Advertisement
GStreamer Conference 2013, 22-23 Oct, Edinburgh
GStreamer, Embedded Linux, Android, VoD, Smooth Streaming, DRM, RTSP, HEVC, PulseAudio, OpenGL. Register now to attend.
Weekly Edition
Return to the Front page
| |||||||||||||
Reports of procmail's death are not terribly exaggeratedThe mail delivery agent (MDA) procmail is a Linux and Unix mainstay; for years it has been the recommended solution for sorting large volume email and filtering out spam. The trouble is that it is dead, and it has been for close to a decade. Or at least that may be the problem, depending on how you look at it. The question of when (or if) to declare an open source project dead does not have a clear answer, and many people still use procmail to process email on high-capacity systems. For those unfamiliar with it, MDAs like procmail receive incoming mail from mail transport agents (MTAs) like Sendmail or Postfix, then process the received messages according to user-defined "recipes." Recipes examine the headers and body of messages, and are usually used to sort email to different mailboxes, forward messages to different addresses, and perhaps most importantly, to recognize and dispose of spam — often by triggering an external spam filtering tool like SpamAssassin. Recipes can also modify messages themselves, such as to truncate dangerously long message bodies or abbreviate irritatingly-long recipient lists. Officially, the last stable procmail release was version 3.22, made in September of 2001. As one might expect, there has never been an official "the project is dead" announcement. Instead, only circumstantial evidence exists. Although several of the FTP mirrors include what appear to be development "snapshot" packages as recent as November of 2001, there does not appear to have been any substantial work since that time. The developers' mailing list has hardly seen a non-spam blip since 2003. A side effect of a project abandoned that long ago is that there was no web-based source code repository at the time, even though such repositories are a fixture today, so only the tarballed releases uploaded to the FTP or HTTP download sites exist for FOSS archaeologists to examine. Similarly, a great many of the links on the official project page, including mailing list archives, external FAQ pages, and download mirrors, have succumbed to link-rot over the years and no longer provide access to useful information for those just getting started. I'm not dead yetDespite all this, procmail still has a loyal following. The procmail users' mailing list is actually quite active, with most of the traffic focusing on helping administrators maintain procmail installations and write or debug recipes. Reportedly, many of today's current procmail users are Internet service providers (ISPs), who naturally have an interest in maintaining their existing mail delivery tool set. procmail's defenders usually cite its small size and its steady reliability as reasons not to abandon the package. A discussion popped up on the openSUSE mailing list in mid-November about whether or not the distribution should stop packaging procmail; Stefan Seyfried replied by saying that rather than dying ten years ago, the program was "finished" ten years ago: [...] it is feature complete and apparently pretty bugfree.
It seems that even the last five years of compiler improvements in detecting overflows and such did not uncover flaws in procmail, which I personally think is pretty impressive.
In a similar vein, when Robert Holtzman asked on the procmail users' list whether or not the project was abandoned, Christopher L. Barnard replied "It works, so why mess with it? It does what in needs, no more development is needed..." But there are risks inherent in running abandonware, even if it was of stellar quality at the last major release. First and foremost are unfixed security flaws. Mitre.org lists two vulnerabilities affecting procmail since 2001: CVE-2002-2034, which allows remote attackers to bypass the filter and execute arbitrary code by way of specially-crafted MIME attachments, and CVE-2006-5449, which uses a procmail exploit to gain access to the Horde application framework. In addition, of course, there are other bugs that remain unfixed. Matthew G. Saroff pointed out one long-standing bug, and the procmail site itself lists a dozen or so known bugs as of 2001. Just as importantly, the email landscape and the system administration marketplace have not stood still since 2001, either. Ed Blackman noted that procmail cannot correctly handle MIME headers adhering to RFC 2047 (which include non-ASCII text), despite the fact that RFC 2047 dates back to 1996. RFC 2047-formatted headers are far from mandatory, but they do continue to rise in frequency. Bart Schaefer notes that every now and then, someone floats the possibility of a new maintainer stepping up — but no one ever actually does so. Regardless of the theoretical questions about whether there are unfixed bugs, surely that practical reality provides the answer no one can arrive at by other logic: if no one works on the code, and no one is willing to work on the code, then surely it can be called abandoned. What's a