procmail - Advanced mail filtering for Virtual Servers
procmail is a program especially suited to parsing mail files and delivering mail to certain locations based on the contents of the email message. This document describes how to install procmail as your local delivery agent for sendmail and use it to filter spam and viruses server-wide (i.e., for all mail accounts) without using .forward files.
Many people are weary of receiving copies of the latest Windows virus du jour. SirCam and a host of VB and Word macro viruses have made us afraid to even check our mail for fear of a new, horrible virus that will delete our hard drive.
Further, UCE (unsolicited commercial email) or spam regularly consumes 50% of our mail quota at any given moment, wasting our time, money and server resources. What can we do about this?
One respectable and simple solution is to use procmail as our local delivery agent. procmail can replace /bin/imail in our sendmail.cf file as the local delivery agent. /bin/imail typically takes a message and appends it to the mail file for you to later view using POP or IMAP. With procmail, the incoming message is first passed through a series of ``recipes'' which you specify, telling procmail what to do with the message. Once all of the recipes have been processed, mail is delivered as usual to your mailbox.
Using procmail as the local delivery agent on your Virtual Server requires three steps:
Install procmail on your Virtual Server
Configure sendmail to use procmail as the local mail delivery agent
Configure procmail to filter viruses and spam on your system
The remainder of this document describes these steps.
Telnet or SSH to your Virtual Server. Then, to install procmail on your server, simply type:
server% vinstall procmail
This will unpack procmail and its helper programs in to ~/usr/local/bin.
To install the sendmail configuration files, type:
server% vinstall sendmail
at your server prompt. Once the sendmail configuration files have been installed, change your working directory to ~/usr/local/sendmail/cf/cf:
server% cd ~/usr/local/sendmail/cf/cf
Now make a copy of default.mc to work with:
server% cp -p default.mc mycopy.mc
Open mycopy.mc in your favorite text editor (e.g., emacs, vi, pico, ee, etc.). Near the bottom of the file you'll find lines similar to these:
define(`LOCAL_MAILER_ARGS', `mail -f $g $u')dnl define(`LOCAL_MAILER_FLAGS', `CmuX')dnl define(`LOCAL_MAILER_PATH', `/bin/imail')dnl MAILER(local)dnl MAILER(smtp)dnl
Insert the following line:
FEATURE(`local_procmail')dnl
so that your lines now look like this:
define(`LOCAL_MAILER_ARGS', `mail -f $g $u')dnl define(`LOCAL_MAILER_FLAGS', `CmuX')dnl define(`LOCAL_MAILER_PATH', `/bin/imail')dnl FEATURE(`local_procmail')dnl MAILER(local)dnl MAILER(smtp)dnl
It is important that you insert the FEATURE line above after the LOCAL_MAILER lines; the FEATURE line will override the LOCAL_MAILER lines if it is placed after them (which is what we want it to do).
Save the file and exit your editor. At your shell prompt, type this to build a cf file from the mc file:
server% ./Build mycopy.cf
This will read mycopy.mc and create a sendmail configuration file named mycopy.cf. If this process fails with error messages, check to make sure that you didn't add any extra lines or characters before saving mycopy.mc. Once you have successfully built a mycopy.cf file, copy it to your ~/etc directory:
server% cp -p mycopy.cf ~/etc server% cd ~/etc
Let's backup our old sendmail.cf file just in case we need to revert to it:
server% cp -p sendmail.cf sendmail.cf-<date>
where <date> is something like '010910'. Now let's move our new sendmail configuration file into place for sendmail to use:
server cp -fp mycopy.cf sendmail.cf
We should make sure we still receive mail:
server% virtual mail -s test root hi ^D server% tail -n 2 ~/var/log/messages <XX>Sep 10 14:31:24 sendmail[24923]: f8AKVOg24923: from=server, size=27, \ class=0, nrcpts=1, msgid=<200109102031.f8AKVOg24923@server.com>, \ relay=server@localhost <XX>Sep 10 14:31:25 sendmail[24925]: f8AKVOg24923: to=server, ctladdr=server \ (1234/100), delay=00:00:01, xdelay=00:00:00, mailer=local, pri=30027, \ dsn=2.0.0, stat=Sent
and there's the message we just sent.
