On Fri, 1 May 1998, Philip Guenther wrote:
Actually, I take that back. You should not be using /etc/procmailrc as
the rule file, as that has another purpose in procmail. Use
/etc/procmailrcs/something, or /etc/procmail.mailfilter, or something
else. Just not /etc/procmailrc.
changed...
procmail -Y -m /path/to/procmailrc/from/the/rule envelope(_at_)sender \
recipient(_at_)some(_dot_)where
Thus, in the procmailrc the envelope sender will be the first item in $@
and can be extracted from it via the two assignments from above.
is there any method of checking to see sendmail using procmail.. i.e.
could i somehow "watch" the transaction taking place.. ?
my procmailrc is as follows (the one i used for that ruleset, not
/etc/procmailrc ...)
LOGFILE=/var/adm/procmail.log
LOGABSTRACT=all
VERBOSE=on
MAILDIR=/var/test
LOCKFILE=/var/test/.locktest
SENDER=$1
SHIFT=1
:0
* ^To:.*\<bob(_at_)falcon\(_dot_)org\>
! -f "$SENDER" -- "$@"
/var/mail/falcontest
(note: i cant get that recipe to work.. using a ^FROM.*abeck will let it
catch.. now i get the dreaded mail loop error.)
what im trying to do:
say someone either uses this machine (the procmail + sendmail machine) as a
relay, or has an account on the machine and sends mail out.. i'd like to be
able to "grab" a _copy_ of that email for analisation at a later point,
without the user knowing that I grabbed it. Also, i'd like to be able to
turn on complete blocking of that mail being sent, while still "grabbing" a
copy of the mail.
heres the syslog output:
(note the the $@ keeps getting a .procmail thrown onto it through each
iteration. atleast, i think its the $@)
May 5 11:19:04 dipper sendmail[20896]: LAA20894:
to=bob(_at_)falcon(_dot_)org(_dot_)procmail@dipper.norshore.wednet.edu,
ctladdr=abeck
(766/100), delay=00:00:01, xdelay=00:00:01, mailer=procmail,
relay=/etc/sendmail/system.rc, stat=Sent
are you certain that the rulset was correct? (what im getting at is that
syslog shows the to line as
bob(_at_)falcon(_dot_)org(_dot_)procmail@dipper.norshore.wednet.edu, which is
entirely wrong,
right?)
syslog continues with the same lines, ending on this one:
May 5 11:19:15 dipper sendmail[20990]: LAA20990: SYSERR(abeck): Too many
hops 26 (25 max): from abeck via localhost, to
bob(_at_)falcon(_dot_)org(_dot_)procmail(_dot_)procmail(_dot_)procmail(_dot_)procmail(_dot_)procmail(_dot_)procmail
.procmail.procmail.procmail.procmail.procmail.procmail.procmail.procmail
.procmail.procmail.procmail.procmail.procmail.procmail.procmail@
heres the procmaillogs:
procmail: [20989] Tue May 5 11:19:15 1998
procmail: Assigning "MAILDIR=/var/test"
procmail: Assigning "LOCKFILE=/var/test/.locktest"
procmail: Locking "/var/test/.locktest"
procmail: Assigning "SENDER=abeck"
procmail: Assigning "SHIFT=1"
procmail: Match on "^FROM.*abeck"
procmail: Assigning "LASTFOLDER=/usr/lib/sendmail -oi -f abeck -- "
procmail: Executing
"/usr/lib/sendmail,-oi,-f,abeck,--,bob(_at_)falcon(_dot_)org(_dot_)procmail(_dot_)procmail(_dot_)procmail(_dot_)procmail(_dot_)procmail(_dot_)procmail(_dot_)procmail(_dot_)procmail(_dot_)procmail(_dot_)procmail(_dot_)procmail(_dot_)procmail(_dot_)procmail(_dot_)procmail(_dot_)procmail(_dot_)procmail(_dot_)procmail(_dot_)procmail(_dot_)procmail(_dot_)procmail(_dot_)procmail@"
Folder: /usr/lib/sendmail -oi -f abeck --
7059
procmail: Unlocking "/var/test/.locktest"
oh, and the ruleset:
R$*<@$+>$* $#procmail $@/etc/sendmail/system.rc $:$1(_at_)$2procmail
R$*<@$*.procmail>$* $1@<$2>$3 map back of procmail copy