[Esd-l] Qmail+Sanitizer
bobk at dwcinet.com
bobk at dwcinet.com
Mon Nov 26 11:37:00 PST 2001
I currently am trying to implement the sanitizer on a
qmail+vpopmail+qmailadmin+sqwebmail test mailserver.
I keep running into some problems.
When I test the server by emailing it a poisoned executable I get this in
my procmail.log
Sanitizing MIME attachment headers in "test" from <bobk at dwcinet.com> to
vpopmail
msgid=<Pine.LNX.4.33.0111261422050.20060-101000 at subgenius.dwcinet.com>
Checking "dodohead.pif".
Trapped poisoned executable "dodohead.pif".
Mangling executable filename "dodohead.pif".
Mangling executable filename "dodohead.pif".
NOTIFY root at qmail.dwcinet.com
NOTIFY root at qmail.dwcinet.com
NOTIFY SENDER
procmail: Lock failure on "/var/quarantine.lock"
procmail: Error while writing to "/var/quarantine"
QUARANTINE FAILED!
>From bobk at dwcinet.com Mon Nov 26 19:24:27 2001
Subject: test
Folder: ( \ echo "To: $SECURITY_NOTIFY";\ echo ' 1100
>From vpopmail at qmail.dwcinet.com Mon Nov 26 19:24:28 2001
Subject: Re: test
Folder: /home/vpopmail/Maildir/new/_DR.sbpA8.qmail 1277
>From vpopmail at qmail.dwcinet.com Mon Nov 26 19:24:29 2001
Subject: SECURITY WARNING - possible email attack
Folder: /home/vpopmail/Maildir/new/_LR.tbpA8.qmail 3365
>From vpopmail at qmail.dwcinet.com Mon Nov 26 19:24:30 2001
Subject: SECURITY WARNING - quarantine failed!
Folder: /home/vpopmail/Maildir/new/_SR.ubpA8.qmail 1998
>From vpopmail at qmail.dwcinet.com Mon Nov 26 19:24:30 2001
Subject: SECURITY WARNING - possible email attack
Folder: /home/vpopmail/Maildir/new/_cR.ubpA8.qmail 1846
>From MAILER-DAEMON Mon Nov 26 19:24:30 2001
Subject: failure notice
Folder: /home/vpopmail/Maildir/new/_fR.ubpA8.qmail 1826
>From MAILER-DAEMON Mon Nov 26 19:24:31 2001
Subject: failure notice
Folder: /home/vpopmail/Maildir/new/_mR.vbpA8.qmail 3914
>From MAILER-DAEMON Mon Nov 26 19:24:32 2001
Subject: failure notice
Folder: /home/vpopmail/Maildir/new/_vR.wbpA8.qmail 2547
>From #@[] Mon Nov 26 19:24:32 2001
Subject: failure notice
Folder: /home/vpopmail/Maildir/new/_0R.wbpA8.qmail 4401
>From MAILER-DAEMON Mon Nov 26 19:24:33 2001
Subject: failure notice
Folder: /home/vpopmail/Maildir/new/__R.xbpA8.qmail 2395
>From #@[] Mon Nov 26 19:24:33 2001
Subject: failure notice
Folder: /home/vpopmail/Maildir/new/_BS.xbpA8.qmail 2313
>From #@[] Mon Nov 26 19:24:33 2001
Subject: failure notice
Folder: /home/vpopmail/Maildir/new/_HS.xbpA8.qmail 3034
>From #@[] Mon Nov 26 19:24:33 2001
Subject: failure notice
Folder: /home/vpopmail/Maildir/new/_OS.xbpA8.qmail 2882
I am having problems finding somewhere to put quarantine as well as some
other bugs.
Here is what my procmailrc looks like.
PATH="/usr/bin:$PATH:/usr/local/bin:/var/qmail/bin"
SHELL=/bin/sh
POISONED_EXECUTABLES="/etc/procmail/poisoned-files"
SECURITY_NOTIFY="root at qmail.dwcinet.com"
SECURITY_NOTIFY_VERBOSE="root at qmail.dwcinet.com"
SECURITY_NOTIFY_SENDER="/etc/procmail/policy.note"
SECRET="sdflksjas"
ORGMAIL=
MAILDIR=$HOME/Maildir
DEFAULT=$MAILDIR/
SECURITY_TRUST_HTML=N
DEFANG_WEBBUGS=NO
SECURITY_QUARANTINE=/var/quarantine
POISONED_SCORE=135
SCORE_HISTORY="/var/log/macro-scanner-scores"
SCORE_DETAILS=YES
DROPPRIVS=YES
LOGFILE=/var/log/procmail.log
:0
* ^From:.*
* ^To:.*
{
MANGLE_EXTENSIONS='exe|com|cmd|bat|pif|sc[rt]|dll|ocx|dot|xl[wt]|vb[$
}
# Finished setting up, now run the sanitizer...
INCLUDERC=/etc/procmail/html-trap.procmail
# Reset some things to avoid leaking info to
# the users...
POISONED_EXECUTABLES=
SECURITY_NOTIFY=
SECURITY_NOTIFY_VERBOSE=
SECURITY_NOTIFY_SENDER=
SECURITY_QUARANTINE=
SECRET=
If someone would be so kind as to enlighten me as to what I am doing
wrong. I have run the sanitizer for over a year on multiple sendmail
servers but never tried it on qmail till now.
bob
-_-_-_-_-_-_-_-_-_-_-_-_-_-_-
| Bob Ketterhagen
| Systems Security Administrator
| bobk at dwcinet.com
|_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-
| Digital Wireless Communications
| http://www.dwcinet.com
| 216 W. Broughton St.
| Suite 302
| Savannah, Georgia 31401
| Office 912.525.1859
| Cell 912.210.4904
|_-_-_-_-_-_-_-_-_-_-
More information about the esd-l
mailing list