simple procmail veteran to do?The most often-recommended replacement for procmail is Maildrop, an application developed by the Courier MTA project. Like procmail, Maildrop reads incoming mail on standard input and is intended to be called by the MTA, not run directly. It also requires the user to write message filters in a regular-expression-like language, but it reportedly uses an easier-to-read (and thus, easier-to-write) syntax. The project also advertises several feature and security improvements over procmail, such as copying large messages to a temporary file before filtering them, as opposed to loading them into memory. Maildrop can also deliver messages to maildir mailboxes as well as to mbox mailboxes; procmail natively supports just mbox, although it can be patched (as distributions seem to have done) or use an external program to deliver to maildir mailboxes. The merits of the competing filter-writing syntaxes are a bit subjective, but it is easy to see that procmail's recipe syntax is more terse, using non-alphabetic characters and absolute positioning in place of keywords like "if" and "to." For example, the Maildrop documentation provides some simple filter rules, such as this filter that is triggered by the sender address boss@domain.com and includes the string "project status" somewhere in the Subject line:
if (/^From: *boss@domain\.com/ \
&& /^Subject:.*[:wbreak:]project status[:wbreak:]/)
{
cc "!john"
to Mail/project
}
The action enclosed in curly braces routes the message to the Mail/project folder, and forwards a copy of the message to the user "john." An equivalent in procmail's recipe language might look like this instead:
:0:
* ^From.*boss@domain\.com
* ^Subject:.*(project status)
${DEFAULT}/project
! john@domain.com
The first line specifies that this is a new recipe; the trailing colon tells procmail to lock the mail file, which is necessary when saving the message to disk. The asterisks and exclamation point that begin lines are operators indicating new "conditions" and the forwarding action, respectively — neither is part of a regular expression. As you can see, the Maildrop syntax is not noticeably longer, but it could be easier to mentally parse late at night — particularly if reading filters written by someone else. Regrettably there does not seem to be an active project to automatically convert procmail recipes to Maildrop filters, which means switching between the packages requires revisiting and rewriting the rules. Maildrop is not the only actively maintained MDA capable of filling in for procmail, although it is the easiest to switch to, by virtue of running as a standard-in process. Dovecot's Local Delivery Agent (LDA) module, for instance, has a plugin that allows administrators to write filtering rules in the Sieve language (RFC 5228). Maildrop has an advantage over LDA, though, in that in addition to Courier, it is also designed to work with the Qmail and Postfix MTAs. If you are currently running procmail without any trouble, then there is certainly no great need to abandon it and switch to Maildrop or any other competitor. OpenSUSE, for its part, eventually concluded that there was no reason to stop packaging procmail, for the very reasons outlined above: it works, and people are still using it. However, ten years is a worryingly long time to go without an update. The simple fact that there are only two CVEs related to procmail since its last release is in no way a guarantee that it is exploit- or remote-exploit-free. At the very least, if your mail server relies on the continued availability of procmail, now is a good time to start examining the alternatives. Lumbering undead projects can do a lot of damage when they trip and fall. (Log in to post comments)
Reports of procmail's death are not terribly exaggerated Posted Nov 24, 2010 22:34 UTC (Wed) by armijn (subscriber, #3653) [Link]
I'm definitely missing Sieve (see RFC 5228) as a solution. Especially in a setup with virtual users it has advantages over procmail, such as a restricted set of commands (you can't run external commands for example). The most popular IMAP servers like Cyrus and Dovecot have pretty complete Sieve implementations. Support in clients is unfortunately still buggy, or completely missing.
Reports of procmail's death are not terribly exaggerated Posted Nov 25, 2010 10:34 UTC (Thu) by armijn (subscriber, #3653) [Link]
Rephrase: I am missing it as a solution, not in the article (it's obviously mentioned there), but in the wider email ecosystem. Because of the lack of client support it feels a bit...hackish to implement.
Sieve Posted Dec 4, 2010 18:55 UTC (Sat) by Comet (subscriber, #11646) [Link]
A good resource for finding Sieve clients, tools, etc is http://sieve.info/
Unfortunately, while Sieve is designed to be regular enough that tools can manipulate the language directly, the web UIs I saw when I last looked (a few years ago, admittedly) all maintained their own state, serialized into comments in the sieve scripts, and the actual directives would be regenerated from those, so that while Sieve remained a lingua franca for humans reading the scripts, machine-based manipulation interoperability was lost.
