Hi, All:
This is my first procmail filter. I have installed it on a testing server,
a Sun box with sendmail 8.11.2, procmail 3.15 sunning Solaris 2.6.
Here is the sendmail.cf Mlocal and Mprog:
Mlocal, P=/usr/local/bin/procmail/bin/procmail,
F=lsDF0MAw5:/|@qSfn9E, S=10/30, R=20/40,
T=DNS/RFC822/X-Unix,
A=procmail -Y -a $h -d $u
Mprog, P=/bin/sh, F=lsDFMoqeu9, S=10/30, R=20/40, D=$z:/,
T=X-Unix,
A=sh -c $u
I have followed the instruction carefully:
1. created /etc/procmail dir root:root 755
download the latest version of sanitizer 1.129
This is what I have under that directory:
-rw-r--r-- 1 root other 993 Jun 5 14:27 1
-rw-r--r-- 1 root root 11310 Jun 5 15:04 html-trap.procmail
-rw-r--r-- 1 root other 22 Jun 5 14:17
local-email-security-policy.txt
-rw-r--r-- 1 root root 472 Jun 4 16:17 local-rules.procmail
-rw-r--r-- 1 root root 39 Jun 5 14:22 poisoned
2. Created /etc/procmailrc file:
PATH="/usr/bin:$PATH:/usr/local/bin"
SHELL=/usr/bin/sh
POISONED_EXECUTABLES=/etc/procmail/poisoned
SECURITY_NOTIFY="xma, xmatest"
SECURITY_NOTIFY_VERBOSE="postmaster"
#SECURITY_NOTIFY_SENDER=/etc/procmail/local-email-security-policy.txt
SECRET="CHANGE THIS"
# this file must already exist, with proper permissions (rw--w--w-):
SECURITY_QUARANTINE=/var/spool/mail/quarantine
#POISONED_SCORE=25
#SCORE_HISTORY=/var/log/macro-scanner-scores
DROPPRIVS=YES
LOGFILE=/var/log/procmail.log
MANGLE_EXTENSIONS=exe|bat|dll
# Finished setting up, now run the sanitizer...
INCLUDERC=/etc/procmail/html-trap.procmail
INCLUDERC=/etc/procmail/local-rules.procmail
# Reset some things to avoid leaking info to
# the users...
POISONED_EXECUTABLES=
SECURITY_NOTIFY=
SECURITY_NOTIFY_VERBOSE=
#SECURITY_NOTIFY_SENDER=
SECURITY_QUARANTINE=
SECRET=
3. created /var/spool/mail/quarantine root:other 644
For testing, from my yahoo.com account I sent an attachment named
test.exe. It just went through and quarantine file remains 0 byte.
Any suggestions? Has anyone installed this filter?
Thanks a lot.
Xiaoyan
_______________________________________________
procmail mailing list
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail