NAME

procmail - Advanced mail filtering for Virtual Servers


SYNOPSIS

procmail is a program especially suited to parsing mail files and delivering mail to certain locations based on the contents of the email message. This document describes how to install procmail as your local delivery agent for sendmail and use it to filter spam and viruses server-wide (i.e., for all mail accounts) without using .forward files.


DESCRIPTION

Many people are weary of receiving copies of the latest Windows virus du jour. SirCam and a host of VB and Word macro viruses have made us afraid to even check our mail for fear of a new, horrible virus that will delete our hard drive.

Further, UCE (unsolicited commercial email) or spam regularly consumes 50% of our mail quota at any given moment, wasting our time, money and server resources. What can we do about this?

One respectable and simple solution is to use procmail as our local delivery agent. procmail can replace /bin/imail in our sendmail.cf file as the local delivery agent. /bin/imail typically takes a message and appends it to the mail file for you to later view using POP or IMAP. With procmail, the incoming message is first passed through a series of ``recipes'' which you specify, telling procmail what to do with the message. Once all of the recipes have been processed, mail is delivered as usual to your mailbox.


PROCMAIL AS THE LOCAL DELIVERY AGENT

Using procmail as the local delivery agent on your Virtual Server requires three steps:

The remainder of this document describes these steps.


1) Install procmail on your Virtual Server

Telnet or SSH to your Virtual Server. Then, to install procmail on your server, simply type:

    server% vinstall procmail

This will unpack procmail and its helper programs in to ~/usr/local/bin.


2) Configure sendmail to use procmail as the local mail delivery agent

To install the sendmail configuration files, type:

    server% vinstall sendmail

at your server prompt. Once the sendmail configuration files have been installed, change your working directory to ~/usr/local/sendmail/cf/cf:

    server% cd ~/usr/local/sendmail/cf/cf

Now make a copy of default.mc to work with:

    server% cp -p default.mc mycopy.mc

Open mycopy.mc in your favorite text editor (e.g., emacs, vi, pico, ee, etc.). Near the bottom of the file you'll find lines similar to these:

    define(`LOCAL_MAILER_ARGS', `mail -f $g $u')dnl
    define(`LOCAL_MAILER_FLAGS', `CmuX')dnl
    define(`LOCAL_MAILER_PATH', `/bin/imail')dnl
    MAILER(local)dnl
    MAILER(smtp)dnl

Insert the following line:

    FEATURE(`local_procmail')dnl

so that your lines now look like this:

    define(`LOCAL_MAILER_ARGS', `mail -f $g $u')dnl
    define(`LOCAL_MAILER_FLAGS', `CmuX')dnl
    define(`LOCAL_MAILER_PATH', `/bin/imail')dnl
    FEATURE(`local_procmail')dnl
    MAILER(local)dnl
    MAILER(smtp)dnl

It is important that you insert the FEATURE line above after the LOCAL_MAILER lines; the FEATURE line will override the LOCAL_MAILER lines if it is placed after them (which is what we want it to do).

Save the file and exit your editor. At your shell prompt, type this to build a cf file from the mc file:

    server% ./Build mycopy.cf

This will read mycopy.mc and create a sendmail configuration file named mycopy.cf. If this process fails with error messages, check to make sure that you didn't add any extra lines or characters before saving mycopy.mc. Once you have successfully built a mycopy.cf file, copy it to your ~/etc directory:

    server% cp -p mycopy.cf ~/etc
    server% cd ~/etc

Let's backup our old sendmail.cf file just in case we need to revert to it:

    server% cp -p sendmail.cf sendmail.cf-<date>

where <date> is something like '010910'. Now let's move our new sendmail configuration file into place for sendmail to use:

    server cp -fp mycopy.cf sendmail.cf

We should make sure we still receive mail:

    server% virtual mail -s test root
    hi
    ^D
    server% tail -n 2 ~/var/log/messages
    <XX>Sep 10 14:31:24 sendmail[24923]: f8AKVOg24923: from=server, size=27, \
    class=0, nrcpts=1, msgid=<200109102031.f8AKVOg24923@server.com>, \
    relay=server@localhost
    <XX>Sep 10 14:31:25 sendmail[24925]: f8AKVOg24923: to=server, ctladdr=server \
    (1234/100), delay=00:00:01, xdelay=00:00:00, mailer=local, pri=30027, \
    dsn=2.0.0, stat=Sent

and there's the message we just sent.


