[Mimedefang] Need to turn off CC in Defang Notifications

[Joseph Brennan]

--On Wednesday, December 1, 2004 10:47 AM +0100 Steffen Kaiser 
<skmimedefang at smail.inf.fh-bonn-rhein-sieg.de> wrote:

>> account to use smrsh as its shell, then the user can only run the
>> programs  you specify -- and that includes programs called through
>> procmail.
>
> but not to the spawned ones (e.g. procmail).
> At least not in my installation.
>


Procmail su's to the user (the recipient) before executing anything
in .procmailrc, so the usual filesystem protections apply.  Sendmail
needs the special treatment because it runs as root.

The idea presumably is that the user has to run a shell to create
the .procmailrc to begin with, so the user can already execute
programs and nothing extra is being given away.  But this can lead
to funny things.  For example you might have separate shell login
hosts and mail servers, but if the mail server reads .procmailrc
over NFS, users can therefore execute programs on the mail server
just by receiving mail.  This should be recognized, but probably
as in our case it does not get them anything they can't do anyway.

Joseph Brennan
Academic Technologies Group, Academic Information Systems (AcIS)
Columbia University in the City of New York