Looking for feedback on usefulness of the project

Written for msmtp-scripts by Daniel D. on 2019-11-11

Sorry for the long silence. Life's been busy.

If anyone is following this project, I'd appreciate feedback on the following:

I am concerned about the security issues implicit in using raw command lines which may be partially supplied by the user (e.g. via parameters to the sendmail command). In fact I would rather make it harder to pass unverified command lines rather than easier (in particular I'm finding it difficult to figure out how allow valid email addresses but only valid (syntax-wise) email addresses where an email address is allowed).

In fact given the low usage rate of the project and my concerns about the overall security of the approach I'm still debating whether to keep this project alive or not.

The other big issue is with the fact that non-root daemons can issues with sending mail, particularly when using SELinux or similar mechanisms to restrict the daemon or cronjob that calls sendmail.

I think these issues are best resolved by doing something like the old 'nullmailer' approach that used to exist, but I'm not sure of whether it's really worth the effort of building that.