procmail
[Top] [All Lists]

RE: Procmail Question

2002-11-14 01:09:00
Thank you for your help!

I understand why I should not send back a reply to spam.  While working on
procmail rules I would like to strip out the original body of the spam
message and stick my own text.  Is there a way to do this?


-----Original Message-----
From: procmail-admin(_at_)Lists(_dot_)RWTH-Aachen(_dot_)DE
[mailto:procmail-admin(_at_)Lists(_dot_)RWTH-Aachen(_dot_)DE]On Behalf Of Don 
Hammond
Sent: Wednesday, November 13, 2002 10:47 AM
To: procmail(_at_)Lists(_dot_)RWTH-Aachen(_dot_)DE
Subject: Re: Procmail Question


On 13 Nov, Dave Cook wrote:
| Hello,
|
| I am using procmail version 3.21 2001/06/09 on RedHat 7.0 and experiencing
| some strange problems that I hope someone can help me.  To start out, I
| created a simple rule to test subject content, if match, mail sender a no
| spam message and save the message in a spam accounts mailbox. Using
| /etc/procmailrc for testing system wide:
|
| :0H
| *  ^Subject.*(testing)
| {
|    :0:formail4.lock
|       | (formail -rt -I"Subject: This message is SPAM, it is blocked from
| this host." \
|         -A"From: spam(_at_)mydomain(_dot_)com" \
|         -A"Reply-To: spam(_at_)mydomain(_dot_)com" \
|         -A"X-Loop: loopcontrol(_at_)mydomain(_dot_)com" ;\
|         cat /etc/mail/spamnotes ) \
|         | /usr/sbin/sendmail -t -N never -R hdrs || true
|    :0
|       spam
| }
|
| This worked perfectly

It probably didn't work as well as you think, and probably was masking
a flaw in your condition.

First, it would not have dropped a copy of the message in the "spam"
folder as apparently intended. Procmail is finished as soon as the first
"delivery", the pipe to sendmail, is complete and wouldn't have gotten
to the second part of the recipe.

Second, parentheses are special characters used for grouping in regular
expressions. I'm guessing you wanted to literally match '(testing)', but
this condition would have also matched:

  Subject: testing
  Subject: a whole lot of testing
  Subject: testing is lots of fun

and, as you found:

  Subject: (testing)

But it matched the last one because ".*" (which means zero or more of
any character) matched ": (" and not because you included "(" in the
condition. Basically, the parentheses in your conditions were no-ops
To match parentheses literally, they need to be escaped to remove their
special meaning. So a better condition would have been:

  * ^Subject:.*\(testing\)

This also answers your question further down about "." vs. "\.".  The
dot matches any character in regular expressions (or close enough for
this discussion), so when you want to match a literal dot it needs
escaping. A condition using "spam.com"  will match spamscomplaint.org,
"spam\.com" won't.  (Although it'll still match spam.communicatons.com
and nomorespam.com, but that's due to other "looseness" in the regexp
and not because of the unescaped dot.)

| so to continue developing filters, I then created a
| .procmailrc in a test account's home directory, commented out the
| INCLUDERC=test.rc in the /etc/procmailrc file and placed it in the
| .procmailrc file.  The same rule would generate the no spam message for
| sender but would not save the message to the spam mail box.  I then
changed
| the rule to:
|
| :0H
| *  ^Subject.*(testing)
| {
|    :0
|      spam
|
|    :0:formail4.lock
|       | (formail -rt -I"Subject: This message is SPAM, it is blocked from
| this host." \
|         -A"From: spam(_at_)mydomain(_dot_)com" \
|         -A"Reply-To: spam(_at_)mydomain(_dot_)com" \
|         -A"X-Loop: loopcontrol(_at_)mydomain(_dot_)com" ;\
|         cat /etc/mail/spamnotes ) \
|         | /usr/sbin/sendmail -t -N never -R hdrs || true
| }
|
| So it would first save the message to the spam mail box but now it will
not
| send the No Spam message to sender.  Every document and FAQ I have read
| stated that you have to put multiple recipes within the { } braces and it
| will work which it did when used system wide but not for local users
| .procmailrc?

As explained above, procmail is finished as soon as a delivery is made,
whether within braces or not. If you want more than one copy delivered,
you need the "c" flag on the first recipe, then procmail will deliver a
copy to "spam", and continue on to "deliver" the original to the
sendmail pipeline.

I must say that, IMO (and that of many others too), autoresponding to
spam is futile at best and almost certainly harmful. There are numerous
reasons why it's ill-advised.  Two that come to mind are most sender's
addresses used in spam are forged, or the accounts are closed. Your
response has significantly less chance of getting to the spammer than it
does of bothering some unwitting 3rd party that had nothing to do with
the spam, or being bounced back to you.  Either of these outcomes is
part of the problem, not part of the solution.  The other is, unless
you're real careful about controlling this, you're likely to spew this
nonsense to a mail list.  If and when you do, being thrown off the list
would not be too harsh a penalty. This doesn't even begin to touch on
the possiblility of false spam matches where you're just flat out
wrong.  And even IF you you could ensure no false positives, and IF you
could ensure the responses only went to spammers, it won't change
anything. They just don't care.  You're more likely to encourage more
spam than to limit it.

| Also, I noticed others examples that uses \. instead of just . in the
| filters, example:
|
| *  ^Subject.*( spam\.com)
|
| OR
|
| *  ^Subject.*( spam.com)
|
| but when I tested this, it worked either way?

See above.

| Also, I would like to have only one spam collector mailbox so I tried to
use
| the copy email function:
|
| :0 c
| ! spam(_at_)mydomain(_dot_)com
|
| or
|
| :0 c
| ! spam
|
| but I am unable to get this to function when using the .procmailrc file?
|
| Thank you in advanced for any help you can provide.
|

I have no answer for why this doesn't work. Is spam a valid username or
alias on your system?  Sendmail's location is compiled in to procmail
so, if sendmail has been installed elsewhere, maybe procmail can't find
it. A verbose log file might yield a clue.

--
Reply to list please, or append "8" to "procmail" in address if you must.
Spammers' unrelenting address harvesting forces me to this...reluctantly.



_______________________________________________
procmail mailing list
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail




_______________________________________________
procmail mailing list
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail

<Prev in Thread] Current Thread [Next in Thread>