procmail
[Top] [All Lists]

small add-on for procmail-3.22-secpatch.diff

2005-06-29 15:26:29


   Hi,


     We have implemented the procmail security patch from Isaac Saldana's
site: http://www.ee.ucr.edu/~isaldana/procmail/secure.html , however, it had

one down side. The downside is that a rule containing ! email(_at_)here, aka:
:0

* some match rule here
! email(_at_)here

didn't work anymore for users not in /etc/procmailusers (as procmail needs to
exec /usr/sbin/sendmail, or whatever DEFsendmail is set to). Due to this
 fact, I created a small patch to fix this, and allow e-mail forwarding via
 procmail while still denying access to unwanted binaries and to unwanted
 users.

   There are two caveats. One is that a link to /usr/sbin/sendmail or
 whatever DEFsendmail in procmail-3.22/config.h points to needs to be put in
 your procmail allowed executables directory. The second (obvious) caveat is
 that DEFsendmail *MUST* be defined and it must point towards a sendmail
 compatible binary (that will accept -oi). Both of these "caveats" are non
 issues, but needed.

   The patch needs to be applied after the patch from Isaac Saldana, direct
link to his patch is:

http://www.ee.ucr.edu/~isaldana/procmail/procmail-3.22-secpatch.diff


best,

--Ariel
 --
 Ariel Biener, CISO
 Tel-Aviv University CIT div.
 e-mail: ariel(_at_)aristo(_dot_)tau(_dot_)ac(_dot_)il phone: 03-6406086
 PGP key:    http://www.tau.ac.il/~ariel/pgp.html

Attachment: procmail-3.22-secpatch-fix.diff
Description: Text Data

____________________________________________________________
procmail mailing list   Procmail homepage: http://www.procmail.org/
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail
<Prev in Thread] Current Thread [Next in Thread>
  • small add-on for procmail-3.22-secpatch.diff, Ariel Biener <=