sysadmin at polezero.com
Thu Feb 7 06:08:00 PST 2002
On 2002.02.06 14:34 Joe Steele wrote:
> On Wednesday, February 06, 2002 1:35 PM, Jason Noble wrote:
> > > As far as failure of 'SECURITY_NOTIFY_SENDER', sender notification is
> > > skipped if the following pattern fails to match:
> > > * ! ^FROM_DAEMON
> > Is this something I caused to happen? or is it a problem with the mail
> > sanitizer?
> Sorry for not being very clear. As 'man procmailrc' says,
> 'FROM_DAEMON' is shorthand for a lengthy pattern that is intended to
> match messages sent from daemons/servers/etc. You can see the full
> expansion of the pattern down below.
> > >
> > > Your debug log showed the above pattern match failed, so notification
> > > of sender did not occur. The failure shows up as:
> > >
> > > procmail: No match on !
> > > "(^(Mailing-List:|Precedence:.*(junk|bulk|list)|To:
> > > Multiple recipients of
> > > |(((Resent-)?(From|Sender)|X-Envelope-From):|>?From
> > >
> > >
> > > ][^<)]*(\(.*\).*)?)?$([^>]|$)))"
> > >
> Now, if you cross your eyes and squint, you will see that somewhere
> in the above pattern that it says:
> ! "From: root"
> (honestly, it really does). I suspect you were testing your
> sanitizer setup with a test message from root to yourself. The
> sanitizer will not 'notify sender' if the sender is root or any other
> daemon that matches the expanded 'FROM_DAEMON' pattern. Try testing
> it again with a test message sent from a normal user and see if it
OK, I cant seem to figure out what i'm doing wrong.
I'm not sending from root, i'm using an account thats not even from our
I get the "SECURITY WARNING" from the "Procmail Security daemon" and in
this message it too says that the ^From is really root.
Now I think this problem is being caused by sendmail. most likely my
sendmail.cf is not correct, but i really don't have enough experience to
see where my error is.
REPORT: Trapped poisoned executable "testing.exe"
REPORT: Not a document, or already poisoned by filename. Not scanned for
STATUS: Message quarantined in /var/spool/mail/quarantine, not delivered to
Headers from message:
> From root Thu Feb 7 08:55:49 2002
> Return-Path: <nobleja at fuse.net>
> Received: from mta02.fuse.net (mx2.fuse.net [188.8.131.52])
> by mail.polezero.com (8.11.6/8.11.3) with ESMTP id g17Dtgp01429
> for <nobleja at polezero.com>; Thu, 7 Feb 2002 08:55:42 -0500
> Received: from there ([184.108.40.206]) by mta02.fuse.net
> (InterMail vM.5.01.03.01 201-253-122-118-101-20010319) with
> id <20020207135535.PSNX14376.mta02.fuse.net at there>
> for <nobleja at polezero.com>; Thu, 7 Feb 2002 08:55:35 -0500
> From: Jason Noble <nobleja at fuse.net>
> To: nobleja at polezero.com
> Subject: testing
> Date: Tue, 5 Feb 2002 08:18:52 -0500
> X-Mailer: KMail [version 1.3.1]
> MIME-Version: 1.0
> X-Security: MIME headers sanitized on mail.polezero.com
> See http://www.impsec.org/email-tools/sanitizer-intro.html
> for details. $Revision: 1.133 $Date: 2002-01-05 17:09:21-08
> Content-Type: Multipart/Mixed;
> Message-Id: <20020207135535.PSNX14376.mta02.fuse.net at there>
More information about the esd-l