process incoming mail text as a command.

Amedee Van Gasse (ub) amedee-ubuntu at
Fri Feb 12 09:05:17 UTC 2010

On Fri, February 12, 2010 02:59, Tomoki Taniguchi wrote:
> I am hoping someone can help me with this.
> I want a way to send an email to a server and have it process the
> content as a command.
> I think there is a tool out there for this, but can't seem to find the
> right search criteria to find the proper tool.
> to limit exposure,
> 1) I want it to check the email address of the sender (possibly other
> email header criteria for more security)

You DO know that the email address is very easy to fake, as well as every
other email header? Take a look at this example (a SMTP session that you
can type in the terminal).

telnet 25
MAIL FROM: <tomoki.taniguchi at>
RCPT TO: <tomoki.taniguchi at>
Subject: I am spoofing your email address
From: <tomoki.taniguchi at>

rm -rf /


> 2) limit the commands it will process to a predefined list (ie, reboot)

3) run the commands as an unprivileged user!!!

> I would appreciate it if someone can point me in the right direction

Why can't you simply use ssh to log in and execute the commands? I suppose
you must have a good reason, but I really want to help you in keeping your
box secure, it's up to you to accept or decline my help.


More information about the ubuntu-users mailing list