[Esd-l] security_notify_sender

Jason Noble sysadmin at polezero.com
Thu Feb 7 08:11:01 PST 2002


This is driving me crazy, everything I try, doesnt change it.
The ^From is always root. The message can be internal, external, on any 
account, and the ^From is still root.
This mail server is doing some weird stuff.

> On 2002.02.06 14:34 Joe Steele wrote:
>> On Wednesday, February 06, 2002 1:35 PM, Jason Noble wrote:
>> > > As far as failure of 'SECURITY_NOTIFY_SENDER', sender notification 
>> is
>> > > skipped if the following pattern fails to match:
>> > > * !  ^FROM_DAEMON
>> >
>> > Is this something I caused to happen? or is it a problem with the mail
>> > sanitizer?
>> 
>> Sorry for not being very clear.  As 'man procmailrc' says,
>> 'FROM_DAEMON' is shorthand for a lengthy pattern that is intended to
>> match messages sent from daemons/servers/etc.  You can see the full
>> expansion of the pattern down below.
>> 
>> >
>> > >
>> > > Your debug log showed the above pattern match failed, so 
>> notification
>> > > of sender did not occur.  The failure shows up as:
>> > >
>> > > procmail: No match on !
>> > > "(^(Mailing-List:|Precedence:.*(junk|bulk|list)|To:
>> > > Multiple recipients of
>> > > |(((Resent-)?(From|Sender)|X-Envelope-From):|>?From
>> > > 
>> )([^>]*[^(.%@a-z0-9])?(Post(ma?(st(e?r)?|n)|office)|(send)?Mail(er)?|daemon|m(mdf|ajordomo)|n?uucp|LIST(SERV|proc)|NETSERV|o(wner|ps)|r(e(quest|sponse)|oot)|b(ounce|bs\.smtp)|echo|mirror|s(erv(ices?|er)|mtp(error)?|ystem)|A(dmin(istrator)?|MMGR|utoanswer))(([^).!:a-z0-9][-_a-z0-9]*)?[%@>
>> > >
>> > > ][^<)]*(\(.*\).*)?)?$([^>]|$)))"
>> > >
>> >
>> 
>> Now, if you cross your eyes and squint, you will see that somewhere
>> in the above pattern that it says:
>> 
>> ! "From: root"
>> 
>> (honestly, it really does).  I suspect you were testing your
>> sanitizer setup with a test message from root to yourself.  The
>> sanitizer will not 'notify sender' if the sender is root or any other
>> daemon that matches the expanded 'FROM_DAEMON' pattern.  Try testing
>> it again with a test message sent from a normal user and see if it
>> works.
>> 
>> --Joe
>> 
> 
> OK, I cant seem to figure out what i'm doing wrong.
> I'm not sending from root, i'm using an account thats not even from our 
> company.
> I get the "SECURITY WARNING" from the "Procmail Security daemon" and in 
> this message it too says that the ^From is really root.
> Now I think this problem is being caused by sendmail. most likely my 
> sendmail.cf is not correct, but i really don't have enough experience to 
> see where my error is.
> 
> 
> REPORT: Trapped poisoned executable "testing.exe"
> REPORT: Not a document, or already poisoned by filename. Not scanned for
> macros.
> STATUS: Message quarantined in /var/spool/mail/quarantine, not delivered 
> to
> recipient.
> 
> Headers from message:
> 
>> From root  Thu Feb  7 08:55:49 2002
>> Return-Path: <nobleja at fuse.net>
>> Received: from mta02.fuse.net (mx2.fuse.net [216.68.1.120])
>>       by mail.polezero.com (8.11.6/8.11.3) with ESMTP id g17Dtgp01429
>>       for <nobleja at polezero.com>; Thu, 7 Feb 2002 08:55:42 -0500
>> Received: from there ([216.68.181.90]) by mta02.fuse.net
>>           (InterMail vM.5.01.03.01 201-253-122-118-101-20010319) with 
>> SMTP
>>           id <20020207135535.PSNX14376.mta02.fuse.net at there>
>>           for <nobleja at polezero.com>; Thu, 7 Feb 2002 08:55:35 -0500
>> From: Jason Noble <nobleja at fuse.net>
>> To: nobleja at polezero.com
>> Subject: testing
>> Date: Tue, 5 Feb 2002 08:18:52 -0500
>> X-Mailer: KMail [version 1.3.1]
>> MIME-Version: 1.0
>> X-Security: MIME headers sanitized on mail.polezero.com
>>       See http://www.impsec.org/email-tools/sanitizer-intro.html
>>       for details. $Revision: 1.133 $Date: 2002-01-05 17:09:21-08 
>> Content-Type: Multipart/Mixed;
>>   boundary="------------Boundary-00=_GBA294V3KR1VSAJ97G8K"
>> Message-Id: <20020207135535.PSNX14376.mta02.fuse.net at there>
>> 
> _______________________________________________
> Esd-l mailing list
> Esd-l at spconnect.com
> http://www.spconnect.com/mailman/listinfo/esd-l



More information about the esd-l mailing list