Note that while IMAP Sieve is good, having Sieve scripts run by the LDA from the MUA can let you reject without having to generate bounces locally, reducing backscatter. Eg, Exim's Sieve support with pysieved for a ManageSieve interface.
I'm comfortable working with config files directly, so just use sieve-connect to manipulate the scripts, but since there are desktop clients for Gnome and MacOS now, perhaps those are worth a look?
Reports of procmail's death are not terribly exaggerated Posted Nov 24, 2010 22:54 UTC (Wed) by snore (subscriber, #43276) [Link]
Have you looked at the procmail source?
It makes my eyes bleed. Easily the most unreadable source still in common use.
Reports of procmail's death are not terribly exaggerated Posted Nov 25, 2010 0:45 UTC (Thu) by paravoid (subscriber, #32869) [Link]
Have you ever looked at vixie's cron?
(to be fair, it's not bad code per se, it's just plain weird)
Reports of procmail's death are not terribly exaggerated Posted Nov 27, 2010 14:29 UTC (Sat) by HelloWorld (subscriber, #56129) [Link]
As Ward Cunningham once put it, "Clean code is when you look at a routine and it's pretty much what you expected.". Therefore, weird code _is_ bad code.
Reports of procmail's death are not terribly exaggerated Posted Nov 25, 2010 13:42 UTC (Thu) by nix (subscriber, #2304) [Link]
But it has ASCII art with actual direct effects on the program! (Literally: change it, the program's behaviour changes.) How can you not love that?
(but yes, the source code is *ew*. I suspect the first act of any new maintainer must be to run it through indent.)
Reports of procmail's death are not terribly exaggerated Posted Nov 29, 2010 17:39 UTC (Mon) by jeremiah (subscriber, #1221) [Link]
I was really hoping for a picture of an envelope or something, but a nice bar graph will work I guess. Couldn't agree more on the indent call though. It would only be a very small start though. :) My favorite is the header that includeds the following in procmail.c "Seems to be perfect."
Reports of procmail's death are not terribly exaggerated Posted Nov 29, 2010 20:07 UTC (Mon) by nix (subscriber, #2304) [Link]
Now I'd have expected a comment like *that* to lead to instant karmic justice and a security record far worse than sendmail's. But it seems the author was incredibly fortunate :)
Reports of procmail's death are not terribly exaggerated Posted Dec 3, 2010 11:31 UTC (Fri) by DonDiego (subscriber, #24141) [Link]
Run it through uncrustify instead, works a million times better :)
Plugging my own Posted Nov 25, 2010 2:28 UTC (Thu) by thedevil (subscriber, #32913) [Link] There's also sortmail, whose recipe syntax is python:As is apparent from the code I considered adding sieve support, but I could not motivate myself because I'll always prefer python :-)
Plugging my own Posted Nov 26, 2010 20:06 UTC (Fri) by Bordelon (guest, #70697) [Link]
Looks interesting. Am I right in seeing that the only way to get sortmail is grabbing a git bundle? If so, a tarball and extracting some of the documentation from __init__.py would probably make life a little easier for potential users and contributors to play with it.
Reports of procmail's death are not terribly exaggerated Posted Nov 25, 2010 3:08 UTC (Thu) by Tara_Li (subscriber, #26706) [Link]
What is up with this whole move to having a whole *language* to write a config *data* file in? While it certainly makes it easier for the project programmers - all *they* have to do is just execute the config file, it definitely makes it harder for the users, who, well, if they wanted to write programs, they'd be programmers and not users.
And I'm still *VERY* fuzzy on what the advantage of all this stuff is over keyword = value config files - don't start with the XML crap, either, it's mostly a longer version of keyword = value...
Reports of procmail's death are not terribly exaggerated Posted Nov 25, 2010 4:27 UTC (Thu) by jamesh (guest, #1159) [Link]
Because the configuration files for these mail filters _are_ programs. Granted they have a limited command set and control structures, and the procmail filtering language is a bit bizarre looking, but they are programs.
This isn't the same as using a full fledged programming language to parse a simple key/value configuration file.
