authorized" IP addresses. The danger is that since email is of course sent in plain text, the message could conceivably be sniffed anywhere en route from the sender to the server, including

the sender's network,
the router on the sender's network
the ISP or any machines the message travels through on the public internet
the router on the receiving end
the receiving subnet.

Now I'm probably just being paranoid, but one would think that if soemone with malicious intentions sniffed that particular piece of mail, they might realize what it was, and mount a very effective denial of service attack by mailbombing the address. That is, unless you use some form of IP header validation. Also, make sure you keep the email address private. You wouldn't want a random piece of spam to suddenly trigger something important and/or dangerous. ;-)

If you get this working, post some code. It's a cool idea and one that has occurred to me before (although I haven't yet tried it out.)

Comment on Re: Triggering a script via email...continued

Replies are listed 'Best First'.
Re: Re: Triggering a script via email...continued by rob_au (Abbot) on Apr 20, 2002 at 01:02 UTC
I cannot agree more fully with DragonFly's comments above - While not a complete solution, one of the earlier nodes that I posted on this site implemented IP-restricted mail delivery for just this type of scenario. This node can be found here.	[reply]
Re: Re: Re: Triggering a script via email...continued by jerrygarciuh (Curate) on Apr 20, 2002 at 15:46 UTC
rob_au, Thanks for giving me the link again! I was stumped as to who had showed me that node or what the title had been, so I couldn't relocate. Teach me to bookmark, eh? Thank you, jg _____________________________________________________ Think a race on a horse on a ball with a fish! TG	[reply] [d/l]