At 08:27 2003-04-04 -0500, Dave Stern - Former Rocket Scientist did say:
I have a couple of questions. First, why is it a good idea to install
procmail suid? Isn't this more of a security risk?
There is functionality which cannot be performed if it doesn't have the
ability to change uid, notably:
/etc/procmailrc
(with elevated privs, discarded when procmail goes to process
the ~/.procmailrc, or when DROPPRIVS is encountered)
/etc/procmailrcs/
(assumes the uid of the file owner)
Both of these facilities are EXTREMELY useful. Also, if you haven't
noticed, procmail is rather retentive on checking file permissions - for
instance, it doesn't like rcfiles which are group writeable ("suspicious
rcfile").
Second, we have the latest sendmail installed sgid with procmail as the
LDA and a systemwide procmailrc everyone runs. Periodically, I see messages:
timeout waiting for input from local during Draining Input
Periodically you see these messages WHERE? If in the system log, what
service are they attributed to?
Unless you include those details, when you dump the message here, you're
either expecting that people have had the same problem as you, or that
they'll go searching in the support forums for _another_program_ to find
the cause. Given that, the least you could do is specify where the message
comes from.
FTR, the FIRST result in deja when searching for the error string as a
literal was:
<http://groups.google.com/groups?q=+timeout+waiting+for+input+from+local+during+Draining+Input&hl=en&lr=&ie=UTF-8&oe=UTF-8&selm=b4ssv7%24957%241%40mserv2.dl.ac.uk&rnum=1>
There are several other equally applicable messages returned from a direct
search on the error message in question.
The error is also mentioned at:
<http://www.sendmail.org/~ca/email/smenhanced.html>
I'm told I should look at whether the LDA (procmail) is generating too much
output for sendmail. How can I check this? How can I throttle it back if it
is a problem?
Generating 'too much output', eh? Procmail itself shouldn't. You didn't
post a procmailrc, or even a hint of it, so we certainly can't give you
pointers on what you're doing there.
Perhaps programs called from your procmailrc are emitting a lot of text to
stdout. Have you tried running your rules within a sandbox to evaluate
what it is they're outputting firsthand?
Related to this, I'm running an older version of procmail, perhaps upgrading
to 3.22 might solve it?
'an older verison of procmail'? Such as? I didn't see the version
mentioned anywhere in your post.
If you have security concerns about procmail (as expressed at the top of
your post), keeping on top of the revision history for it might be a good
idea in any event.
---
Sean B. Straw / Professional Software Engineering
Procmail disclaimer: <http://www.professional.org/procmail/disclaimer.html>
Please DO NOT carbon me on list replies. I'll get my copy from the list.
_______________________________________________
procmail mailing list
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail