auditing procmail?

[Roman Drahtmueller]

> > Anybody have any good ideas on what should happen for auditing and loginuid
> > when Sendmail invokes procmail as a delivery agent, and we're running
> > essentially arbitrary code as the user from their .procmailrc?  My gut
> > feeling is that this *should* act just like a cron job for auditing
> > purposes, but the sendmail/procmail interface isn't in the least PAM-ified,
> > so we can't just toss in a 'session required pam_audit.so'...
> 
> Yes, this is ugly. If the audit context can't be set appropriately this
> functionality needs to be disabled for the CC evaluated configuration,
> for example by setting "allow_mail_to_commands" in the case of postfix
> (see the local(1) man page).
> 
> Does anyone plan to add this functionality to the MTA?

Probably shouldn't be the MTA, but the MDA (procmail).

There is a great deal of disagreement between many people (including me) 
and Vietse, who thinks that the MTA shall setuid(), thereby making 
decisions that may easily be out of its scope.

Looks like both procmail and postfix need to be pam'ified.

R.