Enhancing E-Mail Security With Procmail

the E-mail Sanitizer

Home

Welcome to the home page of the Procmail Email Sanitizer. The Sanitizer is a tool for preventing attacks on your computer's security via email messages. It has proven to be very effective against the latest crop of Microsoft email worms that have gotten so much attention in the popular press.

The Sanitizer's intended audience is administrators of mail systems. It is not generally intended for end users, unless they administer their own mail systems rather then simply telling their mail program to retrieve messages from a mail server administered by someone else.

If you are here because you've gotten a message saying that a piece of mail you sent has been rejected, or because the URL for this website appears in a piece of mail you've received, or because you're wondering why your email attachments are suddenly named DEFANGED, please read this introduction to the Sanitizer - it should answer your questions. Let me know if it doesn't.

Site Index:

Filtering Email for Security

Procmail is a program that processes email messages looking for particular information in the headers or body of each message, and takes actions based on what it finds. If you're familiar with the concept of "rules" as provided in many major user mail clients (such as the cc:Mail client), then you are already familiar with the concept of automatically processing email messages based on their content.

This procmail ruleset is specifically designed to "sanitize" your email on the mail server, before your users even attempt to retrieve their messages.

News & Notes

The current version of the html-trap.procmail ruleset is: 1.133
It is recommended you update your copy if your version is older, as bugfixes and filtering for newer exploits will have been added. See the history of changes for details.

An announce list for email security issues has been set up. It will primarily carry information on new exploits and updates of the sanitizer. To subscribe, send a message with the subject "subscribe" to esa-l-request@spconnect.com. This is a strongly moderated list for announcements only, not general discussion.

If you want to join the discussion list, send a message with the subject "subscribe" to esd-l-request@spconnect.com. This is a members-only list; to post to it you must join. There is also an archive of messages available.

Click below to receive email when this page changes
Powered by NetMind

The ftp.rubyriver.com mirror is no longer being maintained. I will leave links to it in place until the content becomes too out-of-date.

Development of the 2.0 sanitizer has begun. The planned feature list looks something like this:

Beta announcements will be made to the mailing list.

I've decided to delay moving over to the Anomy project until after a stable 2.x sanitizer ships, for various reasons including the feeling that there should be alternative solutions available.

I can be contacted at <jhardin@impsec.org> - you could also visit my home page.

Several people have asked me why I don't charge for this package. I suppose this is primarily due to the fact that I don't think anybody should be exposed to these attacks simply because they don't want to or can't afford to buy something to protect themselves, but it also has to do with the fact that I view this as an interesting intellectual challenge, a way to gain recognition, and a way to give back to the community.
However, if you feel like paying for receiving something of value that has improved your life, then feel free to send me a donation via PayPal, and lament that nobody's done TequilaPal yet.

Created with vi   Bobby approved   Best viewed with Any Browser

$Id: procmail-security.html,v 1.148 2002-01-05 17:00:05-08 jhardin Exp jhardin $
Contents Copyright (C) 2002 by John D. Hardin - All Rights Reserved.
The primary Sanitizer home page is at http://www.impsec.org/email-tools/procmail-security.html

...my office is in my basement...