procmail
[Top] [All Lists]

Re: procmail/sendmail general filter question

1998-05-05 12:10:25
On Fri, 1 May 1998, Philip Guenther wrote:

Actually, I take that back.  You should not be using /etc/procmailrc as
the rule file, as that has another purpose in procmail.  Use
/etc/procmailrcs/something, or /etc/procmail.mailfilter, or something
else.  Just not /etc/procmailrc.


changed...


    procmail -Y -m /path/to/procmailrc/from/the/rule envelope(_at_)sender \
          recipient(_at_)some(_dot_)where

Thus, in the procmailrc the envelope sender will be the first item in $@
and can be extracted from it via the two assignments from above.

is there any method of checking to see sendmail using procmail.. i.e.
could i somehow "watch" the transaction taking place.. ?

my procmailrc is as follows (the one i used for that ruleset, not
/etc/procmailrc ...)

LOGFILE=/var/adm/procmail.log
LOGABSTRACT=all
VERBOSE=on
MAILDIR=/var/test
LOCKFILE=/var/test/.locktest
 
SENDER=$1
SHIFT=1
 
:0 
* ^To:.*\<bob(_at_)falcon\(_dot_)org\>
! -f "$SENDER" -- "$@"
/var/mail/falcontest

(note: i cant get that recipe to work.. using a ^FROM.*abeck will let it
catch.. now i get the dreaded mail loop error.)

what im trying to do:

say someone either uses this machine (the procmail + sendmail machine) as a
relay, or has an account on the machine and sends mail out.. i'd like to be
able to "grab" a _copy_ of that email for analisation at a later point,
without the user knowing that I grabbed it.  Also, i'd like to be able to
turn on complete blocking of that mail being sent, while still "grabbing" a
copy of the mail.  


heres the syslog output:

(note the the $@ keeps getting a .procmail thrown onto it through each
iteration.  atleast, i think its the $@)

May  5 11:19:04 dipper sendmail[20896]: LAA20894:
to=bob(_at_)falcon(_dot_)org(_dot_)procmail@dipper.norshore.wednet.edu, 
ctladdr=abeck
(766/100), delay=00:00:01, xdelay=00:00:01, mailer=procmail,
relay=/etc/sendmail/system.rc, stat=Sent

are you certain that the rulset was correct? (what im getting at is that
syslog shows the to line as
bob(_at_)falcon(_dot_)org(_dot_)procmail@dipper.norshore.wednet.edu, which is 
entirely wrong,
right?)

syslog continues with the same lines, ending on this one:
May  5 11:19:15 dipper sendmail[20990]: LAA20990: SYSERR(abeck): Too many
hops 26 (25 max): from abeck via localhost, to
bob(_at_)falcon(_dot_)org(_dot_)procmail(_dot_)procmail(_dot_)procmail(_dot_)procmail(_dot_)procmail(_dot_)procmail
.procmail.procmail.procmail.procmail.procmail.procmail.procmail.procmail
.procmail.procmail.procmail.procmail.procmail.procmail.procmail@

heres the procmaillogs:
procmail: [20989] Tue May  5 11:19:15 1998
procmail: Assigning "MAILDIR=/var/test"
procmail: Assigning "LOCKFILE=/var/test/.locktest"
procmail: Locking "/var/test/.locktest"
procmail: Assigning "SENDER=abeck"
procmail: Assigning "SHIFT=1"
procmail: Match on "^FROM.*abeck"
procmail: Assigning "LASTFOLDER=/usr/lib/sendmail -oi -f abeck -- "
procmail: Executing
"/usr/lib/sendmail,-oi,-f,abeck,--,bob(_at_)falcon(_dot_)org(_dot_)procmail(_dot_)procmail(_dot_)procmail(_dot_)procmail(_dot_)procmail(_dot_)procmail(_dot_)procmail(_dot_)procmail(_dot_)procmail(_dot_)procmail(_dot_)procmail(_dot_)procmail(_dot_)procmail(_dot_)procmail(_dot_)procmail(_dot_)procmail(_dot_)procmail(_dot_)procmail(_dot_)procmail(_dot_)procmail(_dot_)procmail@"
  Folder: /usr/lib/sendmail -oi -f abeck --
7059
procmail: Unlocking "/var/test/.locktest"


oh, and the ruleset:
R$*<@$+>$*      $#procmail $@/etc/sendmail/system.rc $:$1(_at_)$2procmail 
R$*<@$*.procmail>$*     $1@<$2>$3       map back of procmail copy