Al Zick:
> >> I checked the log and it is putting spam in /dev/null, but there are
> >> errors in procmail.log when ever it tries to forward the emails:
> >>
> >> sendmail: warning: the Postfix sendmail command has set-uid root file
> >> permissions
> >> sendmail: warning: or the command is run from a set-uid root process
> >> sendmail: warning: the Postfix sendmail command must be installed
> >> without set-uid root file permissions
Your procmail program is set-uid root, and it invokes the Postfix
sendmail command with set-uid root privileges.
This is a security hole, especially when a non-root user can tell
procmail what "sendmail" program it will run.
Wietse
