Hi,
I'm trying to set up a Postfix->Procmail->Cyrus system. While I have been
able to set this up with the following configuration, this is not secure.
Master.cf:
procmail unix - n n - - pipe
flags=R user=cyrus argv=/usr/bin/procmail -t -m USER=${user}
EXTENSION=${extension} /etc/procmailrc
Main.cf:
mailbox_transport = procmail
Procmail is run with the the permissions of cyrus. If /etc/procmailrc
includes users' procmailrc files, this creates the potential for abuse.
I have also tried this in main.cf:
mailbox_command = /usr/bin/procmail -t -m USER="$USER"
EXTENSION="$EXTENSION" /etc/procmailrc
This runs procmail with the permissions of the recipient. Unfortunately,
this fails with "Program failure (65) of "/usr/lib/cyrus-imapd/deliver".
Anybody have any ideas what this means and how to get around it? Or someone
have some other way to run procmail with the permissions of the user?
Thanks,
Dustin
/etc/procmailrc:
DELIVERTO="/usr/lib/cyrus-imapd/deliver"
DEFAULT="$DELIVERTO -e -a $USER -m user.$USER"
# Turn on logging for debugging
VERBOSE=on
LOGFILE="/var/log/procmail.log"
# Include users' own .procmail recipe files
INCLUDERC=/home/users/$USER/.procmailrc
#
# Last but not least, deliver mail that falls through to the user's INBOX
#
:0 w :/home/users/$USER/deliver.lock
#| /usr/lib/cyrus-imapd/deliver -a lid -m user.lid.spam
| $DEFAULT
---
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
