[Esd-l] Poison Files

Scott Taylor scott at dctchambers.com
Thu Jan 16 12:46:01 PST 2003


Hey all,

After building a new mail server, Linux 2.4.19, running sendmail 8.12.6, 
Perl 5.8.0 and html-trap.procmail,v 1.137 2002-12-22 for some reason it 
stopped processing the poison file list.  It does trap and quarantine .exe 
files and others, but not extra file specified in the poisoned file, they 
are just passed through but do include the X-Security header line.

Any idea how I might have broke it, what I should look for?  I couldn't 
find anything on John's web pages like this.

Here are some details, let me know if I missed anything pertinent.

Cheers.

Scott.
--------

Here is perms and location for poison list:
-rw-r--r--    1 root     root         2093 Jan 12 05:25 /etc/procmail/poisoned

the user's procmailrc:
-rw-r--r--    1 root     root         1086 Jan 12 05:50 .procmailrc
PATH="/usr/bin:$PATH:/usr/local/bin"
SHELL=/bin/sh

POISONED_EXECUTABLES=/etc/procmail/poisoned
SECURITY_NOTIFY="postmaster"
# SECURITY_NOTIFY_VERBOSE="postmaster"
SECURITY_NOTIFY_SENDER=YES
SECURITY_NOTIFY_RECIPIENT=YES
SECURITY_STRIP_MSTNEF=YES
DEFANG_WEBBUGS=YES

# this file must already exist, with proper permissions (rw--w--w-):
SECURITY_QUARANTINE=$HOME/hold

POISONED_SCORE=25
SCORE_HISTORY=/var/log/macro-scanner-scores
SCORE_DETAILS=YES

DROPPRIVS=YES
LOGFILE=$HOME/procmail.log

# Finished setting up, now run the sanitizer...
INCLUDERC=/etc/procmail/html-trap.procmail

the quarantine file is located at $HOME/hold with drwxrwxr-t owned by the 
user with group mail which sendmail runs as.  These perms work well for 
quarantine and I've tried with drw--w--w- same problem.  I forget where I 
got the idea for these perms; old style maybe?



More information about the esd-l mailing list