s/@CF_procmail@/If procmail is\
.I not\
installed globally as the default mail delivery agent (ask your system administrator), you have to make sure it is invoked when your mail arrives./g
s/@DOT_FORWARD@/.forward/g
s/@FW_content@/"\\h'-\\w' 'u' |IFS=' '\&\&p=@BINDIR@\/procmail\&\&test -f $p\&\&exec $p -Yf-\\h'-\\w' 'u' |\\h'-\\w' 'u' |exit 75 \\fB#\\fP\\fIYOUR_USERNAME\\fP"/g
s/@FW_comment@/The \\efB#\\efP\\efIYOUR_USERNAME\\efP is not actually a\
parameter that is required by procmail, in fact, it will be discarded by\
sh before procmail ever sees it; it is however a necessary kludge against\
overoptimising sendmail programs\\h'-\\w' 'u' :\
/g
s/@PRESTENV@/\
.na\
.PP\
Other cleared or preset environment variables are IFS, ENV and PWD.\
.ad/g
s/@KEEPENV@/, except for the value of TZ/g
s/@TRUSTED_IDS@/  If procmail is not invoked with one of the following user or group ids\\h'-\\w' 'u' : root, daemon, uucp, mail, x400, network, list, slist, lists, news, mailnull, majordom or majordomo, but still has to generate or accept a new `@FROM@' line,\
it will generate an additional `@FAKE_FIELD@' line to help distinguish\
fake mails./g
s/@KERNEL_LOCKING@/consistently uses the following kernel locking strategies\\h'-\\w' 'u' :\
.BR lockf (3)/g
s/@RESTRICT_EXEC@//g
s/@WARN_RESTRICT_EXEC@//g
s/@LD_ENV_FIX@/\
.PP\
For security reasons, upon startup procmail will wipe out all environment variables that are suspected of modifying the behavior of the runtime linker./g
s/@MAILSPOOLDIR@/\/var\/mail\//g
s/@ETCRC_desc@/\
.PP\
If no rcfiles and no\
.B \\-@PRESERVOPT@\
have been specified on the command line, procmail will, prior to reading @PROCMAILRC@, interpret commands from\
.B @ETCRC@\
(if present).\
Care must be taken when creating @ETCRC@, because, if circumstances permit, it will be executed with root privileges (contrary to the @PROCMAILRC@ file of course)./g
s/@ETCRC_files@/\
.TP\
.B @ETCRC@\
initial global rcfile/g
s/@DROPPRIVS@/\
.TP\
.B DROPPRIVS\
If set to `yes' procmail will drop all privileges it might have had (suid or sgid).  This is only useful if you want to guarantee that the bottom half of the @ETCRC@ file is executed on behalf of the recipient./g
s/@ETCRC_warn@/\
.PP\
The\
.B @ETCRC@\
file might be executed with root privileges, so be very careful of what you put in it.\
.B SHELL\
will be equal to that of the current recipient, so if procmail has to invoke the shell, you'd better set it to some safe value first.\
See also\\h'-\\w' 'u' :\
.BR DROPPRIVS ./g
s/@ETCRC@/\/usr\/local\/etc\/procmailrc/g
s/@ETCRCS_desc@/\
If the rcfile is an absolute path starting with\
.B @ETCRCS@\
without backward references (i.e. the parent directory cannot be mentioned) procmail will, only if no security violations are found, take on the identity of the owner of the rcfile (or symbolic link)./g
s/@ETCRCS_files@/\
.TP\
.B @ETCRCS@\
special privileges path for rcfiles/g
s/@ETCRCS_warn@/\
.PP\
Keep in mind that if\
.BR chown (1)\
is permitted on files in\
.BR @ETCRCS@ ,\
that they can be chowned to root (or anyone else) by their current owners.\
For maximum security, make sure this directory is\
.I executable\
to root only./g