Reports of procmail's death are not terribly exaggerated Posted Nov 26, 2010 16:40 UTC (Fri) by HelloWorld (subscriber, #56129) [Link]
I disagree, writing rules to sort emails has nothing to do with programming. Many MUAs today have graphical tools to build rules like that; is everybody using such an MUA a programmer? Clearly not.
Reports of procmail's death are not terribly exaggerated Posted Nov 26, 2010 21:32 UTC (Fri) by giraffedata (subscriber, #1954) [Link] writing rules to sort emails has nothing to do with programming. I wonder what your definition of programming is such that writing these rules isn't it. It seems to me that writing a procmail rule file involves the same skills and mental processes as, say, writing a Bash program, which I assume falls within your definition of programming. It's a matter of composing software to control a machine. In a company, it's probably the same person who does both. There is a continuum from programming to simple end use (setting the time zone on a computer isn't programming), and the line of demarcation is fuzzy, but coding the configuration files I see in the article fall well on the programming side of it in my opinion. If a graphical tool to build mail handling rules is complex enough, I would call that programming too. Programming doesn't have to be done in text (the original programming was done by plugging wires).
Reports of procmail's death are not terribly exaggerated Posted Nov 25, 2010 6:52 UTC (Thu) by rgmoore (subscriber, #75) [Link] And I'm still *VERY* fuzzy on what the advantage of all this stuff is over keyword = value config files - don't start with the XML crap, either, it's mostly a longer version of keyword = value... Show the designers a keyword = value config file that is as powerful as a regexp while maintaining similar size, and I'm sure they'll be happy to adopt it. But for this specific application, you really need a full regexp engine to do what you want to do. It might be possible to improve readability a bit with some syntactic sugar, but that's a very tricky balancing act. It's very easy to bloat the syntax to the point that it loses readability. More generally, I share your dislike for overuse of XML but I understand it. XML is a fairly heavyweight solution, but it comes with some really nice tools that make it easy to read, write, and validate. I get the impression that people wind up using even when they might be better served with a lightweight keyword = value file because they want to be future proof- who knows if the config file might blow up into a monster in the future- and because they know and are used to working with the XML toolset.
Reports of procmail's death are not terribly exaggerated Posted Nov 25, 2010 13:44 UTC (Thu) by nix (subscriber, #2304) [Link]
Hell, not only do you need regexes, you need the ability to run arbitrary programs and make decisons based on their exitcodes, or, possibly, command-line output: allowing shell fragments, or something like them, works well here. You need the ability to do *multiple* things if a test passes or fails, which means you need conditionals and a block structure.
The syntax may be rebarbative, but procmailrc surely is a language.
Reports of procmail's death are not terribly exaggerated Posted Nov 25, 2010 11:33 UTC (Thu) by neilbrown (subscriber, #359) [Link]
I'm a big fan of keyword=value as well, but just that is never enough. My favourite example at the moment is udev - the rules files (/lib/udev/rules.d/) are essentially keyword=value sets, but they also allow GOTO="somewhere" and LABEL="somewhere". goto certainly has its place, but but keyword=value isn't that place.
You at least need some macroscopic structure. Sometimes [sectionname] (using the the config files used by samba and many others) is enough, but sometimes you really do what an hierarchical structure. And in that case, mimicking the structure of a programming language makes sense (though I would prefer to follow python myself).
... because really, there is no difference between the 'program' and the 'data' - they are both streams of bytes and both need to be interpreted by some machine...
Reports of procmail's death are not terribly exaggerated Posted Nov 25, 2010 7:43 UTC (Thu) by rsidd (subscriber, #2582) [Link]
I've long known that I've been using a lumbering undead config file (my .procmailrc was created in around 1999 and has had only minor tweaks since then). But only now did I realise that the project itself is equally zombie-like.
Reports of procmail's death are not terribly exaggerated Posted Nov 28, 2010 16:32 UTC (Sun) by mtaht (✭ supporter ✭, #11087) [Link]
Last week I spent half a day converting myself from a decades worth of old procmail and thunderbird rules to dovecot 1.2's implementation of sieve.
While I liked the clarity and simplicity of the language... and the power of dovecot's imap server... and having stuff in Maildir format...
The idea of piping your now-filtered email through another program is missing from that version of sieve! It's a one stop only filter.
