From owner-freebsd-security  Mon Oct 25  4: 3:18 1999
Delivered-To: freebsd-security@freebsd.org
Received: from news.uni-kl.de (news.uni-kl.de [131.246.137.51])
	by hub.freebsd.org (Postfix) with SMTP id A8EE615146
	for <freebsd-security@freebsd.org>; Mon, 25 Oct 1999 04:03:03 -0700 (PDT)
	(envelope-from sold@cheasy.de)
Received: from kit.uni-kl.de  ( mail.kit.uni-kl.de [131.246.168.130] )
          by news.uni-kl.de id aa18358 ; 25 Oct 1999 13:05 MESZ
Received: from KIT_PRIAMOS/SpoolDir by kit.uni-kl.de (Mercury 1.43);
    25 Oct 99 13:03:01 +0200
Received: from SpoolDir by KIT_PRIAMOS (Mercury 1.43); 25 Oct 99 13:02:55 +0200
Received: from router.merowingia.uni-kl.de (131.246.134.2) by kit.uni-kl.de (Mercury 1.43) with ESMTP;
    25 Oct 99 13:02:49 +0200
Received: from mero-13a.merowingia.uni-kl.de (mero-13a.merowingia.uni-kl.de [131.246.135.13])
          by router.merowingia.uni-kl.de (8.9.3/8.8.8) with ESMTP id NAA71811;
          Mon, 25 Oct 1999 13:02:49 +0200 (CEST)
Received: (from sold@localhost)
	by mero-13a.merowingia.uni-kl.de (8.9.3/8.9.3) id NAA07284;
	Mon, 25 Oct 1999 13:02:06 +0200 (CEST)
	(envelope-from sold)
From: Christoph Sold <cs@cheasy.de>
Message-ID: <14356.14509.788268.416288@mero-13a.merowingia.uni-kl.de>
Date: Mon, 25 Oct 1999 13:02:05 +0200 (CEST)
To: Paulo Fragoso <paulo@nlink.com.br>
Cc: freebsd-security@freebsd.org
Subject: Procmail + Sendmail
In-Reply-To: <Pine.BSF.3.96.991025083059.28505B-100000@mirage.nlink.com.br>
References: <Pine.BSF.3.96.991025083059.28505B-100000@mirage.nlink.com.br>
X-Mailer: VM 6.72 under 21.1 (patch 6) "Big Bend" XEmacs Lucid
Mime-Version: 1.0 (generated by tm-edit 7.108)
Content-Type: text/plain; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

Paulo Fragoso writes:
 > Hi,
 > 
 > We've got one server without shell access, only POP3, FTP and HTTP
 > protocol are permited. We're upgrading this machine to FreeBSD 3.3-RELEASE
 > and we're thinking use procmail instead mail.local.

Good.

 > Are there any possible to use .procmailrc like .forward to exec any
 > programa (like gcc) in this machine? To block .forward we're using SMRSH
 > on sendmail, works fine.

It is possible to pipe mail into any command. You may have to have
some thought about blocking this feature, since it cannot be disabled
as easily as sendmail can utilize smrsh. Building a small jail should
suffice, though.

 > Is procmail securit?

Depends how you install it.

 > Thanks,
 > Paulo Fragoso.

You're welcome.
-Christoph Sold


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message