Re: Trapping SPAM on Mail Lists
At 13:41 2003-07-03 -0500, Jack L. Stone wrote:
Upgrade to .9, or patch to it. It's important.
- Procmail (just installed)
You declare the versions of the other things, but not of procmail?
I have been running the first four in various versions just fine, except I
wanted to divert SPAM from the user mailboxes (with their permission -
actually demands) and so installed Procmail which is working just great!
Next, I decided to add Demime to cut down on bounces because of HTML that
the subscribers keep using disregarding instructions to use plain text.
About 18 months ago, I wrote (but have not yet fully published) a
procmail-based Majordomo assitant called Seneschal. It handles a variety
of filtering tasks on submitted messages - html, richtext, AOL mail (HTML,
but they're special needs users, aren't they?), generic attachments,
viruses (executable attachments don't bounce an advisory to the apparent
sender), overquoting (with per-list defineable limits), crossposting, large
messages, digests and digest subjects, mail loop detection, receipts,
expanded taboo logic (majordomo regexps are too simplistic), test messages,
trolls, taboo topics (weighted keywords - again, majordomo taboo regexps
are too simplistic), etc. Additionally, it handles a variety of issues
with listowner messages as well (majordomo bounces for nonmember
submissions, administrivia such as s*bscribe messages (literally, the
bounce message advises the user where to go to properly process an
un/s*bscribe, or to blintz the word (as shown) if they intend to use it in
a legitimate list post), nonmatching subscriptions (the type that get
forwarded to the listadmin for approval, but which on a participatory list,
you shouldn't approve since if they can't acknowledge the subscription from
the address they're subscribing, majordomo isn't going to let them post),
categorizing of bounces as tags into the subject (MBFULL, CONFIGPROB,
MAILBLOCK, HARDBOUNCE, etc) so that admins of large lists can easily focus
on the more critical of bounces, and also to help some less technical
admins discern the underlying reason for a bounce (not all bounces provide
anything meaningful in the bounce message). Virus filtering is also
provided on the listowner side (since owner-listname@ is going to get
forged fairly often by viruses that harvest addresses from user mailboxes),
keeping the listadmin sane.
Of course, since majordomo is fronted by the filters, anything I can do
within procmail, I can do before the message is submitted to majordomo.
Here's the syntax of the list aliases (there are other list aliases, but
they generally alias to one of these two, or are for back-end archiving, etc):
test: "|/usr/local/bin/procmail -m
/etc/procmailrcs/seneschal.rc \"/usr/local/majordomo/wrapper resend -l test
-h yourhost.tld -C /usr/local/majordomo/majordomo.cf test-out\""
owner-test: "|/usr/local/bin/procmail -m
/etc/procmailrcs/listowner.rc adminaddress(_at_)admindomain(_dot_)tld test"
The procmailrc that is invoked can obtain the listname from the procmail
invocation parms, and uses that to call up per-list configuration
options. You of course don't have to do that - perhaps you just want to
run procmail, trash spam, and whatever is left, hand off to the list or
Part of the idea behind Seneschal is to provide advisory text to the poster
so that the USER can correct their problem and repost as necessary (such as
when they post a mammoth message - they can elect to chop it into multiple
parts, or perhaps they'll realize that they quoted a bunch of digest crap,
Owing to a variety of circumstances, I've not had the time to complete a
few "genericising" subprojects (chiefly as they relate to the bounce text
messages - I'd like to run them through a token replacement to drop
site-specific URLs and site/listname data), as well as the all-important
install-and-config-for-dummies documentation project which is necessary
before such a package is released to the public. I'm spending my time
searching for life-sustaining income, not working on freebies.
Majordomo was configured to reject and bounce HTML. Of course, with the AOL
users, it's a constant problem because of the AOL HTML footers tacked on.
Yea, AOL users are special needs folk. New versions of the AOL software
make it particularly difficult, because they send all email in HTML. The
AOL'er has ABSOLUTELY NO CLUE about what is going on, and AOL won't help
them, because AOL administration doesn't care about anything outside of the
AOL universe, since they don't control the advertising outside of AOL.
BTW, SpamAssassin has literally been catching about 99-100% of the SPAM and
the Subject line is tagged as [SPAM CONTENT] which the users could use in
I take it you must be runnig SA in daemon mode?
NOW, my question: Seeing how well Procmail works, is there any way that I
could set up a recipe to catch and divert any mail from the mail lists
tagged by SpamAssassin based on the Subject [SPAM CONTENT]....??? I've
Use something like the modified majordomo aliases I provided above. Start
with JUST your test list (you do have a test list set up, right?), and then
set up a procmailrc like so (the top and bottom bits are snipped from the
base seneschal.rc file, and stuff for your spamassassin is crammed in between):
#our first argument is the default delivery rule
#(NOTE: we convert all passed arguments to a named variable
#from within THIS file, so other rules don't need to
#know variable order)
# or file to a mailbox somewhere, or forward to the listadmin, etc.
# You could flag based on the X-Spam-Level instead.
* ^Subject:.*\[SPAM CONTENT\]
# After having ditched the messages which were flagged as spam, you might
# elect to _strip_ spamassassin headers that are lingering in the message,
# since you're going to submit it to your list, and those headers will be
# sent with the outbound messages, which can interfere with the filtering
# recipients may have.
# Default rule - pass off to majordomo (using config we were passed).
# (note that with majordomo, we know the argument is supposed to be a
# PROGRAM, not a mailbox)
Note that lists which are CLOSED (i.e. only subscribers can post) generally
don't have much spam, excepting for the occassional "drive-by spamming",
where someone subs, posts, and unsubs. Spam directed to the lists bounces
to the listowner as nonsubscriber postings.
Sean B. Straw / Professional Software Engineering
Procmail disclaimer: <http://www.professional.org/procmail/disclaimer.html>
Please DO NOT carbon me on list replies. I'll get my copy from the list.
procmail mailing list
|<Prev in Thread]
||[Next in Thread>|
Re: Trapping SPAM on Mail Lists,
Professional Software Engineering <=