So I lost the ability to do additional processing on the email itself as it came in, for example, when I get email from certain people I used to feed it into a speech synth (instead of "You've GOT Mail", I get "You've got mail from Joe")
If sieve had a "pipe" plugin so I wouldn't have lost this crucial facility of procmail I'd be a much happier camper.
What about smartlist ? Posted Nov 25, 2010 10:46 UTC (Thu) by ballombe (subscriber, #9523) [Link]
smartlist is a widely used mailing list manager that depends heavily on procmail.
But anyway, I really doubt procmail will disappear. There is too much infrastructure build around it.
What about smartlist ? Posted Nov 26, 2010 14:59 UTC (Fri) by n8willis (editor, #43041) [Link]
Well that's essentially a philosophical question. Depending on what any one person means by the term "disappear." It's virtually impossible that the 3.22 source will vanish, slightly more possible that the domain and actual (official) hosting will expire and go away, more possible than that that the site will get cracked and a trojan introduced that doesn't get caught downstream for weeks or months, considerably more possible that new email features or exploits arise that 3.22 can't handle, and most possible that age-old bitrot will eventually make it hard or impossible to build with a current compiler/toolchain.
In those last few scenarios, procmail itself doesn't have to disappear in any real sense; rather users will just slowly atrophy and move to competing solutions that don't require jumping through hoops to maintain a robust filtering system. When it's too big of a pain, people would just be using something else. Natural selection.
The procmail users periodically discuss resuming maintainership, but so far no one has. I guess we conclude from that that the pain-point hasn't been reached. But it might still someday.
Nate
What about smartlist ? Posted Nov 29, 2010 16:57 UTC (Mon) by nix (subscriber, #2304) [Link]
Of course if the code is too disgusting to maintain it is also possible that someone might produce a reimplementation that can read the same config files.
Reports of procmail's death are not terribly exaggerated Posted Nov 25, 2010 22:31 UTC (Thu) by jrosdahl (subscriber, #29408) [Link] Another alternative (in at least some situations) is maildirproc.
procmail support Posted Nov 26, 2010 0:54 UTC (Fri) by brianomahoney (subscriber, #6206) [Link]
There is absolutely nothing wrong with procmail, and yes, it is DONE.
If we start talking "abandonware" we have lost the plot, OSS is like an old book, we just need reference/copyright libraries so all copies dont get lost.
In the case of procmail its really useful so the pay-for-distros RedHat, SuSE, ... should man up and take responsibility for long term support, even if it only takes the form of a Free Beer for some older/retired developer to do the security patches.
Just when Linux is getting real traction in the embedded space we do not want to screw our server, super-computer or desktop users.
Abandoning useful code, gratuitous breakage and the un-necessary and capricous glibc 'romprement gratuite d'année' ie the memcpy debacle ...Yes SSE code can be used fore something.
procmail support Posted Nov 26, 2010 10:00 UTC (Fri) by mpr22 (subscriber, #60784) [Link] Ed Blackman noted that procmail cannot correctly handle MIME headers adhering to RFC 2047 (which include non-ASCII text), despite the fact that RFC 2047 dates back to 1996. RFC 2047-formatted headers are far from mandatory, but they do continue to rise in frequency. Looks like there's something wrong with procmail.
procmail support Posted Dec 2, 2010 12:28 UTC (Thu) by robbe (subscriber, #16131) [Link]
To be fair, rfc2047-style headers are fully backward compatible. My procmail installations work through a lot of mail including theses header extensions without any problems.
Special handling is only needed if you want to modify and/or extract the mail headers via a natural format. E.g. the result of
Reports of procmail's death are not terribly exaggerated Posted Nov 26, 2010 2:36 UTC (Fri) by ricky (subscriber, #45937) [Link]
I don't think it's fair to portray CVE-2002-2034 and CVE-2006-5449 as
unfixed procmail vulnerabilities. These seem to be security issues (lack of shell escaping) in an Email Sanitizer project and Horde, which happen to use procmail, not procmail itself.
Reports of procmail's death are not terribly exaggerated Posted Dec 22, 2010 20:29 UTC (Wed) by jhardin@impsec.org (guest, #15045) [Link]
> I don't think it's fair to portray CVE-2002-2034 ... as
> unfixed procmail vulnerabilities. These seem to be > security issues (lack of shell escaping) in an > Email Sanitizer project ...
