[Esd-l] Properly posted question per your requirements

aaz aaz at webcapacity.com
Thu Jun 26 08:27:38 PDT 2003 

> 1.) Start your own thread

done

> 2.) Give us some background on your setup
> i) procmailrc (fully)


/etc/procmailrc

LOGFILE=/var/log/procmail.log

#----------------------------------------
# Email Sanitizer Conf
# http://www.impsec.org/email-tools/procmail-security.html
#----------------------------------------

PATH="/usr/bin:$PATH:/usr/local/bin"
SHELL=/bin/sh

POISONED_EXECUTABLES=/etc/procmail/poisoned
STRIPPED_EXECUTABLES=/etc/procmail/stripped

MANGLE_EXTENSIONS='html?|exe|com|cmd|bat|pif|sc[rt]|lnk|dll|ocx|do[ct]|xl[sw
t]|p[po]t|rtf|vb[se]?|hta|p[lm]|sh[bs]|hlp|chm|eml|ws[cfh]|ad[ep]|jse?|md[ab
ew]|ms[ip]|reg|asd|cil|pps|asx|wm[szd]|vcf|pif|scr|nws|\{[-0-9a-f]+\}'

SECURITY_NOTIFY="virus"
SECURITY_NOTIFY_VERBOSE="virus"
SECURITY_NOTIFY_SENDER=""
SECRET="0x040f0t05040d00f0010d0x"
SCORE_DETAILS=YES

MTA_FLAGS_CMDLN=" "


# this file must already exist, with proper permissions (rw--w--w-):
SECURITY_QUARANTINE=/var/spool/mail/quarantine


POISONED_SCORE=25
SCORE_HISTORY=/var/log/macro-scanner-scores

DROPPRIVS=YES

# Finished setting up, now run the sanitizer...
INCLUDERC=/etc/procmail/local-rules.procmail
INCLUDERC=/etc/procmail/html-trap.procmail


# Reset some things to avoid leaking info to
# the users...
POISONED_EXECUTABLES=
SECURITY_NOTIFY=
SECURITY_NOTIFY_VERBOSE=
SECURITY_NOTIFY_SENDER=
SECURITY_QUARANTINE=
SECRET=

# spamassassin

:0fw
* < 256000
| spamc


>>ii) Mail Server (name and version, ie: Sendmail V8.8.8)

sendmail 8.12.8


> iii) other software you are using including versions and setup

spamassassin 2.31, sanitizer 1.136

>> 3.) Don't top post, like I just did, and clean up irrelevant text.

what is "top post"

>> and clean up irrelevant text.

yes sir


----- Original Message ----- 
From: "Scott Taylor" <scott at dctchambers.com>
To: <esd-l at spconnect.com>
Sent: Thursday, June 26, 2003 9:02 AM
Subject: aaz (was Re: [Esd-l] Procmail Sanitizer local rule for SoBig .ZIP
worm)


> Why do you keep reposting this message only steeling other peoples
> subjects?  I'm pretty sure OutHouse Expunger gives the user the ability to
> enter the their own subject.
>
> Why am I top posting?  Because you leave me little choice.  You also give
> us no hints on the contents of your procmailrc file other than one little
> rule, and how did you set up SpamAssassin?  etc...
>
> 1.) Start your own thread
> 2.) Give us some background on your setup
>    i) procmailrc (fully)
>   ii) Mail Server (name and version, ie: Sendmail V8.8.8)
> iii) other software you are using including versions and setup
>   iv) any thing else that might be relevant, like the line in your
> sendmail.cf file that calls procmail or spamassassin or whatever else you
> may be running.
> 3.) Don't top post, like I just did, and clean up irrelevant text.
> 4.) Receive a sane answer
>
> At 07:40 06/26/03, aaz wrote:
> >Hi,
> >We are using the sanitizer and spamassassin on our system.
> >
> >In our /etc/procmailrc file we have the sanitizer calls and INCLUDERC's
> >first and then at the end of the file we have
> >
> >:0fw
> >* < 256000
> >| spamc
> >
> >The effect we want is to have the sanitizer do its thing before the
> >spamassassin gets it. However just the oppossite is happenning.
Spamassassin
> >is running before the sanitizer. How to correct this?
> >

More information about the esd-l mailing list