[Subject Prev][Subject Next][Thread Prev][Thread Next][Subject Index][Thread Index]

Re: Help me reg. procmail

Sudhakar G rearranged electrons thusly:

> hi junta,
> any one who sends me a mail gets the mysterious error :
> /home/brihadeswara/btech/sudha/.forward: line 1: "| exec /usr/bin/procmail
> "... Address sudha is unsafe for mailing to programs
> i am enclosing my .procmailrc and .forward file.
It is not very mysterious at all, if you read the sendmail FAQ.
http://www.sendmail.org/faq/section3.html#3.33 to be specific (one of the top 5
questions in the FAQ)

> Beginning with sendmail 8.9, these checks have become more strict to prevent users from
> being able to access files they would normally not be able to read. In particular,
> .forward and :include: files in unsafe directory paths (directory paths which are group or
> world writable) will no longer be allowed. This would mean that if user joe's home
> directory was writable by group staff, sendmail would not use his .forward file. This
> behavior can be altered, at the expense of system security, by setting the
> DontBlameSendmail option. For example, to allow .forward files in group writable

and the solution ...

> If you have an unsafe configuration of .forward and :include: files, you can make it safe
> by finding all such files, and doing a "chmod go-w $FILE" on each. Also, do a "chmod go-w
> $DIR" for each directory in the file's path.


Suresh Ramasubramanian  <-->  mallet <at> efn <dot> org
EMail Sturmbannfuhrer, Lower Middle Class Unix Sysadmin
"What separates normal people from kooks is how they react when people disagree
with them or tell them "NO"  <-- Ron Ritzman on news.admin.net-abuse.email