procmail
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Trapping SPAM on Mail Lists

2003-07-03 14:46:40
from [Professional Software Engineering] [Permanent Link] 
At 13:41 2003-07-03 -0500, Jack L. Stone wrote:

- Sendmail-8.12.8


Upgrade to .9, or patch to it.  It's important.


- Procmail (just installed)


You declare the versions of the other things, but not of procmail?


I have been running the first four in various versions just fine, except I
wanted to divert SPAM from the user mailboxes (with their permission -
actually demands) and so installed Procmail which is working just great!

Next, I decided to add Demime to cut down on bounces because of HTML that
the subscribers keep using disregarding instructions to use plain text.
About 18 months ago, I wrote (but have not yet fully published) a procmail-based Majordomo assitant called Seneschal. It handles a variety of filtering tasks on submitted messages - html, richtext, AOL mail (HTML, but they're special needs users, aren't they?), generic attachments, viruses (executable attachments don't bounce an advisory to the apparent sender), overquoting (with per-list defineable limits), crossposting, large messages, digests and digest subjects, mail loop detection, receipts, expanded taboo logic (majordomo regexps are too simplistic), test messages, trolls, taboo topics (weighted keywords - again, majordomo taboo regexps are too simplistic), etc. Additionally, it handles a variety of issues with listowner messages as well (majordomo bounces for nonmember submissions, administrivia such as s*bscribe messages (literally, the bounce message advises the user where to go to properly process an un/s*bscribe, or to blintz the word (as shown) if they intend to use it in a legitimate list post), nonmatching subscriptions (the type that get forwarded to the listadmin for approval, but which on a participatory list, you shouldn't approve since if they can't acknowledge the subscription from the address they're subscribing, majordomo isn't going to let them post), categorizing of bounces as tags into the subject (MBFULL, CONFIGPROB, MAILBLOCK, HARDBOUNCE, etc) so that admins of large lists can easily focus on the more critical of bounces, and also to help some less technical admins discern the underlying reason for a bounce (not all bounces provide anything meaningful in the bounce message). Virus filtering is also provided on the listowner side (since owner-listname@ is going to get forged fairly often by viruses that harvest addresses from user mailboxes), keeping the listadmin sane.
Of course, since majordomo is fronted by the filters, anything I can do within procmail, I can do before the message is submitted to majordomo.
Here's the syntax of the list aliases (there are other list aliases, but they generally alias to one of these two, or are for back-end archiving, etc):
test: "|/usr/local/bin/procmail -m /etc/procmailrcs/seneschal.rc \"/usr/local/majordomo/wrapper resend -l test -h yourhost.tld -C /usr/local/majordomo/majordomo.cf test-out\""
owner-test: "|/usr/local/bin/procmail -m /etc/procmailrcs/listowner.rc adminaddress(_at_)admindomain(_dot_)tld test"
The procmailrc that is invoked can obtain the listname from the procmail invocation parms, and uses that to call up per-list configuration options. You of course don't have to do that - perhaps you just want to run procmail, trash spam, and whatever is left, hand off to the list or listadmin.
Part of the idea behind Seneschal is to provide advisory text to the poster so that the USER can correct their problem and repost as necessary (such as when they post a mammoth message - they can elect to chop it into multiple parts, or perhaps they'll realize that they quoted a bunch of digest crap, or whatever).
Owing to a variety of circumstances, I've not had the time to complete a few "genericising" subprojects (chiefly as they relate to the bounce text messages - I'd like to run them through a token replacement to drop site-specific URLs and site/listname data), as well as the all-important install-and-config-for-dummies documentation project which is necessary before such a package is released to the public. I'm spending my time searching for life-sustaining income, not working on freebies. 


Majordomo was configured to reject and bounce HTML. Of course, with the AOL
users, it's a constant problem because of the AOL HTML footers tacked on.
Yea, AOL users are special needs folk. New versions of the AOL software make it particularly difficult, because they send all email in HTML. The AOL'er has ABSOLUTELY NO CLUE about what is going on, and AOL won't help them, because AOL administration doesn't care about anything outside of the AOL universe, since they don't control the advertising outside of AOL. 


BTW, SpamAssassin has literally been catching about 99-100% of the SPAM and
the Subject line is tagged as [SPAM CONTENT] which the users could use in


I take it you must be runnig SA in daemon mode?


NOW, my question: Seeing how well Procmail works, is there any way that I
could set up a recipe to catch and divert any mail from the mail lists
tagged by SpamAssassin based on the Subject [SPAM CONTENT]....??? I've
Use something like the modified majordomo aliases I provided above. Start with JUST your test list (you do have a test list set up, right?), and then set up a procmailrc like so (the top and bottom bits are snipped from the base seneschal.rc file, and stuff for your spamassassin is crammed in between): 


#our first argument is the default delivery rule
#(NOTE: we convert all passed arguments to a named variable
#from within THIS file, so other rules don't need to
#know variable order)
DELIVERY=$1

:0fw
|invocation_of_spamassassing_if_not_already_run_as_daemon

# or file to a mailbox somewhere, or forward to the listadmin, etc.
# You could flag based on the X-Spam-Level instead.
:0
* ^Subject:.*\[SPAM CONTENT\]
/dev/null

# After having ditched the messages which were flagged as spam, you might
# elect to _strip_ spamassassin headers that are lingering in the message,
# since you're going to submit it to your list, and those headers will be
# sent with the outbound messages, which can interfere with the filtering
# recipients may have.


# Default rule - pass off to majordomo (using config we were passed).
# (note that with majordomo, we know the argument is supposed to be a
# PROGRAM, not a mailbox)
:0
| $DELIVERY
Note that lists which are CLOSED (i.e. only subscribers can post) generally don't have much spam, excepting for the occassional "drive-by spamming", where someone subs, posts, and unsubs. Spam directed to the lists bounces to the listowner as nonsubscriber postings. 

---
 Sean B. Straw / Professional Software Engineering

 Procmail disclaimer: <http://www.professional.org/procmail/disclaimer.html>
 Please DO NOT carbon me on list replies.  I'll get my copy from the list.


_______________________________________________
procmail mailing list
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Preserving timestamp after rerunning procmail with Maildir, Professional Software Engineering
Next by Date:  Re: Fwd: Re: Re: problem with receipt, Professional Software Engineering
Previous by Thread:  Re: Trapping SPAM on Mail Lists, James Tsay
Next by Thread:  Procmail and RBL, multimedia-fan
Indexes:  [Date] [Thread] [Top] [All Lists]