[Esa-l] Re: Quarantine confusion

Michael Cummings michael at mcummings.com
Sat Jun 17 11:49:04 PDT 2000


I do the same thing as below but have cron touch and chmod the file at
midnight every day.

 00 0 * * * root run-parts /etc/cron.global_log
and the file in cron.global_log is 

#!/bin/sh
#set_global-log
/bin/touch /tmp/global_log.`/bin/date +%y-%m-%d`
/bin/chmod 666 /tmp/global_log.`/bin/date +%y-%m-%d`

# eof


Seems to work fine for me.

NOTE There are no logons on this box. If you had users logging in
interactively you would want to rethink the file's location and
permissions.

Michael



On Thu, 15 Jun 2000, John D. Hardin wrote:

> On Thu, 15 Jun 2000, Ancipital wrote:
> 
> > Now, this might be me failing to RTFM; if this is so, I apologise
> > in advance. I set quarantine to /tmp/evilmail (there are no user
> > logins on this box, and only pop3 and smtp services, and ssh for
> > my IP). This worked like a charm when the first mail came in.
> > however, when the second mail came in, instead of appending it, it
> > produced a permissions-related error, and bounced the message.
> 
> If you didn't create the file and set the permissions beforehand, then
> it's owned by the first person who received a poisoned message. Make
> sure the permissions are world-writable:
> 
>  chown root:root /tmp/evilmail
>  chmod 622 /tmp/evilmail
> 
> --
>  John Hardin KA7OHZ   ICQ#15735746   http://www.wolfenet.com/~jhardin/
>  jhardin at wolfenet.com      pgpk -a finger://gonzo.wolfenet.com/jhardin
>   768: 0x41EA94F5 - A3 0C 5B C2 EF 0D 2C E5  E9 BF C8 33 A7 A9 CE 76 
>  1024: 0xB8732E79 - 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
> -----------------------------------------------------------------------
>   "Bother," said Pooh as he struggled with /etc/sendmail.cf, "it never
>   does quite what I want. I wish Christopher Robin was here."
> 				-- Peter da Silva in a.s.r
> -----------------------------------------------------------------------
>    136 days until Daylight Savings Time ends
> 
> 
> _______________________________________________
> E-mail Security Announce list mailing list
> E-mail Security Announce list at spconnect.com
> http://www.spconnect.com/mailman/listinfo/esa-l
> 





More information about the esd-l mailing list