It's been ages since I noticed the old "Dropped F" bug hitting messages.
The server that I have had to be restored due to a rootkit installed on
it, and now since the restoration I see lots of messages that have the
mangled From envelope header.
Using an old recipe, it still doesn't correct the problem.
Here is what I have in my sand box.
testrc
## Check for missing F from From headers, correct as necessary
:0
* ^^rom[ ]
{
LOG="*** Dropped F off From_ header! Fixing up. "
:0 fhw
| sed -e '1s/^/F/'
}
test.msg - headers, from one of the messages caught.
rom 20_12292_Vp51uXk6x2oQJT3KkhyLPg(_at_)newsletters(_dot_)microsoft(_dot_)com
Mon Apr
4 04:24:35 2005
Return-Path:
<20_12292_Vp51uXk6x2oQJT3KkhyLPg(_at_)newsletters(_dot_)microsoft(_dot_)com>
Received: from delivery2.pens.microsoft.com
(delivery2.pens.microsoft.com [207.46.248.43])
Reply-To: "Microsoft"
<20_12292_Vp51uXk6x2oQJT3KkhyLPg(_at_)newsletters(_dot_)microsoft(_dot_)com>
From: "Microsoft"
<20_12292_Vp51uXk6x2oQJT3KkhyLPg(_at_)newsletters(_dot_)microsoft(_dot_)com>
To: [Recepient]
Subject: Microsoft Partners Newsletter: Public Edition for April 4, 2005
Log output
procmail: Match on "^^rom[ ]"
procmail: Assigning "LOG=*** Dropped F off From_ header! Fixing up. "
*** Dropped F off From_ header! Fixing up. procmail: Executing
"sed,-e,1s/^/F/"
As you can see, the bug is caught and the message is delivered with
corrected headers.
Moving this to the production server, I placed it, as recommended on
this list and in the archives, right after spam assassin test.
## Send to Spam Assassin
:0fw
| /usr/bin/spamassassin
## Check for missing F from From headers, correct as necessary
:0
* ^^rom[ ]
{
LOG="*** Dropped F off From_ header! Fixing up. "
:0 fhw
| sed -e '1s/^/F/'
}
And it is not working, and not a single instance caught so far, and when
I read the procmail log, there are no signs of detection.
Any recommendations?
I read almost every document that I could find about this and have no
idea what to do next.
Thank you.
____________________________________________________________
procmail mailing list Procmail homepage: http://www.procmail.org/
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail