procmail
[Top] [All Lists]

Old Bug New Problem.

2005-04-05 17:11:44
It's been ages since I noticed the old "Dropped F" bug hitting messages.

The server that I have had to be restored due to a rootkit installed on
it, and now since the restoration I see lots of messages that have the
mangled From envelope header.

Using an old recipe, it still doesn't correct the problem.

Here is what I have in my sand box.

testrc

## Check for missing F from From headers, correct as necessary
:0 
* ^^rom[ ] 
{ 
  LOG="*** Dropped F off From_ header! Fixing up. " 


  :0 fhw 
  | sed -e '1s/^/F/' 


} 


test.msg - headers, from one of the messages caught.

rom 20_12292_Vp51uXk6x2oQJT3KkhyLPg(_at_)newsletters(_dot_)microsoft(_dot_)com  
Mon Apr
4 04:24:35 2005
Return-Path: 
<20_12292_Vp51uXk6x2oQJT3KkhyLPg(_at_)newsletters(_dot_)microsoft(_dot_)com>
Received: from delivery2.pens.microsoft.com
(delivery2.pens.microsoft.com [207.46.248.43])
Reply-To: "Microsoft"
<20_12292_Vp51uXk6x2oQJT3KkhyLPg(_at_)newsletters(_dot_)microsoft(_dot_)com>
From: "Microsoft"
<20_12292_Vp51uXk6x2oQJT3KkhyLPg(_at_)newsletters(_dot_)microsoft(_dot_)com>
To: [Recepient]
Subject: Microsoft Partners Newsletter: Public Edition for April 4, 2005



Log output

procmail: Match on "^^rom[ ]"
procmail: Assigning "LOG=*** Dropped F off From_ header! Fixing up. "
*** Dropped F off From_ header! Fixing up. procmail: Executing
"sed,-e,1s/^/F/"


As you can see, the bug is caught and the message is delivered with
corrected headers.

Moving this to the production server, I placed it, as recommended on
this list and in the archives, right after spam assassin test.


## Send to Spam Assassin
:0fw
| /usr/bin/spamassassin



## Check for missing F from From headers, correct as necessary
:0 
* ^^rom[ ] 
{ 
  LOG="*** Dropped F off From_ header! Fixing up. " 


  :0 fhw 
  | sed -e '1s/^/F/' 


} 


And it is not working, and not a single instance caught so far, and when
I read the procmail log, there are no signs of detection.

Any recommendations?

I read almost every document that I could find about this and have no
idea what to do next.

Thank you.



____________________________________________________________
procmail mailing list   Procmail homepage: http://www.procmail.org/
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail

<Prev in Thread] Current Thread [Next in Thread>