procmail
[Top] [All Lists]

Re: mail for all..

2002-05-31 09:31:08
At 06:07 2002-05-31 -0500, johnathan spectre did say:
> writeable.  Perhaps I shouldn't process that script."  You'll get the
> effect of nothing in the rcfile being acted upon, but it isn't inherently
> because procmail didn't look at the file.

Well how do I know that? Because the single rule in the file

Uh, like check your system logs, which I've already avised you to do? If procmail is being invoked by your MTA, it is probably logging things like "suspicious rcfile" in your system log. Hard to believe, but it's true.

wasn't even dumping root's mail into ~root/Mail/inbox,

IF THE .procmailrc HAS BAD PERMISSIONS, PROCMAIL WILL NOT EXECUTE IT.  PERIOD.

How about instead of copping an attitude for having the issue brought up to you repeatedly, you just CHECK THE FILE PERMISSIONS, and at least report what they are, as well as the permissions on the directory itself. I reiterated the permissions issue in my second post because you still hadn't provided any confirmation of permissions in your reply to my first message that raised the issue.

FTR, if your system runs with group = user, and procmail isn't compiled to be aware of this config, then it's going to view root:root ownership on a file with group write as a security problem.

Little known secret: at my disclaimer page (right there in my .sig) there's a script called "procdiag.sh". Try running it as the user you're attempting delivery as.

What VERSION of procmail are you running here anyway? I've yet to see even the slightest mention of this critical bit of information.

I just took a test host and changed the root mail config to take delivery, and put a procmailrc there that does nothing but set a logfile, and lo and behold, it executes fine. Take a dump on the file perms, and the syslog shows:

May 31 09:06:56 cylon procmail[864472]: Suspicious rcfile "/root/.procmailrc"

Fix the file perms and then grant +w to group on the DIRECTORY:

May 31 09:07:34 cylon procmail[864512]: Suspicious rcfile "/root/.procmailrc"

So, how about you check your syslog and see if there's anything "suspicious" there? That could include MTA errors complaining about invoking procmail in the first place (though I doubt that is the case here).

> Uhm, /etc/procmailrc is executed as root, and procmail itself is usually
> setuid root.  If people want to shoot themselves in the foot, they've
> already got lots of ammo -- restricting root from being able to use
> procmail wouldn't make any sense.

I was asking about ~/.procmailrc.

And I was advising you that since the global procmailrc file, /etc/procmailrc is ALREADY executed as root, there's no sense in procmail having a special case "I won't run roots ~/.procmailrc because root could do nasty things if they were stupid" -- root can already choose to do stupid things in /etc/procmailrc, and the messages don't even need to be addressed to root in order to do that.

Thanks for your "help". You certainly demonstrate you have knowledge but your bedside manner leaves a lot to be desired.

The emergency room patient should be more concerned about their doctors skill rather than how much flourish they put on the procedure. I provided no less than three alternative methods of accomplishing this, advised you that using root for email at all is a unnecessary security risk, pointed to a workaround for using your MTA directly (with the assistance of your friend), and advised you of the setting in formail that you should be using. You, sir, have a lousy way of saying thanks to someone who's freely invested their time into trying to help YOU solve YOUR PROBLEM.

---
 Sean B. Straw / Professional Software Engineering

 Procmail disclaimer: <http://www.professional.org/procmail/disclaimer.html>
 Please DO NOT carbon me on list replies.  I'll get my copy from the list.

_______________________________________________
procmail mailing list
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail

<Prev in Thread] Current Thread [Next in Thread>