I'm trying to setup a .procmailrc file to reject emails with attachments
with notification.
The sender will receive an email that indicate that his email was
rejected because it contains bad attachments (pif, scr, exe, bat, etc...).
I need to make a reject notification, because I can't be sûre it's just
a virus. I can't delete an email without any warning...
I didn't look at your recipe in detail, but it looks like it is doing
basically
the right things. A couple of comments/suggestions:
To avoid mail loops, make sure that you check for that X-Loop header that
you're
(correctly) adding to the reply:
* !^X-Loop:.*$EMAIL
To see how long procmail takes, try something like:
% time procmail -m test.rc < test_msg.txt
My guess is that you'll have no prob processing 2 messages/sec. Let's hope
you don't process 2 virus attachments/sec. <g>
As a little testing trick, rather than running sendmail at the end, just
remove that part of the rule, and let the output go to stdout, so you can
repeatedly run tests as above without have to go and check the test user's
in box. Once it is working, then add the sendmail step back.
In this step,
KEY=`cat /proc/uptime | md5sum`
DATE=`date '+%Y%m%d%H%M%S'`
TIME_SEC=`date +%s`
PID=$$
QUEUE_ID=`ps | md5sum | cut -c1-8`
FULLHOSTNAME=`hostname -f`
:0 hbciw : ${TEMP_TXT}.lock
| head -100 > ${TEMP_TXT}_$KEY
As I read it, ${TEMP_TXT}_$KEY is an excerpt of the first 100 lines of the
e-mail message inclusive of the headers. You probably need to "defang" that
excerpt because other mail filters (including your own?) will pick up on
what
appears to be a dangerous attachment, creating a potential e-mail loop of
sending
bounce messages back and forth.
As far as simplifying goes, I'd tend to place all that reply logic in a
shell
script and simply invoke the script from your procmail recipe. It's
complicated
enough that an extra shell invocation won't add noticeaable overhead. It'll
be easier to maintain and change as well. If every user runs this script,
it will have to be installed in a location everyone can access (like
/usr/local/bin).
Final note: most virus payloads are sent from faked senders whose e-mail
address has been harvested from the PC's that were infected. Sending a
bounce
message back to them won't be particularly welcome, or expected. Some sites
look for rejection messages like that and dump them. If they see too many
messages coming from your domain, they may throttle you.
_______________________________________________
procmail mailing list
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail