[4952] in bugtraq
Re: procmail
daemon@ATHENA.MIT.EDU (Philip Guenther)
Mon Jul 21 08:44:02 1997
Date: Mon, 21 Jul 1997 00:23:10 -0500
Reply-To: Philip Guenther <guenther@GAC.EDU>
From: Philip Guenther <guenther@GAC.EDU>
X-To: jamie <batsy@VAPOUR.NET>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: Your message of "Fri, 18 Jul 1997 17:32:27 -0000."
<Pine.BSF.3.96.970718172439.14027A-100000@vapour.net>
jamie <batsy@VAPOUR.NET> writes:
>Here's a heads up to anyone running procmail v3.11pre4.
>
>In the procmailex man page there is an example of a simple fileserver.
>The problem with the example is that after getting it working, I wanted
>to see if the MAILDIR variable would isolate procmail to that directory.
The manpage you quote dates from procmail 3.06 or so. 3.10 and later
have correctly paranoid manpages.
> :0
> * !^X-Loop: yourname@your.main.mail.address
> * !^Subject:.*Re:
> * !^FROM_DAEMON
> * ^Subject:.*request
> {
...
Solution: change that last subject to read:
* ^Subject:.*request [0-9a-z]
and add the condition:
* ! ^Subject:.*[/.]\.
That will protect you from ".."s and keep dot files in general from
being fetched. Totally ripping out the entire recipe and inserting
the version from the version 3.11pre* manpage would probably be a
good idea, assuming you have at least 3.10.
(Note: procmail regexps are case insensitive by default)
Philip Guenther
----------------------------------------------------------------
Philip Guenther UNIX Systems and Network Administrator
Internet: guenther@gac.edu Voicenet: (507) 933-7596
Gustavus Adolphus College St. Peter, MN 56082-1498
