procmail
[Top] [All Lists]

Re: delivery permissions problem

1997-04-28 08:11:00
Richard Ball <richard_ball(_at_)Merck(_dot_)Com> wrote:
Yesterday the procmail executable somehow ended up being owned by a
regular userid rather than root. Whe I discovered that mail wasn't being
delivered I saw the problem in syslog (procmail[2926]: Insufficient
privileges to deliver to "ball") and I fixed it.

My question is: Is there a way to prevent losing mail should this happen
again? (since I don't know how it happened I can't rule out another
occurrance)

Most probably cause:
- Some cronjob that runs find over all disks and fishes out setuid root
  programs it thinks can be a security risk.

Classical fix (hack):
- Create a cronjob that runs every minute and checks the permissions on
  the procmail binary.  If they turn out to be incorrect, have it correct
  them and then send you a mail (in that order :-).  After some time you
  should be able to deduce what program/intruder is doing this (provided
  that you discover a regularity in the timing).

Procmail is defined as the local mail delivery agent in the sendmail.cf
file. Is there a way to have sendmail know that procmail had a problem and
to put all the mail to another, fallback, delivery program (/bin/mail
maybe or another instance of procmail in a different location)?

You could substitute procmail by a shell script which calls mailers
in succession (careful with the exitcodes and content of the mail though,
there is only one of each, and you'll have to make copies of them to feed
them back and forth between several mailers).
-- 
Sincerely,                                                          
srb(_at_)cuci(_dot_)nl
           Stephen R. van den Berg (AKA BuGless).

WARNING: Do not look into laser with remaining eye

<Prev in Thread] Current Thread [Next in Thread>