3) Configure procmail to filter viruses and spam on your system

Now that procmail is delivering our local mail, make a server-wide procmailrc file located in ~/etc/procmailrc:

    server% pwd
    /usr/home/server/etc

Edit procmailrc with your favorite editor (~/etc/procmailrc probably doesn't exist; you're creating it now); make it look something like this:

    VERBOSE=off
    LOGABSTRACT=yes
    LOGFILE=/var/log/procmail.log
    COMSAT=no

    ## this will catch the SirCam virus (or any email message that
    ## discusses the SirCam virus payload ;o)
    :0B:
    * (in order to have your advice|que me des tu punto de vista)
    /dev/null

    ## clean environment (this gets passed on to users)
    VERBOSE=
    LOGABSTRACT=
    LOGFILE=
    COMSAT=

If you don't want to risk any accidentally lost mail, send the mail to a real file instead (this file will grow quickly, so check its size often):

    :0B:
    * (in order to have your advice|que me des tu punto de vista)
    /var/log/sircam

We can add some recipes to catch common spam content:

    LOGFILE=/var/log/procmail.log.spam

    ## subject lines with 'adv' or 'advertisement' or some other variation
    :0:
    * ^Subject: \[?ADV.*\]?
    /var/log/spam

    ## anyone who needs to invoke the spam law is a spammer
    :0B:
    * (section|s\.) ?1618
    /var/log/spam

    ## yes it is...
    :0B:
    * This is not SPAM
    /var/log/spam

Now our ~/etc/procmailrc file looks like this:

    VERBOSE=off
    LOGABSTRACT=yes
    COMSAT=no

    LOGFILE=/var/log/procmail.log.sircam

    ## this will catch the SirCam virus (or any email message that
    ## discusses the SirCam virus payload ;o)
    :0B:
    * (in order to have your advice|que me des tu punto de vista)
    /var/log/sircam

    LOGFILE=/var/log/procmail.log.spam

    ## subject lines with 'adv' or 'advertisement' or some other variation
    :0:
    * ^Subject: \[?ADV.*\]?
    /var/log/spam

    ## anyone who needs to invoke the spam law is a spammer
    :0B:
    * (section|s\.) ?1618
    /var/log/spam

    ## yes it is...
    :0B:
    * This is not SPAM
    /var/log/spam

    ## clean environment (this gets passed on to users)
    VERBOSE=
    LOGABSTRACT=
    LOGFILE=
    COMSAT=

Watch the size of ~/var/log/spam and ~/var/log/spam.log; consider installing some sort of file rotation program to manage them like savelogs.

Test your filter by sending an email message to any user on the Virtual Server. The message should contain a line in the body of the message 'in order to have your advice'. The message will be stored in ~/var/log/sircam (or deleted if you use /dev/null for your mailbox) and a three line entry made in ~/var/log/procmail.log.sircam containing whom the message was from, the subject line and size of the message, and where the message was stored.


Now what?

Now you're on your own (sort of). You should read the following man pages:

procmail(1)

The procmail program manual gives a general idea how procmail works and some of the variables and environment settings it uses.

procmailrc(5)

procmailrc(5) explains what can be done with your ~/etc/procmailrc file (and ~/$HOME/.procmailrc file). It also explains how to filter message headers, message bodies, do case-sensitive matching, and link recipes together (i.e., if a condition is met for a particular recipe, continue on and process a second recipe).

procmailex(5)

procmailex(5) presents some useful procmail examples. Did you know that you can create autoresponders using procmail? Find out how to do it and much more in this manual page.

procmailsc(5)

procmailsc(5) provides for weighted scoring for procmail. You can get fancy with your procmail recipes, assigning messages a weight based on certain criteria. Many procmail based spam filters operate using procmail's weighted scoring technique and successfully block 99% of spam without blocking legitimate messages too.


CAVEATS


SEE ALSO

procmail(1), procmailrc(5), procmailex(5), procmailsc(5), sendmail(1) and the official sendmail documentation: <http://www.sendmail.org/>


AUTHOR

Scott Wiersdorf <scott@perlcode.org>


COPYRIGHT

Copyright (c) 2001 Scott Wiersdorf. This document may not be duplicated in any form without prior written consent of the author or his employer.