My Own Personal WTF



  • So it goes like this:

     We have an email server. It's a very nice email server running an odd varient of qmail named dqd - it gives total control of accounts via the shell. There are no web-based admin tools for it that I know of, and I'm not too concerned, as so far every single client we have had always called us about every minor thing concerning email. Even to check quotas. It's just the nature of our buisness to gradually take over just about anything computer related for most our clients.

     Until, that is, we get the client.

     They want to access aliases, temporarily redirect mail, check quotas, and what have from the web. They want it NOW. They are also complaining about spam. Yes, of course, who doesn't, except they are also complaining specifically about getting too much spam in the spam folder. I'm not talking about false positives either... but that's another story.

     First thing is first: I had a small reporting shell script, which was promptly modified well beyond it's original tasks into a full administration script with a very odd output syntax. Then I got started on writing a bunch of PHP code.

     By now you should guess what's going on. But it gets worse. First off, I will not put a web server and PHP on this email box. It's got enough to do already, and we already have several working web servers (that's our core buisness.) Webmail access? Sure, we have that, it's a stock PHP email client running over IMAP to the real email server.

     End result: web browser -> PHP -> ssh -> shell script -> dqd control files. Seeing as shell script does the real work and PHP just displays stuff, I'd say the MVC guys would be proud.
     

     I'm going to go take a  VERY long shower now.



  • That's really not too bad. If your mail server admin tool is an established command-line utility, then it's OK to wrap it in PHP. I'd say the only WTF is the SSH step and the reluctance to run a simple web server on the email box. It's not going to stress the server whatsoever when the occasional user logs in and administers their account.

    The most important thing, though, is going to be security. Like, I hope you aren't passing user data straight to shell scripts (that is DEADLY insecure!)



  • If your mail server admin tool is an established command-line utility,
    then it's OK to wrap it in PHP. I'd say the only WTF is the SSH step
    and the reluctance to run a simple web server on the email box. It's
    not going to stress the server whatsoever when the occasional user logs
    in and administers their account.

    Perhaps. The SSH is currently temporary; I have plans to use something else over an SSH tunnel. Probly another shell script to make the SSH session 'persistant'..

    The most important thing, though, is going to be security. Like, I hope
    you aren't passing user data straight to shell scripts (that is DEADLY
    insecure!)

    I know, I've got a function that simplifies calling the script. It calls escapeshellarg() on anything not hardcoded.

    And, there was a place in the admin script where I could have used eval() and taken out quite a bit of code, but, no :)



  • they are also complaining specifically about getting too much spam in the spam folder

    shake head



  • [quote user="merreborn"]

    they are also complaining specifically about getting too much spam in the spam folder

    shake head

    [/quote]

     Solution: redirect spam to Inbox.
     



  •  

     Solution: redirect spam to Inbox.

    I ALMOST raised the SpamAssassin threshold from 5 to 15 when I got that complaint :)



  • [quote user="sparked"]

     End result: web browser -> PHP -> ssh -> shell script -> dqd control files. Seeing as shell script does the real work and PHP just displays stuff, I'd say the MVC guys would be proud.

    [/quote]

    Not just the MVC guys. This is clearly the logical extension of the *nix way of doing things.


Log in to reply
 

Looks like your connection to What the Daily WTF? was lost, please wait while we try to reconnect.