At 13:43 2002-05-30 -0500, johnathan spectre did say:
> Lots of things could make it seem like procmail isn't reading your
> .procmailrc. Chiefly among them are poor permissions.
Well as I stated procmail doesn't even seem to read ~root/.procmailrc.
Q: how do you know that it doesn't read it? What if procmail is looking at
it and exclaiming, "wow, willya look at that, it's world
writeable. Perhaps I shouldn't process that script." You'll get the
effect of nothing in the rcfile being acted upon, but it isn't inherently
because procmail didn't look at the file.
I was wondering if this was a "feature" of the program (which would make
semi-decent security sense).
Uhm, /etc/procmailrc is executed as root, and procmail itself is usually
setuid root. If people want to shoot themselves in the foot, they've
already got lots of ammo -- restricting root from being able to use
procmail wouldn't make any sense.
I know about /etc/procmailrc but I didn't want those rules to apply to all
users on the box.
(in /etc/procmailrc, which is executed as root)
:0
* LOGNAME ?? ^theunprivledgeddeliveryuser$
{
# parse away to your heart's content
}
*OR*, set up a program delivery alias:
redelivery: |procmail -m /etc/procmailrcs/somefilter.rc
Take off those shades - they may look cool, but they're interfering with
your view.
Right. But as I stated only root had access to write to various user's
mbox files without putting everyone in a group and allowing anyone in the
group to mess with someone else's file.
Besides the above two possibilities, why not a user whose primary group is
"mail", and ensure that the mailboxes are writeable by group mail, of which
this user is the sole member of?
blocks ALL traffic on port 25 for "security" reasons (though if I'm
willing to pay $100/mo more for "business class" service they'll unblock
the port for
You can set your MTA to answer connections on a different port, and if
your MX is some buddy, perhaps s/he'd consider setting up their MTA to
relay the mail to you on the alternate port? I have no experience doing
that (since I don't have a need to), but it should all be doable. At least
it is in Sendmail (via DaemonPortOptions).
See also:
<http://www.isc.org/ml-archives/bind-users/2001/01/msg00246.html>
---
Sean B. Straw / Professional Software Engineering
Procmail disclaimer: <http://www.professional.org/procmail/disclaimer.html>
Please DO NOT carbon me on list replies. I'll get my copy from the list.
_______________________________________________
procmail mailing list
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail