Hi,
The main thing to consider is that any e-mail that is fed in to your script will be taken as input. So, you'll decide on a format for your input, and write your script to handle that input when it arrives in the expected e-mail. The problem arises when you consider: what will your script do with e-mails it doesn't expect, and interprets them as valid input ?
For example, consider the following. Imagine you have a script whose purpose in life is to receive an e-mail containing a list of files or directories, and which then removes that list. Let's say you decide on a format like this for your input:
LIST
/tmp/file1.txt
/var/tmp/*
END
You write your script to read the input a line at a time, and when it sees a line starting with LIST it knows it's found valid input. It will then do an rm -rf on the contents of each line it reads from the e-mail until it sees a line starting with END , at which point it stops.
All reasonable, you might think. Now consider what would happen if your script's e-mail address were to randomly receive a spam e-mail with some lines that looked like this:
Amazing new deals !
You can trust us, because we've been
LISTED ON EBAY SINCE 2000 !
/* AMAZING BARGAINS \*
/* ASTONISHING PRICES \*
/* THESE DEALS WON'T LAST FOREVER... \*
ENDS TOMORROW !
Your script would dutifully read through the e-mail, see the line starting with LISTED , interpret the LIST as the start of input, and start removing files beginning with the next line....the first part of which is /* . So what will your script then do ? rm -rf /* , that's what. Bye-bye, server.
A very contrived example I'll grant you, but it demonstrates the point. E-mail interfaces are inherently risky because you never can say for sure what might be received in that mailbox, unless you have other ways of restricting that of course.
So you must be sure that your script checks every single bit of its input, and ensures it is absolutely 100% exactly in conformity with what you expect it to handle. If it isn't, it must handle it safely, or refuse to do anything with it.
In summary, the two main things you need to remember when writing scripts triggered by e-mails are:
- Make sure only allowed senders and/or servers can e-mail your server's script address to trigger the script.
- Make sure that the script does full complete sanity checking on the input anyway, just in case.
Hope this helps give you some pointers.