[Esd-l] security_notify_sender

Jason Noble sysadmin at polezero.com
Mon Feb 4 07:24:01 PST 2002 

I have a problem
SECURITY_NOTIFY_SENDER=
is not notifing the sender, and acording to the logs its not even tring to 
notify the sender.

##-------------------------------------------------------------------------------------------

PATH="/usr/bin:$PATH:/usr/local/bin"
SHELL=/bin/sh

POISONED_EXECUTABLES=/etc/procmail/poisoned
SECURITY_NOTIFY=nobleja
#SECURITY_NOTIFY_VERBOSE=
SECURITY_NOTIFY_SENDER=/etc/procmail/policy-note.txt
SECRET=**********

# this file must already exist, with proper permissions (rw--w--w-)(622)
SECURITY_QUARANTINE=/var/spool/mail/quarantine

POISONED_SCORE=25
SCORE_HISTORY=/var/log/macro-scanner-scores

SECURITY_STRIP_MSTNEF=YES

DEFANG_WEBBUGS=YES

SECURITY_DEFANG_SIGNED=YES

DROPPRIVS=YES
LOGFILE="$HOME/procmail.log"

:0:
* ^From:.*<[a-z0-9]+ at polezero.com>
* ^To:.*<[a-z0-9]+ at polezero.com>
{
     
MANGLE_EXTENSIONS='exe|com|cmd|bat|pif|sc[rt]|lnk|dll|ocx|dot]|xl[wt]|pot|rtf|vb[se]?|ht[at]|p[lm]|sh[bs]|hlp|chm|eml|ws[cfh]|ad[ep]|jse?|md[aew]|ms[ip]|reg|as[dfx]|cil|pps|wm[szd]|vcf|nws|\{[-0-9a-f]+\}'
}

:0:
* ^From:.*<[a-z0-9]+ at polezero.com>
* ^To:.*<[a-z0-9]+ at polezero.com>
{
SECURITY_STRIP_MSTNEF=""
}

# Finished setting up, now run the sanitizer...
:0:
* ! ^From:.*<quarantine at polezero\.com>
* ! ^X-Security: bypass sanitizer o982743lkjh45pf90897
{
     INCLUDERC=/etc/procmail/html-trap.procmail
}

# Reset some things to avoid leaking info to
# the users...
POISONED_EXECUTABLES=
SECURITY_NOTIFY=
SECURITY_NOTIFY_VERBOSE=
SECURITY_NOTIFY_SENDER=
SECURITY_QUARANTINE=
SECRET=
##-------------------------------------------------------------------------------------------

$HOME/procmail.log

procmail: Extraneous locallockfile ignored
procmail: Extraneous locallockfile ignored
procmail: Extraneous locallockfile ignored
procmail: Lock failure on ".lock"
Sanitizing MIME attachment headers in "test" from Jason Noble 
<nobleja at fuse.net> to nobleja   
msgid=<20020204151917.VOML14376.mta02.fuse.net at there>
Checking "TEST.EXE" for poisoning.
  Trapped poisoned executable "TEST.EXE".
  Mangling executable filename "TEST.EXE".
  Mangling executable filename "TEST.EXE".

NOTIFY nobleja
 From root  Mon Feb  4 10:19:20 2002
  Subject: test
   Folder: /var/spool/mail/quarantine					  
71868
procmail: Extraneous locallockfile ignored
procmail: Extraneous locallockfile ignored
procmail: Extraneous locallockfile ignored
procmail: Lock failure on ".lock"
 From nobleja  Mon Feb  4 10:19:20 2002
  Subject: SECURITY WARNING - possible email attack
   Folder: /var/spool/mail/nobleja					   
1821

More information about the esd-l mailing list