Procmail Vulnerabilities check

Dan Langille dan at langille.org
Wed Dec 13 18:10:01 UTC 2017


> On Dec 13, 2017, at 12:27 PM, Christoph Brinkhaus <c.brinkhaus at t-online.de> wrote:
> 
> On Wed, Dec 13, 2017 at 11:35:55AM +0100, Jos Chrispijn wrote:
>> On 8-12-2017 17:58, Warren Block wrote:
>>> procmail is ancient, and has had known quality issues for much of the 
>>> time.  Consider maildrop as a more powerful and more maintained 
>>> replacement that is pretty easy to implement:
>> I know - but I can remember that procmail should be installed also when 
>> using Postfix.
>> Might be wrong here...
> 
> Dear Joe,
> 
> I have replaced procmail by maildrop recently using it with Postfix.
> There has been just one single obstacle. I run fetchmail as suer
> fetchmail started with the entry in /etc/rc.conf. The mails have been
> delivered to Postfix which involked procmail to distribute the mail.
> 
> With maildrop this did not work initially. Adding the user fetchmail
> to /etc/aliases with a proper alias address followed by the command
> newaliases fixed that.

I like such replacements.

However, if third party code is required, there is little we can do in the short term.

Case in point: security/logcheck.

I went upstream looking to see why Debian uses that.

I cannot recall exactly what it was, but it wasn't procmail, but another utility provide by procmail.

I stopped there.

-- 
Dan Langille - BSDCan / PGCon
dan at langille.org





More information about the freebsd-ports mailing list