On Sat, Oct 27, 2018 at 10:11:05PM -0700, William Ahern wrote:
> On Sat, Oct 27, 2018 at 09:36:15PM -0700, William Ahern wrote:
> > On Sat, Oct 27, 2018 at 08:59:37PM -0700, William Ahern wrote:
> > > Immediately after upgrading my procmail setup broke. Near as I can tell
> > > smtpd now executes .forward pipes with the permissions of _smtpd (same as
> > > aliases), whereas previously it executed .forward pipes with the 
> > > permissions
> > > of the user (similar to delivery to /var/mail mbox).
> > > 
> > > Was this intentional or accidental?
> > 
> > Sorry, I was wrong. What's actually happening is that smtpd is no longer
> > adding the From_ line, so when procmail appended the message to my mailbox
> > it was effectively concatenated with the previous message.
> > 
> > Can the old behavior be restored? Or at least can an environment variable
> > (e.g. SENDER) be added providing the envelope sender which I can easily
> > prepend myself?
> > 
> To respond my own question (again), smtpd will expand %{mbox.from} in the
> .forward line. So the fix is to pass it to procmail via the -f option,
>   |/usr/local/bin/procmail -f %{mbox.from}
> like how /usr/libexec/mail.mboxfile is written to the mda_exec string
> buffer in lka_session.c:lka_submit.

Nice that you found out by yourself and this is in the list so people
can be referred to this thread ;-)

Now that I have your attention everyone:

Please don't use procmail.

I don't have a habit of advising against a particular software, but this
is one of the cases where I had a look at the code, and wish people knew
the horror.

There is nothing good to say about procmail, nothing.

I don't want to spread FUD but we're talking about a piece of code which
processes untrusted input with unreadable code and advises you to run it
setuid root because it doesn't know any better.

There are safer, nicer and more modern alternatives such as fdm for one,
but quite frankly: even the shittiest 30 lines of sh self-written custom
mda makes a better choice than procmail.

Please do yourselves a favor, ditch procmail in favor of fdm.

If you want to argue why procmail is a nice choice be prepared for me to
start sharing samples of code and keep reminding you that the authors do
advise you to install it setuid root.

Gilles Chehade

https://www.poolp.org                                          @poolpOrg

You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Reply via email to