procmail
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Can you make a global recipe to prevent mail loops?

2000-12-29 08:50:00
from [Dallman Ross] [Permanent Link] 
From: Frank Joerdens <frank(_at_)joerdens(_dot_)de>



All the recipes I've seen have a line such as

# Mail loops are evil
* !^X-Loop: your(_at_)own(_dot_)mail(_dot_)address

(from the procmailex man page)

which includes the owner's email address. This is a general
problem, I think, because it requires manipulation of the users'
individual ~/.promailrc files, and it is generally a bad idea for any
administrator to trust their users to do anything correctly. Which is
why I'd like to have a global way of implementing a safeguard against
loops, for instance in /etc/procmailrc. The other option would be to
disallow recipes that send mail altogether, or to do it for each user
who really wants it (only allow root to edit ~/.procmailrc), which is
not really a satisfying solution from a maintenance point of view.

I'm not just worried, I've already been burnt: One of my users had a
very simple recipe, without any loop safeguards, to forward anything
to another account. Then someone sent him a file with a huge (4 MB)
attachment, which got forwarded to the other account, was rejected
there because of its size, sent back to my box . . . within 24 hrs,
I had 4 GB of traffic accumulated, precisely up to point where the 2
GB filesize limit on my ext2 Linux box was reached. Given the still
horrendous cost of IP traffic in Europe (20 Euro per GB is about the
low end of the price spectrum in Germany), this ain't really a fun
scenario.

What's the answer here? Disallowing recipes for users or is there a
less radical solution?


There's nothing that says you can't have more than one X-Loop line.
Why not put a systemwide one in /etc/.procmailrc?  The X-Loop is
suggested to be made with the -A flag to formail, which appends
the field regardless of whether one like it already exists.

I actually have procmail attach an X-Loop to all *in*bound mail,
so I don't have to remember to code, or specially code for, one
when it's called for.  There are plusses and minuses to this
approach, however.  I think I remember Sean Straw referring to
some of the detriments in a FAQuy-style post about 2 months ago.
(But its logic didn't deter me.)

-- 
Netcom has imploded.  Please now use NOTnetcom.com for mail.
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Ex-Netcommies:  Mail "forwards" for free forwarding service!
NOT affiliated with EarthLink, Inc.'s Netcom brand identity.
_______________________________________________
procmail mailing list
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Can you make a global recipe to prevent mail loops?, John Summerfield
Next by Date:  Is this feasible?, Joe Hagerty
Previous by Thread:  Re: Can you make a global recipe to prevent mail loops?, Philip Guenther
Next by Thread:  Is this feasible?, Joe Hagerty
Indexes:  [Date] [Thread] [Top] [All Lists]