Re: [ILUG] email security through procmail
I'm running it through Sendmail, using Mlocal. Unfortunately to log to
/var/log/procmail procmailrc needs to have root privileges. If I do that
then the perl part doesn't work but if I run it without root stuff
(include DROPPRIVS=YES in /etc/procmailrc) then the log in /var/log/
doesn't get written and the perl stuff does.. *grr*
I was hoping someone had run into this problem before and had a quick
solution to it.
Donncha.
Lars Hecking wrote:
>
> Donncha O Caoimh writes:
> > No, there's a | before the perl command in the recipe. I have it working
> > almost - it logs suspicious stuff to users directories (as in the
> > original docs) but I'd really prefer it would log to /var/log/procmail.
> > It also doesn't stop the infected emails getting through either :(
>
> I'm not familiar with John Hardin's recipes. How do you invoke
> procmail, as Mlocal or through .forward? The procmailrc in question
> (/etc/procmailrc or $HOME/.procmailrc) could just set LOGFILE to
> /var/log/procmail.
>
> Too bad that so little is known about this virus. At the
> moment, there are only a few possibilities:
>
> o filter on ^Subject: (re:)? important message from
> and either reject or dump it into a quarantine folder
> o filter the body on any Content-Type/Disposition/whatever MIME
> headers and .doc filenames, either reject them, or add a, say,
> X-Warning: header. The latter is not safe if Windoze email
> clients are viewwing attachments automatically.
>
> -l
>
> --
> Drink Canada Dry! You might not succeed, but it *__��is* fun trying.
This archive was generated by hypermail 2.1.6
: Thu 06 Feb 2003 - 13:04:06 GMT