procmail
[Top] [All Lists]

Comments please on .procmail file

1998-01-26 20:07:35
I'd appreciate comments on potential problems with, or
improvements to my .procmailrc file, listed below.  A note
of thanks to all those who put up with my newbie questions,
and those people whose ideas I've gleaned simply by following
this list.  I've learned a lot in a few months.  The sections
in my file are...
    1) Initialize settings, paths, etc.
    2) Kill messages with identical message ID's.  E.g. if
       someone replies private to one of my messages and
       cc:'s the list (or visa versa).
    3) Reject messages that are not addressed...
         - to me, or
         - a mailing list I subscribe to, or
         - from my ISP's system (Yes, Interlog does own both
           "interlog.com" and "interlog.net" domain names;
           confirmed by their tech support)
    4) Replace the "Reply-To:" header in mail from this list
       with the list address.  99% of my messages re procmail
       go to the list, rather than going private.  This allows
       me to click my emailer's "Reply" button and have the
       right address 99% of the time.
    5) Reject "Comments: Authenticated sender is..." forgery
       in all non-Pegasus emailers.
    6) Reject non-forwarded messages that have an X-UIDL
       header visible to procmail.
    7) Miscellaneous stuff that indicates spam.  Note that in
       order to combine several tests into one recipe, I had to
       invert the tests (i.e. condition *NOT* true) and then
       let procmail "AND" the separate results.  To accomadate
       this inverted logic, I also had to make $DEFAULT the
       destination if final result is TRUE, and reject to
       logfile if final result is FALSE.  The separate tests
       are...

       a) "Received: from" headers after certain other headers.
          Note that "From:" headers can legitimately show up in
          amongst "Received: from" headers (or else something is
          broken on my ISP's configuration)
       b) Messages addressed "To: friend(_at_)public(_dot_)com"
       c) *ANYTHING* from a "yahoo.com" address (forged or real)
       d) *ANYTHING* routed via "ix.netcom.com" (plus a few dumb
          spams that had a forged "@ix.netcom.com" address)
       e) Messages with an "X-Advertisement:" header
       f) Messages with a specific pattern mentioning "iemmc.com"
          or "remov"al from mailing list

-- 
Walter Dnes (Toronto)
<waltdnes(_at_)interlog(_dot_)com>

PATH=/bin:/usr/bin:/usr/local/bin:/sbin:/usr/sbin
SHELL=/bin/sh
MAILDIR=$HOME/.nospam
LOGFILE=$MAILDIR/JUNKMAIL
LOGABSTRACT=NO
# VERBOSE=YES

# Kill duplicate messages
:0 hW: msgid.lock
| formail -D 8192 msgid.cache

:0
*
!^(Sender|From|Reply-To):.*(interlog\.com|interlog\.net|majordom|\
list\-owner|risks|csl\.sri\.com|autoreply)
* !^(To|Cc|Bcc):.*(waltdnes|procmail|risks|csl\.sri\.com)
{
LOG="///////////////////// Not addressed to me
"
:0: badaddress.lock
$LOGFILE
}

# If email comes to me via the list, I assume they want
# a reply via the list.
:0 fhw: fivmail.lock
* ^Resent\-Sender: 
procmail\-request(_at_)Informatik\(_dot_)RWTH\-Aachen\(_dot_)DE
* !^Reply\-To:(_dot_)procmail(_at_)Informatik\(_dot_)RWTH\-Aachen\(_dot_)DE
  | formail -i "Reply-To: procmail(_at_)informatik(_dot_)RWTH-Aachen(_dot_)DE"

# Pegasus mailer is the only mailer which legitimately generates
# "Comments: Authenticated sender is ..." so kill anything else.
:0
* ^Comments:.*Authenticated sender
* !^X-Mailer:.*Pegasus Mail
* !^Resent-To:
* !^Return-Path:.*owner-
{
LOG="///////////////////// Authenticated BS
"
:0: authenticated.lock
$LOGFILE
}

# X-UIDL is inserted by POP *AFTER* procmail processes
# the message.  If it exists *BEFORE* then, it's suspicious.
# The only legitimate circumstance I can think of is in a
# forwarded message (handled here)...
:0
* ^X\-UIDL:
* !Subject:.*fwd
{
LOG="///////////////////// X-UIDL invalid
"
:0: xuidl.lock
$LOGFILE
}

# Check for forged "Received:" lines *AFTER* other lines
# Filter "friend(_at_)public(_dot_)com"
# All I get from yahoo.com is spam
# All I get routed via ix.netcom.com is spam
# Filter "honest spammers"; 2 lines
:0
* !^(Date|Subject|Reply-To):(.*$)+Received:
* !^To:(_dot_)friend(_at_)public\(_dot_)com
* !^From:(_dot_)*(_at_)yahoo(_dot_)com
* !ix.netcom.com
* !^X\-Advertisement:
* !^X\-[0-9]*:*(iemmc.com|remov)
$DEFAULT

{
LOG="///////////////////// Miscellaneous filter
"
:0: misc.lock
$LOGFILE
}

<Prev in Thread] Current Thread [Next in Thread>
  • Comments please on .procmail file, Walter Dnes <=