[Esd-l] rookie question - procmailrc and sanitizer

Jim David jim.david at yageo.com
Wed Feb 11 11:17:59 PST 2004 

Hello,

After loosing a few users inbox 's to a Netscape inbox has a virus vs.
Norton antivirus wishes to crush the virus I installed sanitizer on a
Redhat 8 linux box.

I am running sendmail-8.12.8, Redhat 8, using procmailrc to store my
configs for sanitizer.  I pasted the default sanitizer rules from the site,
pasted below, but when I try to modify them sanitizer eats the bad mail and
does not send a message to the sender nor passes the mail header and body
to the user with a canned message regarding the attachment.

I do not wish to have a quarantine central in /var nor within the uses
homes, nor do I wish to have the users store logs individually.  I would
like to have a central log file /var/log/procmail.log so I can rotate it
weekly.

Can someone help me out with a simple config or tell me where I went wrong
with the below.

Thanks

Jim

PATH="/usr/bin:$PATH:/usr/local/bin"TH="/usr/bin:$PATH:/usr/local/bin"
SHELL=/bin/sh

POISONED_EXECUTABLES=/etc/procmail/poisoned
STRIPPED_EXECUTABLES=/etc/procmail/stripped
SECURITY_NOTIFY="postmaster, security-dude"
SECURITY_NOTIFY_VERBOSE="virus-checker"
SECURITY_NOTIFY_SENDER=/etc/procmail/local-email-security-policy.txt
SECRET="CHANGE THIS"
SECURITY_POISON_WINEXE=YES


# This file must already exist, with proper permissions (rw--w--w-):
SECURITY_QUARANTINE=/var/spool/mail/quarantine


# Alternatively, use per-user quarantines:
# SECURITY_QUARANTINE=$HOME/quarantine


POISONED_SCORE=25
# This file must already exist, with proper permissions (rw--w--w-):
SCORE_HISTORY=/var/log/macro-scanner-scores


# Alternatively, use per-user score logs:
SCORE_HISTORY=$HOME/macro-scanner-scores


DROPPRIVS=YES
# This file must already exist, with proper permissions (rw--w--w-):
LOGFILE=/var/log/procmail.log


# Alternatively, use per-user log files:
# LOGFILE=$HOME/procmail.log

# Drop the html defang
SECURITY_TRUST_HTML=Y

# Finished setting up, now run the sanitizer...
INCLUDERC=/etc/procmail/html-trap.procmail


# Reset some things to avoid leaking info to
# the users...
POISONED_EXECUTABLES=
SECURITY_NOTIFY=
SECURITY_NOTIFY_VERBOSE=
SECURITY_NOTIFY_SENDER=
SECURITY_QUARANTINE=
SECRET=



Regards,

Jim David
IT Analyst
Steller Logistics Center
p. 425-492-2800x337
f. 425-492-2821
c. 206-406-8852



--------------------------------------------------------------------------------------------
The information contained in this communication is confidential and may be legally privileged. It is intended solely for the use of the individual or entity to whom it is addressed and others authorized to receive it. If you are not the intended recipient you are hereby notified that any disclosure, copying, distribution or taking any action in reliance of the contents of this information is strictly prohibited and may be unlawful. YAGEO Corporation is neither liable for the proper nor the complete transmission of the information contained in this communication nor for any delay in its receipt.
---------------------------------------------------------------------------------------------

More information about the esd-l mailing list