No, it _isn't_ fair to portray CVE-2002-2034 as an unfixed procmail vulnerability, as it is neither unfixed (note the CVE entry says "_before_ 1.133") nor a vulnerability in procmail.
If you follow the links and look at the dates of the vulnerability reports and of the fix in the Sanitizer change log, you'll see that the vulnerability reports were generated from someone seeing in my change log that I had fixed a potential problem.
Reports of procmail's death are not terribly exaggerated Posted Nov 26, 2010 14:18 UTC (Fri) by dwmw2 (subscriber, #2063) [Link] I ditched procmail years ago and just use Exim filters.
Reports of procmail's death are not terribly exaggerated Posted Nov 26, 2010 22:02 UTC (Fri) by rilder (guest, #59804) [Link]
Procmail is the kind of thing which just works. I have been using procmail for some time and I have slowly come to realize its capabilities as not just a mail filter, but to run arbitrary commands like notifications(libnotify ones), lbdb addition, date based partition of mails (very useful) as well.
Regarding the discussion regarding procmailrc and whether it is programming or not, I certainly don't think an average computer user would consider it simple. Only people who have written lightweight RE before and are willing to learn more in that, come forward to use this. So, I don't think procmail is targetted at a normal users, but at people who may like advanced customization, and/or email providers.
Reports of procmail's death are not terribly exaggerated Posted Nov 27, 2010 19:14 UTC (Sat) by joey (subscriber, #328) [Link]
I stopped using procmail after I managed to crash it with a long regexp. It's been more than 10 years, but I think it was a simple, but very long alternation of simple terms, and that it buffer overflowed. While not in a security sensative part of the code, that was close enough to put me off it. Although I have not been very happy with maildrop either.
maildir in procmail Posted Dec 22, 2010 19:48 UTC (Wed) by lostwizard (subscriber, #57225) [Link]
For the folks who stumble on this, a correction to the information in the article:
Procmail has supported Maildir natively since version 3.14. Since the latest version is 3.22, stating that it only supports mbox is a bit disingenuous or indicative of shoddy research. In fact, the version of the "mini-FAQ" linked from this article is NOT the same one linked from the procmail.org site!
Reports of procmail's death are not terribly exaggerated Posted Dec 25, 2010 5:42 UTC (Sat) by MattPerry (guest, #46341) [Link]
I'd say it's dead. You can't even download the source code anymore. The HTTP link gives a 403 forbidden error and the FTP link returns a server not found error.
Reports of procmail's death are not terribly exaggerated Posted Jan 10, 2011 18:28 UTC (Mon) by obspsr (subscriber, #56917) [Link]
You clicq on the HTTP source link and get the last release ! Smile !
Reports of procmail's death are not terribly exaggerated Posted Apr 19, 2013 20:40 UTC (Fri) by deesto (guest, #90481) [Link]
~2 years later, the index link (and it's parent directory, and every sibling directory beneath 'unix') is dead. Time to turn that smile upside-down! :(
Reports of procmail's death are not terribly exaggerated Posted Apr 23, 2013 11:36 UTC (Tue) by nix (subscriber, #2304) [Link]
You can still get it from some other mirrors, like ftp://ftp.ucsb.edu/pub/mirrors/procmail/. But still, the first mirror in the list, and the primary download site, are down.
It's unfortunate. Like a lot of other people, I rely utterly on procmail, and nothing else can replace it (mostly 'cos nothing else seems to be able to run random Unix programs and feed them messages, or run Unix programs to decide where messages should go). procmail is horrible, but it's the only mailfilter that really has any of the Unix Way about it... and now it's gone the way of cron, with the distros' independent maintenance its only hope.
Reports of procmail's death are not terribly exaggerated Posted Apr 25, 2013 15:38 UTC (Thu) by jubal (subscriber, #67202) [Link]
Mailfilter can, and its syntax is definitely less… convoluted. (I switched to dovecot's sieve implementation, though, because I'm not doing much post-processing of my emails lately.)
Reports of procmail's death are not terribly exaggerated Posted May 10, 2013 13:48 UTC (Fri) by nix (subscriber, #2304) [Link]
Hrm. Interesting, but assuming I have the right tool it looks a bit POP-specific. I'm really looking for a local delivery agent that my MTA can invoke, just like it does procmail.
|
|||||||||||||