[Esd-l] security_notify_sender
Jason Noble
sysadmin at polezero.com
Thu Feb 7 08:11:01 PST 2002
This is driving me crazy, everything I try, doesnt change it.
The ^From is always root. The message can be internal, external, on any
account, and the ^From is still root.
This mail server is doing some weird stuff.
> On 2002.02.06 14:34 Joe Steele wrote:
>> On Wednesday, February 06, 2002 1:35 PM, Jason Noble wrote:
>> > > As far as failure of 'SECURITY_NOTIFY_SENDER', sender notification
>> is
>> > > skipped if the following pattern fails to match:
>> > > * ! ^FROM_DAEMON
>> >
>> > Is this something I caused to happen? or is it a problem with the mail
>> > sanitizer?
>>
>> Sorry for not being very clear. As 'man procmailrc' says,
>> 'FROM_DAEMON' is shorthand for a lengthy pattern that is intended to
>> match messages sent from daemons/servers/etc. You can see the full
>> expansion of the pattern down below.
>>
>> >
>> > >
>> > > Your debug log showed the above pattern match failed, so
>> notification
>> > > of sender did not occur. The failure shows up as:
>> > >
>> > > procmail: No match on !
>> > > "(^(Mailing-List:|Precedence:.*(junk|bulk|list)|To:
>> > > Multiple recipients of
>> > > |(((Resent-)?(From|Sender)|X-Envelope-From):|>?From
>> > >
>> )([^>]*[^(.%@a-z0-9])?(Post(ma?(st(e?r)?|n)|office)|(send)?Mail(er)?|daemon|m(mdf|ajordomo)|n?uucp|LIST(SERV|proc)|NETSERV|o(wner|ps)|r(e(quest|sponse)|oot)|b(ounce|bs\.smtp)|echo|mirror|s(erv(ices?|er)|mtp(error)?|ystem)|A(dmin(istrator)?|MMGR|utoanswer))(([^).!:a-z0-9][-_a-z0-9]*)?[%@>
>> > >
>> > > ][^<)]*(\(.*\).*)?)?$([^>]|$)))"
>> > >
>> >
>>
>> Now, if you cross your eyes and squint, you will see that somewhere
>> in the above pattern that it says:
>>
>> ! "From: root"
>>
>> (honestly, it really does). I suspect you were testing your
>> sanitizer setup with a test message from root to yourself. The
>> sanitizer will not 'notify sender' if the sender is root or any other
>> daemon that matches the expanded 'FROM_DAEMON' pattern. Try testing
>> it again with a test message sent from a normal user and see if it
>> works.
>>
>> --Joe
>>
>
> OK, I cant seem to figure out what i'm doing wrong.
> I'm not sending from root, i'm using an account thats not even from our
> company.
> I get the "SECURITY WARNING" from the "Procmail Security daemon" and in
> this message it too says that the ^From is really root.
> Now I think this problem is being caused by sendmail. most likely my
> sendmail.cf is not correct, but i really don't have enough experience to
> see where my error is.
>
>
> REPORT: Trapped poisoned executable "testing.exe"
> REPORT: Not a document, or already poisoned by filename. Not scanned for
> macros.
> STATUS: Message quarantined in /var/spool/mail/quarantine, not delivered
> to
> recipient.
>
> Headers from message:
>
>> From root Thu Feb 7 08:55:49 2002
>> Return-Path: <nobleja at fuse.net>
>> Received: from mta02.fuse.net (mx2.fuse.net [216.68.1.120])
>> by mail.polezero.com (8.11.6/8.11.3) with ESMTP id g17Dtgp01429
>> for <nobleja at polezero.com>; Thu, 7 Feb 2002 08:55:42 -0500
>> Received: from there ([216.68.181.90]) by mta02.fuse.net
>> (InterMail vM.5.01.03.01 201-253-122-118-101-20010319) with
>> SMTP
>> id <20020207135535.PSNX14376.mta02.fuse.net at there>
>> for <nobleja at polezero.com>; Thu, 7 Feb 2002 08:55:35 -0500
>> From: Jason Noble <nobleja at fuse.net>
>> To: nobleja at polezero.com
>> Subject: testing
>> Date: Tue, 5 Feb 2002 08:18:52 -0500
>> X-Mailer: KMail [version 1.3.1]
>> MIME-Version: 1.0
>> X-Security: MIME headers sanitized on mail.polezero.com
>> See http://www.impsec.org/email-tools/sanitizer-intro.html
>> for details. $Revision: 1.133 $Date: 2002-01-05 17:09:21-08
>> Content-Type: Multipart/Mixed;
>> boundary="------------Boundary-00=_GBA294V3KR1VSAJ97G8K"
>> Message-Id: <20020207135535.PSNX14376.mta02.fuse.net at there>
>>
> _______________________________________________
> Esd-l mailing list
> Esd-l at spconnect.com
> http://www.spconnect.com/mailman/listinfo/esd-l
More information about the esd-l
mailing list