[Esa-l] Local Exceptions

Mark_Saunders Mark_Saunders at piucorp.com
Thu Aug 23 06:38:55 PDT 2001


I was just working on something similar last week.
..Different environment variable, but the same applies.

Comment out your addition to procmailrc...
Add a new INCLUDERC entry to your /etc/procmailrc file ABOVE where
html-trap.procmail gets called, Like this:

INCLUDERC=/etc/procmail/setmstnef.procmail #This is the new file
INCLUDERC=/etc/procmail/html-trap.procmail

In the new file, you can do something like this:

SECURITY_STRIP_MSTNEF="YES"
:0
* ^From:.*<[a-zA-Z0-9_\-]+\@mydomain\.com>
{
SECURITY_STRIP_MSTNEF=""
}

As I said, my environment variable is different, but you get the idea.
Set the variable globally, then build a condition where it's set
conditionally.
As some of my users have underscores and/or hyphens in their names, I added
characters to meet that condition.


-----Original Message-----
From: esa-l-admin at spconnect.com [mailto:esa-l-admin at spconnect.com]On
Behalf Of Dan Kubilos
Sent: Wednesday, August 22, 2001 5:51 PM
To: esa-l at spconnect.com
Subject: [Esa-l] Local Exceptions


Pardon the flounce
but . . .

I have tried to follow the instructions on John's Config page and have
just spend a couple hours checking rechecking testing retesting.

What I want to accomplish is to NOT mangle MS Word docs from anyone in our
domain to anyone in our domain.

Here is my procmailrc

:0
* ^From:.*<[a-z0-9]+ at oxnardsd.org>
* ^To:.*<[a-z0-9]+ at oxnardsd.org>
{
MANGLE_EXTENSIONS='html?|exe|com|cmd|bat|pif|sc[rt]|lnk|dll|ocx|dot|xl[wt]|p
[po]t|rtf|vb[se]?|hta|p[lm]|sh[b
s]|hlp|chm|eml|ws[cfh]|ad[ep]|jse?|md[abew]|ms[ip]|reg|asd|cil|pps|asx|wm[sz
d]'
}
DROPPRIVS=YES
LOGFILE=/var/log/filter.log
PATH="/usr/bin:$PATH"
SHELL=/bin/sh
POISONED_EXECUTABLES=/etc/procmail/poisoned
SECURITY_NOTIFY=
SECURITY_NOTIFY_VERBOSE="dan"
SECURITY_QUARANTINE=/var/spool/mail/security
SECURITY_NOTIFY_SENDER=/etc/procmail/BadMailNotify
POISONED_SCORE=25
SCORE_HISTORY=/var/log/macro-scanner-scores
# Finished setting up, now run the sanitizer...
INCLUDERC=/etc/procmail/html-trap.procmail
INCLUDERC=/etc/procmail/local-rules.procmail
# Reset some things to avoid leaking info to
# the users...
LOGFILE=
POISONED_EXECUTABLES=
SECURITY_NOTIFY=
SECURITY_NOTIFY_VERBOSE=
SECURITY_QUARANTINE=

.doc attachments are still defanged.  Any help appreciated.

--
Dan Kubilos     __\o_ ^
K-8 Tech Coord
http://www.oxnardsd.org
_______________________________________________
E-mail Security Announce list mailing list
E-mail Security Announce list at spconnect.com
http://www.spconnect.com/mailman/listinfo/esa-l



More information about the esd-l mailing list