shanew(_at_)shanew(_dot_)net wrote to
procmail(_at_)lists(_dot_)rwth-aachen(_dot_)de
[at 17:39 (-0500) on Tuesday, 19th May, 2015]:
Based on the discussion at
http://serverfault.com/questions/579192/procmail-is-ignoring-user-settings
I get the impression that when using procmail as your LDA (which I
should have said I am) setting DROPPRIVS=no prevents any reading of a
user .procmailrc. Which I think is the opposite of what you're
saying, but it's the end of the day, so my brain may be playing tricks
on me.
That said, I'm not finding anything authoritative to back that up (nor
have I tested it, since I don't have a good test system to try it on).
On Tue, 19 May 2015, Alan Clifford wrote:
shanew(_at_)shanew(_dot_)net wrote to
procmail(_at_)lists(_dot_)rwth-aachen(_dot_)de
[at 16:17 (-0500) on Tuesday, 19th May, 2015]:
Another idea that occurred to me would be to prevent .procmailrc
execution by setting DROPPRIVS equal to "no" in the system
/etc/procmailrc unless the LOGNAME value appears in a file that listed
allowed users?
Wouldn't you set DROPPRIVS to yes then deliver mail from within
/etc/procmailrc? Then ~/.procmailrc wouldn't be run at all.
Alan
( Please address personal email to alan+1@ as email to lists@
is only read from my subscribed lists. )
From man procmailrc
"DROPPRIVS If set to `yes' procmail will drop all privileges it might have
had (suid or sgid). This is only useful if you want to guarantee that the
bottom half of the /etc/procmailrc file is executed on behalf of the
recipient."
My understanding is that as soon as the recipes in /etc/procmailrc have
been done and the program moves on to the the user's ~/.procmailrc, any
privileges are automatically dropped.
Alan
( Please address personal email to alan+1@ as email to lists@
is only read from my subscribed lists. )
--
____________________________________________________________
procmail mailing list Procmail homepage: http://www.procmail.org/
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)de
http://mailman.rwth-aachen.de/mailman/listinfo/procmail