Procmail Vulnerabilities check
Dan Langille
dan at langille.org
Wed Dec 13 18:10:01 UTC 2017
> On Dec 13, 2017, at 12:27 PM, Christoph Brinkhaus <c.brinkhaus at t-online.de> wrote:
>
> On Wed, Dec 13, 2017 at 11:35:55AM +0100, Jos Chrispijn wrote:
>> On 8-12-2017 17:58, Warren Block wrote:
>>> procmail is ancient, and has had known quality issues for much of the
>>> time. Consider maildrop as a more powerful and more maintained
>>> replacement that is pretty easy to implement:
>> I know - but I can remember that procmail should be installed also when
>> using Postfix.
>> Might be wrong here...
>
> Dear Joe,
>
> I have replaced procmail by maildrop recently using it with Postfix.
> There has been just one single obstacle. I run fetchmail as suer
> fetchmail started with the entry in /etc/rc.conf. The mails have been
> delivered to Postfix which involked procmail to distribute the mail.
>
> With maildrop this did not work initially. Adding the user fetchmail
> to /etc/aliases with a proper alias address followed by the command
> newaliases fixed that.
I like such replacements.
However, if third party code is required, there is little we can do in the short term.
Case in point: security/logcheck.
I went upstream looking to see why Debian uses that.
I cannot recall exactly what it was, but it wasn't procmail, but another utility provide by procmail.
I stopped there.
--
Dan Langille - BSDCan / PGCon
dan at langille.org
More information about the freebsd-ports
mailing list