procmail
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

install Sanitizer

2001-06-05 16:09:50
from [Xiaoyan Ma] [Permanent Link] 
Hi, All:
This is my first procmail filter. I have installed it on a testing server, a Sun box with sendmail 8.11.2, procmail 3.15 sunning Solaris 2.6. 

Here is the sendmail.cf Mlocal and Mprog:
Mlocal, P=/usr/local/bin/procmail/bin/procmail, F=lsDF0MAw5:/|@qSfn9E, S=10/30, R=20/40, 
                T=DNS/RFC822/X-Unix,
                A=procmail -Y -a $h -d $u
Mprog,          P=/bin/sh, F=lsDFMoqeu9, S=10/30, R=20/40, D=$z:/,
                T=X-Unix,
                A=sh -c $u


I have followed the instruction carefully:
1. created /etc/procmail dir root:root 755
    download the latest version of sanitizer 1.129
   This is what I have under that directory:
-rw-r--r--   1 root     other        993 Jun  5 14:27 1
-rw-r--r--   1 root     root       11310 Jun  5 15:04 html-trap.procmail
-rw-r--r-- 1 root other 22 Jun 5 14:17 local-email-security-policy.txt 
-rw-r--r--   1 root     root         472 Jun  4 16:17 local-rules.procmail
-rw-r--r--   1 root     root          39 Jun  5 14:22 poisoned

2. Created /etc/procmailrc file:
PATH="/usr/bin:$PATH:/usr/local/bin"
SHELL=/usr/bin/sh

    POISONED_EXECUTABLES=/etc/procmail/poisoned
    SECURITY_NOTIFY="xma, xmatest"
    SECURITY_NOTIFY_VERBOSE="postmaster"
    #SECURITY_NOTIFY_SENDER=/etc/procmail/local-email-security-policy.txt
    SECRET="CHANGE THIS"

    # this file must already exist, with proper permissions (rw--w--w-):
    SECURITY_QUARANTINE=/var/spool/mail/quarantine

    #POISONED_SCORE=25
    #SCORE_HISTORY=/var/log/macro-scanner-scores

    DROPPRIVS=YES
    LOGFILE=/var/log/procmail.log

    MANGLE_EXTENSIONS=exe|bat|dll

    # Finished setting up, now run the sanitizer...
    INCLUDERC=/etc/procmail/html-trap.procmail
    INCLUDERC=/etc/procmail/local-rules.procmail

    # Reset some things to avoid leaking info to
    # the users...
    POISONED_EXECUTABLES=
    SECURITY_NOTIFY=
    SECURITY_NOTIFY_VERBOSE=
    #SECURITY_NOTIFY_SENDER=
    SECURITY_QUARANTINE=
    SECRET=

3. created /var/spool/mail/quarantine root:other 644
For testing, from my yahoo.com account I sent an attachment named test.exe. It just went through and quarantine file remains 0 byte. 

Any suggestions?  Has anyone installed this filter?

Thanks a lot.

Xiaoyan



_______________________________________________
procmail mailing list
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
  • install Sanitizer, Xiaoyan Ma <=
Previous by Date:  Run a script based on date, Hetal Gandhi
Next by Date:  Subject alteration, mdimitrio
Previous by Thread:  Run a script based on date, Hetal Gandhi
Next by Thread:  Subject alteration, mdimitrio
Indexes:  [Date] [Thread] [Top] [All Lists]