procmail
[Top] [All Lists]

Re: Permission !!

2001-12-15 20:39:28
At 13:47 2001-12-15 +0500, Mahmood Iqbal Hashmi wrote:
Can I block one email address for one user please advice me and
what permission are necessary for .procmail directory and .procmailrc
file etc.

~/.forward and ~/.procmailrc should not be _writeable_ by anyone other than owner, for certain obvious reasons. Procmail enforces this through checking. 600 is the typical setting (and 400 is the minimal - procmail only needs to READ the file), though as long as group and world don't have write perms, you won't run into trouble (procmail will emit "suspicious rcfile" to the mail log if it is the LDA and encounters a .procmailrc that isn't secure - AND it won't use the rcfile either, acting instead as a regular LDA). I don't _think_ ~/.forward actually has any particular permissions enforced, though you should handle it in exactly the same fashion. When procmail starts running on your ~/.procmailrc it is running as YOU, even though invoked by a privledged MTA. ~/.forward should be handled in a similar fashion, AFAICR.

~/.procmail directory should typically be read/write by owner (600) (well, at runtime, only read should be necessary, unless this is also where you are putting your log, or are running processes which modify files there), 700 is a typical setting. Group and world need no perms in this dir, though in any event, procmail isn't going to enforce anything on you, since as per 'man procmailrc' (see the section on INCLUDERC), procmail doesn't check or enforce permissions on includes (and everything in .procmail, or whatever other directory you elect to use for included rc files, is going to be INCLUDERC or SWITCHRC'd). There _are_ instances where you want others to have read access, at least to individual files, but when you reach the point of sharing stuff among users, you'll come to that conclusion. Until then, just set them to owner-only access permissions.

:0
* ^From: tieedfdf(_at_)hotmail(_dot_)com
/dev/null

Basically, yes, this would be how you'd do it. However, there's probably more "stuff" between the header and the address, not just a single space character.

Try this instead:

:0:
* ^From:.*\<tieedfdf(_at_)hotmail(_dot_)com\>
twits.mbx


A few things to note about this one: it writes to a mailbox instead of merely trashing it (which is a better thing to do if you're not sure of things), and as a result also uses locking (the trailing ':' on the flags line), which isn't necessary when writing to /dev/null. It also matches for "whatever" text before the address (.*), and also looks for word separators on either side of the email address (\< and \> are *NOT* escapes for <>).

Something else to consider is if you have a mailbox with messages from this chap, you can set up a SANDBOX and pipe the messages at it:

        formail -s procmail -m sandbox.rc < savedmessages.mbx

(the sandbox should set up a default delivery to /dev/null, set the MAILDIR to another directory away from your usual mailboxes, and include the recipe above that you're trying to test).

See my .sig for more information about sandboxes.


You might consider reserving "!!" in subjects for exclamations to family and friends, since it's so nice to use procmail to filter spam out when it has multiple exclamations in the subject.

---
 Sean B. Straw / Professional Software Engineering

 Procmail disclaimer: <http://www.professional.org/procmail/disclaimer.html>
 Please DO NOT carbon me on list replies.  I'll get my copy from the list.

_______________________________________________
procmail mailing list
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail

<Prev in Thread] Current Thread [Next in Thread>