On Mon, Feb 24, 2003 at 05:10:31PM -0800,
multimedia-fan(_at_)myrealbox(_dot_)com wrote:
For example any email sent from *(_at_)mydomain(_dot_)tld to
*(_at_)mydomain(_dot_)tld will
be excluded from any filtering?
And where are you finding the addressee? In the To: line? What
about Cc'd mail? Bcc's? What about people who use the local
mail server but a different, private From: address? What about
multiple To: or Cc: addresses, only some of which are on your
server?
You need a way to identify reliably mail sent through the local servers.
And you haven't stated whether you're already in reasonable enough
control of who those people are so that rogue senders won't
trespass on your servers.
It might be useful to have your SMTP interface inject a unique
header that's easy for procmail to identify. Even X-Sender
could work.
I actually do something like what you're asking about on my main
shell account, which ISP's members are highly unlikely to be
sending any spam. But the recipe is specialized and convoluted.
It wouldn't do much good to post it here. (And I wouldn't
want to, as one of its features is to look for forgeries
of local senders, which has, indeed, occurred on occasion.)
I know that is not a good idea, but I have user's emails sometimes
filtered because they matched one of the rules in the recipes.
Why is it not a good idea? It could be a fine idea. But you
need to think it through carefully and decide what the heuristic
needs to be. If your system injects a Delivered-To: or
X-Envelope-To: or similar thing with the envelope-recipient,
it gets scads easier.
Here are some things you might want to think about teaching
procmail about in re. your servers:
o Is the Return-Path (if you use one) claiming to be local?
o Is the Delivered-To, or variant (if you use one) ditto?
o How many Received headers are there? Local mail won't have lots.
o Is your server's usual signature apparent in the lowest Received?
o Are there other local hosts and multiple mail server names to
worry about, either in sending addresses, recipient addresses,
the bottom Received header, or Message-ID?
o Is your server writing the Message-ID with its usual signature?
o Do all the MUAs (mail clients) in use on the system write these
things essentially the same way?
o Does local mail ever arrive without the FQDN in the sender's
or the recipient's address?
o Do you want to accept variants such as user-owned hosts that
use your SMTP servers? If so, you need to adjust some of the
identifying features on which you settle.
o What about DAEMON mail?
o Are you wanting this in the /etc/procmailrc (system rc)? Or
for one or more individuals only?
We did the Received-header count thing (again) on this list
last week. Check the list archives.
An overly simple example that assumes available envelope-to and
X-Sender info might be:
OURFQDN = somehost.dom
:0 # backslash below fully quotes the var
* $ ^Delivered-To:(_dot_)*(_at_)$\OURFQDN
* $ ^X-Sender:(_dot_)*(_at_)$\OURFQDN
{ SWITCHRC }
--
dman
_______________________________________________
procmail mailing list
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail