get rid of procmail

procmail gets installed as world-executable, suid root:mail everywhere right now, which is a huge security liability considering the software is completely dead and likely contains security issues.

see for example this article from LWN. and consider that the "final release" of Procmail was made in 2001, when the last maintainer publicly stated that "the code is not safe and should not be used as a basis for any further work" (source). see also the wikipedia article.

in #40635 (closed), i wanted to remove procmail from polyanthum but found out that I can't actually remove procmail from our systems because it's a dependency of userdir-ldap, which means it's installed everywhere. so we should really clean that up.

1. look for .procmailrc in all homes to see if we have other configurations to deal with, explicitly check all mail_processing hosts:
   • polyanthum (#40635 (closed))
   • rude (was using it to file mails into the /srv/rtmailarchive, in the right folder, converted to .dovecot.sieve
   • egeuni (made a find over the whole filesystem, no .procmailrc found)
   • gettor
   • crm-int-01 (nothing found)
   • gitlab-02
   • alberti
   • submit-01
   • ...? still in progress
2. remove the mailbox_command from main.cf, see what breaks
3. find out why userdir-ldap depends on procmail: it used to use the lockfile command, switched to flock already
4. if it's a hard dependency, find an alternative solution: already done, see above
5. remove the dependency: needs a patch and upstream
6. deploy patched userdir-ldap everywhere
7. remove procmail from all our servers: might need an audit of the lockfile usage and some coordination
8. send an announcement (forum, list)
9. remove procmail from Debian (filed bug 1006633)