You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by timinator08 <tk...@jonesmotor.com> on 2008/02/18 18:39:42 UTC
Suspicious rcfile
Hi, I'm setting up a user with spamassassin but unable to get it working. The
following is from the maillog when I send a test message to user "green"
Any suggestions?
Thanks
Feb 18 12:21:37 netmax sendmail[4198]: m1IHLbGR004195: forward
/home/green/.forward.netmax: World writable directory
Feb 18 12:21:37 netmax sendmail[4198]: m1IHLbGR004195: forward
/home/green/.forward: World writable directory
Feb 18 12:21:37 netmax procmail[4199]: Suspicious rcfile
"/home/green/.procmailrc"
Feb 18 12:21:37 netmax sendmail[4198]: m1IHLbGR004195: to=green,
delay=00:00:00, xdelay=00:00:00, mailer=local, pri=31400, dsn=2.0.0,
stat=Sent
--
View this message in context: http://www.nabble.com/Suspicious-rcfile-tp15547063p15547063.html
Sent from the SpamAssassin - Users mailing list archive at Nabble.com.
Re: Suspicious rcfile
Posted by timinator08 <tk...@jonesmotor.com>.
Yes, I modified the permissons on the users home directory (more strict) and
SA/procmail began working.
Karsten Bräckelmann-2 wrote:
>
> On Mon, 2008-02-18 at 09:39 -0800, timinator08 wrote:
>> Hi, I'm setting up a user with spamassassin but unable to get it working.
>> The
>> following is from the maillog when I send a test message to user "green"
>> Any suggestions?
>
> This is not a SA question. Your problem is with procmail.
>
>
>> Feb 18 12:21:37 netmax sendmail[4198]: m1IHLbGR004195: forward
>> /home/green/.forward.netmax: World writable directory
> ^^^^^^^^^^^^^^^^^^^^^^^^
>> Feb 18 12:21:37 netmax sendmail[4198]: m1IHLbGR004195: forward
>> /home/green/.forward: World writable directory
>> Feb 18 12:21:37 netmax procmail[4199]: Suspicious rcfile
>> "/home/green/.procmailrc"
>
> 'man procmail', see DIAGNOSTICS, or just search for Suspicious.
>
> In a nutshell: Your $HOME and .procmailrc permissions (and probably
> owner) are borked and horribly insecure. Procmail refuses to use
> receipts, that easily could have been compromised by other users.
>
> guenther
>
>
> --
> char
> *t="\10pse\0r\0dtu\0.@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4";
> main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i<l;i++){ i%8?
> c<<=1:
> (c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0;
> }}}
>
>
>
--
View this message in context: http://www.nabble.com/Suspicious-rcfile-tp15547063p15560789.html
Sent from the SpamAssassin - Users mailing list archive at Nabble.com.
Re: Suspicious rcfile
Posted by Karsten Bräckelmann <gu...@rudersport.de>.
On Mon, 2008-02-18 at 09:39 -0800, timinator08 wrote:
> Hi, I'm setting up a user with spamassassin but unable to get it working. The
> following is from the maillog when I send a test message to user "green"
> Any suggestions?
This is not a SA question. Your problem is with procmail.
> Feb 18 12:21:37 netmax sendmail[4198]: m1IHLbGR004195: forward
> /home/green/.forward.netmax: World writable directory
^^^^^^^^^^^^^^^^^^^^^^^^
> Feb 18 12:21:37 netmax sendmail[4198]: m1IHLbGR004195: forward
> /home/green/.forward: World writable directory
> Feb 18 12:21:37 netmax procmail[4199]: Suspicious rcfile
> "/home/green/.procmailrc"
'man procmail', see DIAGNOSTICS, or just search for Suspicious.
In a nutshell: Your $HOME and .procmailrc permissions (and probably
owner) are borked and horribly insecure. Procmail refuses to use
receipts, that easily could have been compromised by other users.
guenther
--
char *t="\10pse\0r\0dtu\0.@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i<l;i++){ i%8? c<<=1:
(c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}