[Esd-l] NONOTIFY not honored

John D. Hardin jhardin at impsec.org
Fri Jan 30 21:38:48 PST 2004 

On Fri, 30 Jan 2004, Smart,Dan wrote:

> I clean up my local-rules file with no notify line, but it is
> still notifying...

{rereads code rather than answering off-the-cuff}

Oops. Sorry. The logic surrounding notification is complex and needs
to be simplified. Here's the poop:

NOTIFY, QUARANTINE and DISCARD will all cause notification.

NONOTIFY will suppress admin notification, but does not affect sender
or recipient notification.

So to quietly quarantine a message, you need to do this ugly hack:

  * rules
  {
    # Suppress sender notification
    SECURITY_NOTIFY_SENDER=
    # Suppress recipient notification
    SECURITY_NOTIFY_RECIPIENT=

    :0 hfi
    | formail -A "X-Content-Security: [$HOST] NONOTIFY" \
              -A "X-Content-Security: [$HOST] QUARANTINE" \
              -A "X-Content-Security: [$HOST] REPORT: whatever"
  }

Clear $SECURITY_NOTIFY_SENDER and $SECURITY_NOTIFY_RECIPIENT, and put
in the NONOTIFY header to not bother the admin. Nobody should be
notified. If you're doing this a lot, you might want to put the action
part in an include rule and get the reason from an environment
variable. Then you can do something easy to type and understand like:

  * rules
  {
    REASON="NovArg worm"
    INCLUDERC=/etc/procmail/quietly-quarantine.procmail
  }

If you want to silently discard the message, you can just:

  * rules
  {
     LOG="Tossing message for {reason}"

     :0
     /dev/null
  }

...and save all the sanitizer's handling processing and notification 
(il)logic.

--
 John Hardin KA7OHZ    ICQ#15735746    http://www.impsec.org/~jhardin/
 jhardin at impsec.org                        pgpk -a jhardin at impsec.org
 key: 0xB8732E79 - 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
  "Bother," said Pooh as he struggled with /etc/sendmail.cf, "it never
  does quite what I want. I wish Christopher Robin was here."
				-- Peter da Silva in a.s.r
-----------------------------------------------------------------------
   64 days until the Slovakian Presidential Election

More information about the esd-l mailing list