Now that procmail is delivering our local mail, make a server-wide procmailrc file located in ~/etc/procmailrc:
server% pwd /usr/home/server/etc
Edit procmailrc with your favorite editor (~/etc/procmailrc probably doesn't exist; you're creating it now); make it look something like this:
VERBOSE=off LOGABSTRACT=yes LOGFILE=/var/log/procmail.log COMSAT=no
## this will catch the SirCam virus (or any email message that ## discusses the SirCam virus payload ;o) :0B: * (in order to have your advice|que me des tu punto de vista) /dev/null
## clean environment (this gets passed on to users) VERBOSE= LOGABSTRACT= LOGFILE= COMSAT=
If you don't want to risk any accidentally lost mail, send the mail to a real file instead (this file will grow quickly, so check its size often):
:0B: * (in order to have your advice|que me des tu punto de vista) /var/log/sircam
We can add some recipes to catch common spam content:
LOGFILE=/var/log/procmail.log.spam
## subject lines with 'adv' or 'advertisement' or some other variation :0: * ^Subject: \[?ADV.*\]? /var/log/spam
## anyone who needs to invoke the spam law is a spammer :0B: * (section|s\.) ?1618 /var/log/spam
## yes it is... :0B: * This is not SPAM /var/log/spam
Now our ~/etc/procmailrc file looks like this:
VERBOSE=off LOGABSTRACT=yes COMSAT=no
LOGFILE=/var/log/procmail.log.sircam
## this will catch the SirCam virus (or any email message that ## discusses the SirCam virus payload ;o) :0B: * (in order to have your advice|que me des tu punto de vista) /var/log/sircam
LOGFILE=/var/log/procmail.log.spam
## subject lines with 'adv' or 'advertisement' or some other variation :0: * ^Subject: \[?ADV.*\]? /var/log/spam
## anyone who needs to invoke the spam law is a spammer :0B: * (section|s\.) ?1618 /var/log/spam
## yes it is... :0B: * This is not SPAM /var/log/spam
## clean environment (this gets passed on to users) VERBOSE= LOGABSTRACT= LOGFILE= COMSAT=
Watch the size of ~/var/log/spam and ~/var/log/spam.log; consider installing some sort of file rotation program to manage them like savelogs.
Test your filter by sending an email message to any user on the Virtual Server. The message should contain a line in the body of the message 'in order to have your advice'. The message will be stored in ~/var/log/sircam (or deleted if you use /dev/null for your mailbox) and a three line entry made in ~/var/log/procmail.log.sircam containing whom the message was from, the subject line and size of the message, and where the message was stored.
Now you're on your own (sort of). You should read the following man pages:
The procmail program manual gives a general idea how procmail works and some of the variables and environment settings it uses.
procmailrc(5)
explains what can be done with your ~/etc/procmailrc file (and ~/$HOME/.procmailrc file). It also explains how to filter message headers, message bodies, do
case-sensitive matching, and link recipes together (i.e., if a condition is
met for a particular recipe, continue on and process a second recipe).
procmailex(5)
presents some useful procmail examples. Did you know that you can create autoresponders using procmail? Find out how to do it and much more in this manual page.
procmailsc(5)
provides for weighted scoring for procmail. You can get fancy with your procmail recipes, assigning messages a
weight based on certain criteria. Many procmail based spam filters operate using procmail's weighted scoring technique and successfully block 99% of spam without
blocking legitimate messages too.
With procmail set as your local delivery agent for sendmail, you no longer need $HOME/.forward files to invoke procmail if you were using them before. Simply creating $HOME/.procmailrc will invoke procmail for a user. This means that if your users want additional filtering, you
could set up per-user .procmailrc files as described in procmailrc(5).
Be careful with these
files, though, because they also execute with the same privileges as the
system
~/etc/procmailrc on a Virtual Server, meaning you could write mail to places you really
shouldn't.
Exercise caution when adding recipes to your system ~/etc/procmailrc file; every email message the server receives for local delivery will pass through these recipes. A poorly designed recipe with no safety net (e.g., our ~/var/log/spam is our safety net) can mean lost email messages for your users.
Mail that is not destined for delivery on your server (e.g., an entry in your ~/etc/aliases or ~/etc/virtmaps file that bounces the mail to a yahoo.com or hotmail.com account) will not pass through these procmail recipes. procmail is your local delivery agent and only works for mail destined to be delivered to a file on your Virtual Server. Filtering all mail (i.e., locally delivered and remotely delivered) is beyond the scope of this document, but may be covered in another tutorial.
procmail(1),
procmailrc(5),
procmailex(5),
procmailsc(5),
sendmail(1)
and the official sendmail documentation:
<http://www.sendmail.org/>
Scott Wiersdorf <scott@perlcode.org>
Copyright (c) 2001 Scott Wiersdorf. This document may not be duplicated in any form without prior written consent of the author or his employer.