Help with procmail spam filtering

Matej Cepl ceplm at seznam.cz
Sun Jun 11 21:50:51 EDT 2006 

Scott Ehrlich wrote:
> I am trying to set up some more procmail recipies, this time to handle
> spam filtering.

If I may ... just don't do it. Life is too short to try to eliminate spam
with procmail. Just install some good anti-spam (I like bogofilter and it
servers me very well, but there are other options) and forget about it.
Bogofilter will learn automagically all these rules you are trying to
formulate by hand.

I have attached, just for kicks, my procmail on the remote server (I don't
use procmail locally), where it filters mail with bogofilter and learns via
bfproxy (i.e., by sending learning messages to the special address on my
server; I have modified version of bfproxy which works with virtual email
servers and with qmail -- http://matej.ceplovi.cz/progs/scripts/bfproxy ).

Best,

Matej

-- 
GPG Finger: 89EF 4BC6 288A BF43 1BAB  25C3 E09F EF25 D964 84AC
http://www.ceplovi.cz/matej/blog/, Jabber: ceplma at jabber.cz
23 Marion St. #3, (617) 876-1259, ICQ 132822213
 
Of all tyrannies, a tyranny exercised for the good of its
victims may be the most oppressive. It may be better to live
under robber barons than under omnipotent moral busybodies. The
robber baron's cruelty may sometimes sleep, his cupidity may at
some point be satiated; but those who torment us for our own
good will torment us without end, for they do so with the
approval of their consciences.
    -- C. S. Lewis
-------------- next part --------------
# $Id: procmail-matej,v 1.4 2005/07/02 21:48:40 matej Exp $
# The main idea of this procmailrc is that it actually saves
# mails to different directories just rarely. Mostly, it just
# processes spam, fixes some headers, and then (if nothing else
# happened -- like for spam) it prints the message back on the
# output.

# procmail resets all environmental variables, so we set it back.
DOMAIN=example
HOME=/data/home/$DOMAIN
PATH=$HOME/bin:/bin:/usr/bin:/usr/bin
# directory where all databases are stored
BOGODIR=$HOME/.bogofilter
# every email address should be defined only here
MYNAME=name
# the string which should stand between the name part of email
# and actual commands send to bfproxy; it should be special for
# given domain, so that spammers cannot register false hams (or
# false spams, but who would need it?)
COMSTR=secret
# mbox folder where all spam is stored (it should not be sent to
# /dev/null, because although very rare there may be some false
# positives; for inspection use mail -f $SPAMBOX).
SPAMBOX=$BOGODIR/junk-$MYNAME
#SPAMBOX=/dev/null
# all processing of procmail is registered in this file; VERBOSE
# can be set to off for less detailed information.
LOGFILE=$HOME/log-procmail-$MYNAME
VERBOSE=off
# ``Chinese'' (and Russian and Hebrew) messages are not
# legitimate at all, so bogofilter's databse should not be
# stuffed with nonsensical strings from them.
UNREADABLE='[^?"]*big5|windows-125[145]|iso-2022-jp|iso-2022-kr|euc-kr|gb2312|ks_c_5601-1987|koi8-r'
######### END OF CONFIGURATION ############

# processing of ``Chinese'' spam -- in headers ...
:0:
* 1^0 $ ^Subject:.*=\?($UNREADABLE)
* 1^0 $ ^Content-Type:.*charset="?($UNREADABLE)
/dev/null

# ... and in the body of a message
:0
* ^Content-Type:.*multipart
* B ?? $ ^Content-Type:.*^?.*charset="?($UNREADABLE)
/dev/null

# There is a spammer, who sends tons of spam under my email
# address -- just to keep bogofilter database from him. I really
# don't have to do it, but I do.
:0
* ^Subject:.*tinnefeld at irb.cs.uni-dortmund.de
$SPAMBOX

# Is this message a registration message for bfproxy (`f' means
# that the pipe content will be further processed and `w' means
# that procmail should wait on the completion of pipe)?
# One problem with qmail is that it uses dash (instead of more
# common plus sign) for subaddressing; bfproxy won't understand
# such address, so it has to be cleaned to the standard way of
# address+subaddress at domain before stuffing into bfproxy.
:0fw
* $ ^TO_$MYNAME[-+]$COMSTR-\/[a-zA-Z]+
| formail -I "To: $MYNAME+$COMSTR-$MATCH@$DOMAIN.cz"

# If the previous recipe was activated (`A' flag) pass the
# message to bfproxy; the result of the filter should be further
# processed, because it is now a message with information about
# processing (`f' flag again).
:0Afw
| bfproxy -m $MYNAME -r $COMSTR

# In case the previous recipe was not activated (`E' flag), i.e.,
# this not registration message, run it through bogofilter and
# capture changed message (`f' flag) for further processing.
:0Efw
| bogofilter -uep -d $BOGODIR/$MYNAME

# If the message was marked as spam, store it in $SPAMBOX and
# that's it (no further processing).
:0:
* ^X-Bogosity: Spam, 
$SPAMBOX

# And now after all is done, the message should be delivered.
# Exclamation mark in the beginning of the action line means that
# the message should be forwarded to the given address. Pipe sign
# (`|') would mean sending to pipe (see above, but here without
# `f' flag, it would mean final delivery to the program).
# Otherwise whatever is on the line is understood as a filename
# of the mailbox to be delivered to (if it ends with `/' then it
# is maildir folder, with `/.' it is MH folder, otherwise mbox).
# If the action line (or this whole recipe) is missing, the
# message is delivered to /var/spool/$LOGNAME, in our case
# /var/spool/$DOMAIN.
:0
! myrealemail at example.net

# vi: set ft=procmail nowrap:

More information about the Discuss mailing list