Hi Eric, all,
I recently got a few junkmail messages, they looked like classic junk but
somehow made it directly into my inbox; this was not right.
I was fetching the email with fetchmail and the mda option:
mda "procmail -f %F Email/procmail_all"
$ fetchmail -V
This is fetchmail release 5.3.3+NTLM+SDPS+NLS
Linux mayday 2.4.18-k6 #1 Sun Apr 14 12:43:22 EST 2002 i586 unknown
The message (header attached below) has this nasty line in it:
From: "DVDzones"<>
This makes the %F into a null string; which then made the argument of
the '-f' the config file and so the mail goes into the default box.
I've put single quotes around the %F and that solves the immediate
problem, HOWEVER, I haven't tested but I suspect you could do some
serious damage using something like this:
From: "|rm -rf /;: "@nowhere.com.
Am I wrong ?
--
Rob. (Robert de Bath <robert$ @ debath.co.uk>)
<http://www.cix.co.uk/~mayday>
Google Homepage: http://www.google.com/search?btnI&q=Robert+de+Bath
begin 600 msg.gz.uue
M'XL(`)2/BCX``ZV386_:,!"&/]>_XL8GT&;C)`2(2U%+(_at_)8UUF:J6=96F"9G$
M--Y"G-E.:?9W]D=G2B7:59M4:9*ELZ7WWGO./E^(1,A;D3)8:;6&-9<Y2>0=
M212IOJ.#90VY2GB>*6-A(VT&L_CD')HK89-L*\8A"4C00@<KI4&KI=#V>)_1
M-+*XR05.M2I;A_!9I&^`^G!2:O`I#8#V6$"9%\)KZE$*S='EO(4NGB+YGD^"
MD/A^2+Q.!,TOOA>1J$-Z'>)[X=?6/:2I\C*K]!X=FGWB>21HG\ZNV[MM:]?`
M93P_!YE"%OC=L]L-#7O=:(<_T*GG]<+@>,WKE-=[L^$#^E-RG[*P_X0\%L;P
M&X%GCGVPE=$.]6G7I^1QL>-GL$,T=9TR:(ROQC]5(4QC,$1SQ>!O0.CRT^C]
MY'3.P&7`1[$QN;!6:,`PJFH(X:VPCA:F6(_at_)AX!;_Z)(I(_at_)V^*$)]DV!XVY%>SY
M(_at_)W@=Y@>,1H#[C*)X%D_PE=!&JH*!1RBZQN=:*BUMS2!`IZJPHK!X7I?.;%WE
M5I9<VS;/'4O!K7O%0UBJJDBYKH\:B\5BRHV-W=@(O3C9BQ9>U.TLN%EF)OV6
MW>2;L]AI&Z[:I+(_at_)5N2H%_N=M((Q?Z/T'NA5WMEWF7!:'D&1<&V&/&M(HW.^'
M$?8:>[GFA5D)[<`2E;KA9O"C4E:DN-2RL'R9"X3FF33(_at_)%H=W\_C#_9_Z/X29
M7>>/`"N#N4FD?"'>8&LS=$'PU(7V+J+!4J7U$`$\3#%LSZZ8*DN1(_at_)OMC%^,1
7<?*=;-#>N;R\,8P10K\!GE]U;'<$````
`
end