On Wed, 31 Mar 1999 11:45:10 +0200, Rejo
<rejo(_at_)sisterray(_dot_)xs4all(_dot_)nl>
wrote:
++ 29.03.1999, 18:29:16 (-0800) = Jerry Preeper:
I was wondering if someone could help me figure out what I'm missing in
this recipe. Basically, I'm just trying to send any email with the Melissa
filer. I have adapted the example that was posted here some time ago. Is
this a thing that would work? (I have had one test message, but that one
wasn't sent from Outlook, so maybe that's where it goes wrong). Any
other suggestions?
There are a few syntax errors, and a thing or two other than that to
take heed of.
:0 H
* ^Subject:.*important Message From
{
The H is redundant. And given the descriptions of the virus I have
seen (but I only have one sample to test on, which might not be
representative, and I found it in Deja News so it's kind of mangled)
you could make the check case sensitive (add a D flag) and use the
exact phrase ^Subject: Important Message From
:0 Bc
* Here is that document you asked for
* don't show anyone else
* ^Content-.*: .*\.do[ct]
{
LOG='REJECT Possible "Melissa" Microsoft Word macro worm:
'
For what it's worth, the sample I had would not match this because the
Content-Type and Content-Disposition headers, which both contained the
file name of the attachment, were wrapped to several lines. This is
not normally a problem because Procmail internally wraps headers back
to a single logical line, but this doesn't happen with stuff in the
body. Ergo, try something like
* ^Content-(Type|Disposition):((.*)($[ ]))*\.do[ct]\>
This is untested, and should possibly be optimized a little bit. Any
volunteers? :-) (In particular, the double wildcard looks a bit
dangerous. It's too late in the evening here for me to try to think it
through, I'm afraid.)
:0cf
* ! ^X-Loop: auto-reply(_at_)sisterray(_dot_)xs4all(_dot_)nl
^ ^
| formail: -rtb -I"From:
<auto-reply(_at_)sisterray(_dot_)xs4all(_dot_)nl>" \
^
-A "X-Loop:
<auto-reply(_at_)sisterray(_dot_)xs4all(_dot_)nl>" \
^ ^ ^
cat $HOME/mail/send/melissa.txt \ | $SENDMAIL -oi -t
^
Ouch. If you want f, you don't want c, and vice versa. In this case, I
would imagine you really mean c. Also take out the backslash on the
last line, and ... um, just replace it with this:
:0c
* ! ^X-Loop: auto-reply(_at_)sisterray\(_dot_)xs4all\(_dot_)nl
{
:0fhw
| formail -rt -I "From:
<auto-reply(_at_)sisterray(_dot_)xs4all(_dot_)nl>" \
-I "X-Loop: auto-reply(_at_)sisterray(_dot_)xs4all(_dot_)nl" ; \
cat $HOME/mail/send/melissa.txt
:0
! -t
}
This will prepend the contents of melissa.txt after the headers (but
before the body; I imagine this is what you want) and then forward the
whole thingamajig to where formail -rt thinks it should go.
The contents of X-Loop are of secondary importance, but X-Loop
checking is only meaningful if the X-Loop you put in is identical to
the one you check against in the conditions (or if at least it's
matched by the regex you use in the condition).
Do note that formail doesn't know how to preserve the integrity of any
MIME attachments, but in this case, maybe that's a feature and not a
bug.
(To nominally keep the thing sane from a MIME perspective, try
extracting the Content-* and Mime-Version headers. This is not easy to
do at the same time as you generate a reply with -r, though. Possibly
a solution would be to grab the results of formail -rt into a variable
and then echo that back into the message stream together with a
formail -X of the MIME fields you want to keep:
:0
REPLYHEADERS=| formail -rt -A "X-Loop: whatever"
:0fhw
| ( echo "$REPLYHEADERS"; formail -XContent- -XMime-Version: ; \
echo; cat $HOME/mail/send/melissa.txt )
# ^ The empty echo here is to restore the neck after
# formail -X but you could start melissa.txt with an
# empty line instead and save one valuable process ...
# How valuable depends on how often you expect this to execute
:0
! -t
Don't worry about this if this is not something you want to worry
about :-)
:0:
special-attn
}
}
Nothing here, unless you possibly want to restructure the whole
recipe. In other words, if you want to take out or move one of the c
flags above, there might also be a need to fix things down here.
Here's what you seem to have now:
:0
* if match on headers
{
:0c
* and on body
{
then reformat and send a reply
}
# c clone's sibling falls through to here
:0:
save in special-attn regardless of body match
}
Possibly you want something like this instead:
:0
* if match on headers
{
:0
* and on body
{
:0c:
then save to special-attn
# c clone's sibling falls trough to here
reformat and send a reply
}
}
Hope this helps,
/* era */
--
.obBotBait: It shouldn't even matter whether <http://www.iki.fi/era/>
I am a resident of the state of Washington. <http://members.xoom.com/procmail/>
* Sign the European spam petition! <http://www.politik-digital.de/spam/en/> *