On Fri, 7 Mar 1997, Philip Guenther wrote:
Peter Jaeckel <pj(_at_)jet(_dot_)uk> writes:
I am using procmail as it came with Red Hat Linux 4.0, i.e. procmail -v
gives:-
...
Now for the problem. As this pc here is sitting in a site-wide network
where all incoming mail is stored in a central mail server whose
drives can be accessed via nfs and in no other way, I have a symbolic
link to the right point in the mounted file system tree. Everything is
fine as long as incoming mail is actually stored by the central mail
host on the server's file system. However, if I happen to send mail to
another userid on my Linux pc, procmail insists on removing the
symbolic link to something like BOGUS.xxx (as described in the man
pages).
How do I stop procmail doing that (security is not an issue _at_
_all_) ?
The only way to make procmail not care about security is too modify the
source yourself. If you don't know C and UNIX programming well, don't
even bother trying -- procmail is pretty hairy.
The Correct way to fix this is to stop trying to deliver local mail
anywhere but at the hub. You'll need to change your sendmail.cf to do
this, of course. I recommend using the m4 config file generators
(documention of which should be found in /usr/doc/sendmail* on RedHat
systems) and enable either the "nullclient" FEATURE or the MAIL_HUB
define depending on how non-local mail should be handled
[...]
Yes, that would be ideal. However, as it happens, I then run into
other problems. Userids local on this pc may not be the same as site
wide. Thus, I would have to specify for each user for whom this is the
case, where it has to go. Alternatively, the user uses .forward
entries. Bu then there are special local users such as root, news,
etc. Emails to them must not possibly leave this pc. There are other
complications. Also, I don't see why I should not attach something to
a mail folder on an NFS-mounted volume where the symlinks in
/var/spool/mail in my case are directed. The nfs daemon on that server
takes care of locking. Of course I realise that problems can be caused
by local symlinks, and I take responsibility to make sure there are no
such symlinks in /var/spool/mail.
It doesn't matter, how you present this problem, there will always be
someone from whose point of view the problem is most easily solved by
stopping procmail doing the system mailbox screening.
For those who don't mind a simple botch that works provided that none
of the system mailboxes in /var/spool/mail are disfunctional, I attach
below the eight lines of code I had to change/add in the source tree
of procmail-3.11pre4 in order to add a -n option to procmail which
disables the screening of system mailboxes. The patch can be
incorporated from the directory above procmail-3.11pre4 by piping it
into patch -p0.
Using this patch, the only thing remaining to be done was to change
the procmail invocation in sendmail.cf from
Mlocal, P=/usr/bin/procmail, F=lsDFMAw5:/|@qSPfhn9, S=10/30, R=20/40,
T=DNS/RFC822/X-Unix,
A=procmail -Y -a $h -d $u
to
Mlocal, P=/usr/bin/procmail, F=lsDFMAw5:/|@qSPfhn9, S=10/30, R=20/40,
T=DNS/RFC822/X-Unix,
A=procmail -n -Y -a $h -d $u
Regards,
Peter Jaeckel
----------------------------------snip----------------------------
diff -ruN procmail-3.11pre4-orig/config.h procmail-3.11pre4/config.h
--- procmail-3.11pre4-orig/config.h Mon Oct 30 02:09:07 1995
+++ procmail-3.11pre4/config.h Mon Mar 10 11:22:28 1997
@@ -174,6 +174,7 @@
#define PRESERVOPT 'p' /* preserve environment */
#define TEMPFAILOPT 't' /* return EX_TEMPFAIL on error */
#define MAILFILTOPT 'm' /* act as a general purpose mail filter */
+#define DONTSCREENMAILBOXOPT 'n' /* don't screen system mailbox */
#define FROMWHOPT 'f' /* set name on From_ line */
#define REFRESH_TIME '-' /* when given as argument to -f */
#define ALTFROMWHOPT 'r' /* alternate and obsolete form of -f */
@@ -197,7 +198,8 @@
\n\t-Y\t\tBerkeley format mailbox, disregard Content-Length:\
\n\t-a argument\twill set $1\
\n\t-d recipient\texplicit delivery mode\
-\n\t-m\t\tact as a general purpose mail filter\n"
+\n\t-m\t\tact as a general purpose mail filter\
+\n\t-n\t\tdon't screen system mailbox\n"
#define PM_QREFERENCE \
"Recipe flag quick reference:\
\n\tH egrep header (default)\tB egrep body\
diff -ruN procmail-3.11pre4-orig/src/procmail.c procmail-3.11pre4/src/procmail.c
--- procmail-3.11pre4-orig/src/procmail.c Mon Oct 30 02:09:25 1995
+++ procmail-3.11pre4/src/procmail.c Mon Mar 10 11:22:51 1997
@@ -70,14 +70,14 @@
#endif
main(argc,argv)const char*const argv[];
-{ register char*chp,*chp2;register int i;int suppmunreadable,mailfilter;
+{ register char*chp,*chp2;register int i;int
suppmunreadable,mailfilter,dontscreenmailbox;
#if 0 /* enable this if you want to trace procmail */
kill(getpid(),SIGSTOP);/*raise(SIGSTOP);*/
#endif
newid();
;{ int presenviron,Deliverymode,override;char*fromwhom=0;
const char*idhint=0;gid_t egid=getegid();
- Deliverymode=mailfilter=override=0;
+ Deliverymode=mailfilter=dontscreenmailbox=override=0;
Openlog(procmailn,LOG_PID,LOG_MAIL); /* for the syslogd */
if(argc) /* sanity check, any argument at all? */
{ Deliverymode=strncmp(lastdirsep(argv0=argv[0]),procmailn,
@@ -107,6 +107,8 @@
continue;
case MAILFILTOPT:mailfilter=1;
continue;
+ case DONTSCREENMAILBOXOPT:dontscreenmailbox=1;
+ continue;
case OVERRIDEOPT:override=1;
continue;
case BERKELEYOPT:case ALTBERKELEYOPT:berkeley=1;
@@ -461,7 +463,7 @@
sgetcp=fdefault;readparse(buf,sgetc,2);fdefault=tstrdup(buf);
strcpy(chp2=strchr(strcpy(buf,chp=(char*)getenv(orgmail)),'\0'),lockext);
defdeflock=tstrdup(buf);sgid=egid;accspooldir=3; /* presumed innocent */
- if(mailfilter||!screenmailbox(chp,chp2,egid,Deliverymode))
+ if(mailfilter||( (!dontscreenmailbox) &&
(!screenmailbox(chp,chp2,egid,Deliverymode)) ))
{ rcst_nosgid();sputenv(orgmail); /* nix delivering to system
mailbox */
if(!strcmp(chp,fdefault)) /* DEFAULT the same? */
free((char*)fdefault),fdefault=""; /* so panic */