[Esd-l] Duplicate Notify messages to postmaster ?

John Telford JTelford at metroland.com
Fri Apr 26 10:41:01 PDT 2002


I've never configured procmail before and I think I've gone through the docs
10 times but it was late when I got it running - 'must stop klez - users are
so gullable....'
So it's working but I always 2 messages delivered to postmaster.
One to the postmaster
Subject: SECURITY WARNING - possible email attack

One to the Sender but appears BCC to the postmaster, with the default notify
text:
Subject: Re: Your name for only $8.95! (includes 1yr)

Can anyone suggest a way to get just 1 postmaster notify ?
Freebsd 4.3
procmail v3.22

procmailrc
PATH="/usr/bin:$PATH:/usr/local/bin"
SHELL=/bin/sh

POISONED_EXECUTABLES=/etc/procmail/poisoned
# not stripping files at this time jt
# STRIPPED_EXECUTABLES=/etc/procmail/stripped
DEFANG_WEBBUGS=YES
SECURITY_NOTIFY="postmaster"
SECURITY_NOTIFY_VERBOSE=""
SECURITY_NOTIFY_SENDER=/etc/procmail/notify.txt
SECRET="gOgetStuffeDdontsend"


# this file must already exist, with proper permissions (rw--w--w-):
# SECURITY_QUARANTINE=/var/spool/mail/quarantine
# send the bastards straight to hell jt
SECURITY_QUARANTINE=/dev/null


POISONED_SCORE=25
SCORE_HISTORY=/var/log/macro-scanner-scores


DROPPRIVS=YES
LOGFILE=/var/log/procmail.log


# Finished setting up, now run the sanitizer... NO Changes JT
INCLUDERC=/etc/procmail/html-trap.procmail.nomacroscan


# Reset some things to avoid leaking info to
# the users...
POISONED_EXECUTABLES=
SECURITY_NOTIFY=
SECURITY_NOTIFY_VERBOSE=
SECURITY_NOTIFY_SENDER=
SECURITY_QUARANTINE=
SECRET=

#eof 
John Telford.



More information about the esd-l mailing list