On Fri, 2024-01-26 at 09:08 -0600, Thomas Cameron wrote: > I'm reading articles saying procmail is dangerous and unmaintained > (https://anarc.at/blog/2022-03-02-procmail-considered-harmful/). > > I get why a setuid root:mail binary is potentially dangerous, but > procmail has been in use for decades and I don't think I've ever > heard > of it being used for an exploit except for waaaaay back in 2017 and > 2014 > ( > https://www.cvedetails.com/vulnerability-list/vendor_id-225/Procmail.h > tml). > > > Anyone got any recommendations? I've used procmail for decades. I'm > pretty familiar with it. I *can* migrate to sieve, but procmail Just > Works(TM), so I'm hesitant. > > Is the risk overblown? We're using Postfix and procmail and it seems > to > be really solid. I am not really looking forward to migrating to > sieve, > so I'd rather just stick with what I know, you know? > > What are your thoughts? I used procmail for years and never had an issue with it. However I don't like unmaintained software so removed it when support was dropped. The problem with Sieve (and several other options) is that they're server-side, so if your server doesn't support them, and you don't want to run your own local server (plus e.g. fetchmail) you're dependent on what your mail provider allows. poc -- _______________________________________________ users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
