jk_procmailwrapper - a wrapper to prevent procmail execution by jailed users


jk_procmailwrapper is a wrapper around the regular procmail utility. For regular users it will execute the normal procmail utility. For users that are in a chroot jail (the home directory contains a . character) it will change root into the jail, and execute the procmail utility inside the jail. This enables safe mail delivery for jailed users..

Without this utility, users in a jail can execute commands outside the jail by placing them in their .procmailrc..

It should be used as a replacement for procmail in your mail server's configuration..


If your mailserver allows users to have a .forward file, they can still run scripts outside the jail! Make sure users cannot use a .forward file to run scripts on the real system!!


jailkit(8) jk_check(8) jk_chrootlaunch(8) jk_chrootsh(8) jk_cp(8) jk_init(8) jk_jailuser(8) jk_list(8) jk_lsh(8) jk_socketd(8) jk_uchroot(8) jk_update(8) chroot(2) procmail(1)


Copyright (C) 2003, 2004, 2005, 2006, 2007, Olivier Sessink

Copying and distribution of this file, with or without modification, are permitted in any medium without royalty provided the copyright notice and this notice are preserved..