procmail
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: mail for all..

2002-05-30 21:31:23
from [Professional Software Engineering] [Permanent Link] 
At 13:43 2002-05-30 -0500, johnathan spectre did say:

> Lots of things could make it seem like procmail isn't reading your
> .procmailrc.  Chiefly among them are poor permissions.

Well as I stated procmail doesn't even seem to read ~root/.procmailrc.
Q: how do you know that it doesn't read it? What if procmail is looking at it and exclaiming, "wow, willya look at that, it's world writeable. Perhaps I shouldn't process that script." You'll get the effect of nothing in the rcfile being acted upon, but it isn't inherently because procmail didn't look at the file.
I was wondering if this was a "feature" of the program (which would make semi-decent security sense).
Uhm, /etc/procmailrc is executed as root, and procmail itself is usually setuid root. If people want to shoot themselves in the foot, they've already got lots of ammo -- restricting root from being able to use procmail wouldn't make any sense.
I know about /etc/procmailrc but I didn't want those rules to apply to all users on the box. 

(in /etc/procmailrc, which is executed as root)

:0
* LOGNAME ?? ^theunprivledgeddeliveryuser$
{
        # parse away to your heart's content
}

*OR*, set up a program delivery alias:

redelivery:     |procmail -m /etc/procmailrcs/somefilter.rc
Take off those shades - they may look cool, but they're interfering with your view.
Right. But as I stated only root had access to write to various user's mbox files without putting everyone in a group and allowing anyone in the group to mess with someone else's file.
Besides the above two possibilities, why not a user whose primary group is "mail", and ensure that the mailboxes are writeable by group mail, of which this user is the sole member of?
blocks ALL traffic on port 25 for "security" reasons (though if I'm willing to pay $100/mo more for "business class" service they'll unblock the port for
You can set your MTA to answer connections on a different port, and if your MX is some buddy, perhaps s/he'd consider setting up their MTA to relay the mail to you on the alternate port? I have no experience doing that (since I don't have a need to), but it should all be doable. At least it is in Sendmail (via DaemonPortOptions). 

See also:

<http://www.isc.org/ml-archives/bind-users/2001/01/msg00246.html>
---
 Sean B. Straw / Professional Software Engineering

 Procmail disclaimer: <http://www.professional.org/procmail/disclaimer.html>
 Please DO NOT carbon me on list replies.  I'll get my copy from the list.

_______________________________________________
procmail mailing list
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  ^TO_.*(abc(_at_)abc(_dot_)com|xyx(_at_)zyx) does not work ?? Why ?, S Semple
Next by Date:  Re: ^TO_.*(abc(_at_)abc(_dot_)com|xyx(_at_)zyx) does not work ?? Why ?, Andrew Edelstein
Previous by Thread:  Re: mail for all.., Professional Software Engineering
Next by Thread:  Re: mail for all.., Professional Software Engineering
Indexes:  [Date] [Thread] [Top] [All Lists]