Simpler Navigation for Servers and Operating Systems - Please Update Your Bookmarks
Completed: a much simpler Servers and Operating Systems section of the Community. We combined many of the older boards, so you won't have to click through so many levels to get at the information you need. Check the consolidated boards here as many sub-forums are now single boards.
If you have bookmarked forums or discussion boards in Servers and Operating Systems, we suggest you check and update them as needed.
General
cancel
Showing results for 
Search instead for 
Did you mean: 

"Filtering root emails with procmail" strange behaviour

José L. Marcos
Occasional Advisor

"Filtering root emails with procmail" strange behaviour

Hi all,

I've been digging for 2 weeks this strange behaviour of sendmail(8.9.3 PHNE_18546)/procmail (3.22).

I've defined a couple of procmail recipes for root (via .procmailrc). When I send an email to root, the message isn't filterd at all by procmail and ends in /var/mail/daemon.

If I put a .forward file in my /home/root directory containing something like : "| cat > /home/root/Mail/mail_$(date format)" and 777 permissions on ~root/Mail directory, the mail_* files that are created by .forward file, are owned by daemon:other (this is the default user running sendmail), but I'd expected them to belong to root !

After a while, I changed 'UserDefault' in sendmail.cf to be 'root:mail' and finally got the filtering scheme working.

But I does not understand why ! Furthermore, I've got the feeling that changing Userdefault to root isn't a good thing to do, looking at the security issues...

Has anybody out there some experience in Sendmail/Procmail configuration for the root account ?

Thanx in advance (and sorry for my terrible english).
5 REPLIES
Mark Greene_1
Honored Contributor

Re: "Filtering root emails with procmail" strange behaviour

Jos,

Try this:

sendmail -v -d0 -d1 -d0.4 -d1.5 -d2 -d6 -d6.5 -d10 -d11 -d30 -d45 [mail address not on host] /var/tmp/maildebug.log 2>&1

and see if the debut output helps pinpoint where the problem is.

And no need to apologize for your english. You write better than some of my coworkers!

HTH
Mark
the future will be a lot like now, only later
Jordan Bean
Honored Contributor

Re: "Filtering root emails with procmail" strange behaviour


Sendmail is running as root. Otherwise it couldn't bind to port 25 or change euid,egid to correctly handle Mlocal (/usr/bin/rmail) or Mprog (/usr/bin/sh) in /etc/mai/sendmail.cf.

For security reasons, root's .forward is run as DefaultUser, never as root (unless DefaultUser is root:* -- not wise). Consequently, procmail thinks that it is handling mail for UserDefault.

Where you go from here depends on your filtering intentions.

José L. Marcos
Occasional Advisor

Re: "Filtering root emails with procmail" strange behaviour

> For security reasons, root's .forward is run as DefaultUser, never as root (unless
> DefaultUser is root:* -- not wise). Consequently, procmail thinks that it is handling
> mail for UserDefault.

> Where you go from here depends on your filtering intentions.

Well, basically I 'd like mail from EMS (sent to root account) to be filtered by procmail, and on reception of MAJOR WARNING I'd like a shell command to be executed by one of the Procmail recipes...

One solution I see to my problem would be modifying EMS Hardware Monitor Notification Rules to send an email to a user different from root, and then filter those messages (in that case, I do not need to change UserDefault for sendmail).

Any comment ?
Frank Slootweg
Honored Contributor

Re: "Filtering root emails with procmail" strange behaviour

What does ~root/.forward *normally* contain? I.e. I assume that you normally do not use "| cat > /home/root/Mail/mail_$(date format)". If you *do* normally use that, then why? I.e. why not something like ""| ... procmail -f- ..."" (*with* inner quotes)?

Also have you set VERBOSE=YES in ~root/.procmailrc to see what procmail is (not) doing?
Anu Mathew
Valued Contributor

Re: "Filtering root emails with procmail" strange behaviour

Hi Jos,

You got many ways to approach this situation. If you want to go the procmail way, I would suggest sticking to the standard way of doing it, which involves:

1) .procmailrc in /
2) .forward in /.

These two files should not be writable by group and others. As far as the .forward is concerned, please bear in mind that sendmail 8.9.x does not need IFS to be defined.

I would suggest you take a look at www.procmail.org, http://www.uwasa.fi/~ts/info/proctips.html , http://www.ling.helsinki.fi/users/reriksso/procmail/mini-faq.html links.

3) Create a link of /usr/bin/procmail to /etc/smrsh, otherwise Sendmail 8.9 won't initiate procmail from the .forward file.

4) Create your procmail recipes in a separate file and call it by INCLUDERC from .procmailrc . This way it would be more flexible.

5) Does "MAJOR WARNING" appear in the subject of the EMS notification? If it is going to be in the body of the mail, the recipe is to be a trickier one.

Or else, as mentioned in your email, re-configure EMS so that messages with severity Major-Warning or high are sent to mailid prog. Then create an alias in /etc/mail/aliases as:
prog :"|/usr/bin/cat > /tmp/emsfile;/usr/local/bin/emsmailer"

Where emsmailer is your shell script that extracts the interesting portion from /tmp/emsfile and initiates further actions like forwarding to a pager/email address or opening an X-dialog or smbclient notification.

BTW, on all the servers running EMS at my site, we use the aliasing method.

Hope this helps you.

Thanks

Anu Mathew