Home page logo

bugtraq logo Bugtraq mailing list archives

Re: procmail
From: guenther () GAC EDU (Philip Guenther)
Date: Mon, 21 Jul 1997 00:23:10 -0500

jamie <batsy () VAPOUR NET> writes:
Here's a heads up to anyone running procmail v3.11pre4.

In the procmailex man page there is an example of a simple fileserver.
The problem with the example is that after getting it working, I wanted
to see if the MAILDIR variable would isolate procmail to that directory.

The manpage you quote dates from procmail 3.06 or so.  3.10 and later
have correctly paranoid manpages.

             * !^X-Loop: yourname () your main mail address
             * !^Subject:.*Re:
             * !^FROM_DAEMON
             * ^Subject:.*request

Solution: change that last subject to read:

               * ^Subject:.*request [0-9a-z]

and add the condition:

               * ! ^Subject:.*[/.]\.

That will protect you from ".."s and keep dot files in general from
being fetched.  Totally ripping out the entire recipe and inserting
the version from the version 3.11pre* manpage would probably be a
good idea, assuming you have at least 3.10.

(Note: procmail regexps are case insensitive by default)

Philip Guenther

Philip Guenther                 UNIX Systems and Network Administrator
Internet: guenther () gac edu      Voicenet: (507) 933-7596
Gustavus Adolphus College       St. Peter, MN 56082-1498

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]