Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: procmail

From: guenther () GAC EDU (Philip Guenther)
Date: Mon, 21 Jul 1997 00:23:10 -0500

jamie <batsy () VAPOUR NET> writes:

Here's a heads up to anyone running procmail v3.11pre4.

In the procmailex man page there is an example of a simple fileserver.
The problem with the example is that after getting it working, I wanted
to see if the MAILDIR variable would isolate procmail to that directory.


The manpage you quote dates from procmail 3.06 or so.  3.10 and later
have correctly paranoid manpages.



:0
             * !^X-Loop: yourname () your main mail.address
             * !^Subject:.*Re:
             * !^FROM_DAEMON
             * ^Subject:.*request
             {

...

Solution: change that last subject to read:

               * ^Subject:.*request [0-9a-z]

and add the condition:

               * ! ^Subject:.*[/.]\.

That will protect you from ".."s and keep dot files in general from
being fetched.  Totally ripping out the entire recipe and inserting
the version from the version 3.11pre* manpage would probably be a
good idea, assuming you have at least 3.10.

(Note: procmail regexps are case insensitive by default)


Philip Guenther

----------------------------------------------------------------
Philip Guenther                 UNIX Systems and Network Administrator
Internet: guenther () gac edu      Voicenet: (507) 933-7596
Gustavus Adolphus College       St. Peter, MN 56082-1498
Previous By Date Next
Previous By Thread Next

Current thread: