At 14:17 2005-05-11 -0500, Bryan Haase wrote:
My goal is to filter all zip attachments under "X" size to a quarantine
folder or to drop to a quarantine email address.. After searching below is
my best guess of what the recipe would be. It is also unclear to me if the
recipe needs to be placed at the top, middle, bottom of file for it to
function properly. Thanks for any advice. --Bryan
Would this be the accurate code lines for quarantine to switch from file
or email account.
/home/mail/virus (to file)
| /usr/local/bin/stdin2smtp.pl "$SENDER" spamaccount(_at_)domain(_dot_)com (to
email)
The first form of action line:
/home/mail/virus
would be a valid method of delivering to a file - but the UID that procmail
is running as at the time must of course have write permissions (if you're
running from /etc/procmailrc then you should have no trouble - though if
you want a file to be owned by the user for whom the message is being
processed, and you're doing this from /etc/procmailrc, then you should use
DROPPRIVS (see the manpage) so that the elevated privledges are shed and
procmail takes on the UID of the user in question).
The second form of action line:
| /usr/local/bin/stdin2smtp.pl "$SENDER" spamaccount(_at_)domain(_dot_)tld
would work provided that $SENDER has been defined, and assuming that
stdin2smtp.pl exists, is executable, and the parameters as given are
suitable. However, if you have sendmail or an MTA with a sendmail-shell
(for compatability, most do), the following should suffice:
| $SENDMAIL spamaccount(_at_)domain(_dot_)tld -f $SENDER
(assuming that sender is just an email address, not inclusive of nickname,
etc), which can be simplified to:
! spamaccount(_at_)domain(_dot_)tld -f $SENDER
(though I must admit that I don't use this form myself, and perhaps I'm
mistaken on it's suitability). IIRC, the '!' forward operator basically
invokes the $SENDMAIL program...
Another benefit of using the $SENDMAIL method is that you can easily
redefine the variable and shuttle test messages elsewhere, without changing
the rest of the code. This is what I do in my sandbox. If you invoke some
other program to do your mailing, it'll still mail when you're testing.
#### Would the new procmailrc file look like this??:
Perhaps you could try using it in a SANDBOX? See my .sig, or the archives
for this list.
:0 B
* > 3000
* < 40000
* name=*\.zip
/home/mail/virus
FYI - this won't identify an ATTACHMENT of a given size, but rather a
MESSAGE of a given size which happens to have a reference in it to an
attachment name. Also, your syntax for name= is bad. Not including
vaguaries, the '=' should probably be followed by a '.' wildcard - as
written, you allow for zero or more '=' symbols...
:0:
* ^Subject:.* SPAM
| /usr/local/bin/stdin2smtp.pl "$SENDER" spamaccount(_at_)domain(_dot_)com
Keep in mind that occasionally, you'll receive legitimate messages
containing the keyword SPAM in the subject. Discussions on procmail for
instance, or someone reporting a spam abuse incident. Perhaps you should
use some other method (such as the other headers SA and other antispam
tools insert into messages) to identify that a given message was flagged as
spam.
You could save some CPU cycles by processing for attachments BEFORE
bothering to call spamc.
:0
| /usr/local/bin/stdin2smtp.pl "$SENDER" "$@"
Er, I presume you're forwarding to a different host, and not to the same
mail server?
[snippola]
Yuck, a doublespaced, useless mail disclaimer footer. Why not just put the
disclaimer on a website and toss in a "Communications disclaimer:
<someurl>" footer instead. It'd be less irritating and no more or less
legally binding than the bulky drivel attached (which really shouldn't be
attached to a list message, and in the end, makes it appear that the sender
is frequently an incompetent lout who cannot manage to address their
correspondance correctly on so many occasions that they feel the need to
include the disclaimer).
---
Sean B. Straw / Professional Software Engineering
Procmail disclaimer: <http://www.professional.org/procmail/disclaimer.html>
Please DO NOT carbon me on list replies. I'll get my copy from the list.
____________________________________________________________
procmail mailing list Procmail homepage: http://www.procmail.org/
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail