Procmail Vulnerabilities check

Steve Kargl sgk at troutmask.apl.washington.edu
Fri Dec 8 20:52:05 UTC 2017


On Fri, Dec 08, 2017 at 11:19:03AM -0700, Warren Block wrote:
> On Fri, 8 Dec 2017, Steve Kargl wrote:
> > On Fri, Dec 08, 2017 at 09:58:55AM -0700, Warren Block wrote:
> >>
> >> procmail is ancient, and has had known quality issues for much of the
> >> time.  Consider maildrop as a more powerful and more maintained
> >> replacement that is pretty easy to implement:
> >>
> >> http://www.wonkity.com/~wblock/docs/html/maildrop.html
> >
> > Warren,
> >
> > Thanks for the pointer to another of your excellent short tutorials.
> >
> > I note that you discuss sendmail's /etc/mail/hostname.mc
> > file and how to reset local_procmail.  First, there is
> > movement afoot to remove sendmail from FreeBSD and replace
> > it with dma(1).  Second, a number of people probably do as
> > I do, and invoke procmail from a .forward file.
> >
> > %  cat ~/.forward
> > "|exec /usr/local/bin/procmail -f-"
> >
> > Do you know if maildrop can be used in a similar way?  I
> > suppose I have some reading to do.
> 
> I have not used a .forward file in a long time, but certainly it can be 
> done... found this in http://www.postfix.org/MAILDROP_README.html:
> 
> /home/you/.forward:
>      "|/path/to/maildrop -d ${USER}"
> 
> 
> My impression of maildrop is that it has a superset of procmail's 
> abilities, but with easier syntax and easier but more powerful PCRE 
> regexes.

Thanks.  I'll start to migrate away from procmail, which
incidentally filed your reply in my aaaa-junkfilter folder. :-)

-- 
Steve


More information about the freebsd-ports mailing list