[Esa-l] Update on POISONED Failure

Graham Dunn gdunn at inscriber.com
Wed Jul 26 06:43:25 PDT 2000


I use html-trap.procmail to filter mail as it goes through our primary
MX host to our Exchange server. There are no user accounts on the
primary MX server.

I've configured sendmail to use procmail as the mailer for all of the
mail coming to our domain (@inscriber.com) via the mailertable database
FEATURE(`mailertable',`hash -o /etc/mail/mailertable.db') statement in
your .mc file when generating sendmail.cf.

/etc/mail/mailertable looks like:
inscriber.com           procmail:/etc/special-procmailrc

Where /etc/special-procmailrc contains the INCLUDERC line for

The tricky bit is then getting the mail delivered to the mail hub from

The only way I could figure out how to do this was to have the last
recipie in /etc/special-procmailrc be one that delivers to sendmail,
calling _another_ sendmail.cf:

:0                      # pass along all other mail
! -C/etc/sendmail.cf.post-procmail -f "$@"

Where /etc/sendmail.cf.post-procmail sends everything to the Exchange
hub :

define(`MAIL_HUB', mail.inorth.com)

The last step is the one I dislke the most, as it means that two copies
of sendmail are running for every mail message that comes in. If anyone
has any suggestions on how to get procmail to deliver mail directly to
our Exchange server (i.e. skip sendmail in the last step), I'd love to
hear it.


PS. Since we've installed Mr. Hardin's filter, we've prevented 5 email
worm outbreaks in the two months it's been running. I cannot overstate
how pleased I am with it :]

On Wed, Jul 26, 2000 at 10:31:41AM +0800, Jason D. Jordan wrote:
> Howdy,
> Firstly - I'vehad quite a few emails from people who sent to me directly -
> I'm not sure that was the inetion - so guys please check to see that your
> email is at least cc'd to thelist as well.
> Secondly - thanks to some wisdom from one particular person - this failure
> to block poisoned attachments is probably related to the fact that I forward
> email directly to my Exchange Server if a user does not exist on the Linux
> Mail Gateway box.  This means that procmail never gets executed as we check
> for user and if not exist - forward.
> Does anyone know of a way to force procmail to be executed regardless if the
> user exists or not?  Or to put it another way - to force forwarded/relayed
> email through procmail too.
> Cheers, Jas

  gdunn at inscriber.com	  Graham Dunn         || ||| | ||| |||| | |||| | 
  PGP Key fingerprint = 3F 56 12 9B 8A E1 77 CB  F0 62 94 B0 93 06 1E 88
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 293 bytes
Desc: not available
Url : http://ga.impsec.org/pipermail/esd-l/attachments/20000726/33279a8f/attachment.bin

More information about the esd-l mailing list