Date: Sun, 21 Oct 2007 11:49:39 -0500> From:
lindsey(_at_)ncsa(_dot_)uiuc(_dot_)edu> Subject: Re: Using procmail on mail
relay> To: orvilleg(_at_)hotmail(_dot_)com> CC:
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE> > > 1) MX1 = first relay used
to filter via rbls only, then rest relayed> > to MX2> > > > 2) MX2 = 2nd
relay used with spamassassin and ClamAV for more> > filtering,> > then rest
to the various domains hosted on different servers> > -- no local users on
MX2> > > > I'm trying to eliminate the backscatter or blowback to MX1 from
MX2> > for rejected emails.> > > > These MXes are handling about 100k emails
daily.> > Hi Jack,> > procmail probably isn't the right tool for this. You
could hack it to> make it work, but I doubt that it's worth the effort.
You're also > going to have a heck of a time trying to figure out what's
valid > mail and what isn't with your filters (this is the voice of
experience> speaking!) You can easily eliminate double bounces by setting>
DoubleBounceAddress to an alias that calls procmail, but this won't> address
bounces to valid forged addresses (which will get you listed> on spamcop).
For those, you could use sendmail rules to rewrite> the envelope sender to a
local address on mx1, so something like> >
yayimaspammer(_at_)example(_dot_)com> > might end up being> >
boounce+yayimaspammer=example(_dot_)com(_at_)yourdomain(_dot_)example(_dot_)com>
> Then bounce could be a local address and you could filter through>
procmail by checking the envelope sender, dropping messages you > don't want
to bounce, and rewriting the header again to bounce > to those that you think
are valid. > > The easiest free solution is to have MX1 keep a local alias
or> mailertable file that lists all accounts, and only forward those that>
are valid.> > It's also a pain in the butt to manage (another voice of
experience), > so I'd highly recommend using a milter like milter-ahead for
this. > If you've got 100K emails per day you're probably in a position to >
pay the one-time $180 fee (or whatever the current exchange rate is> for 90
GBP). Here's the milter-ahead description:> > From
http://www.snertsoft.com/solutions.php#milter_ahead> <snip>
Thanks for the extensive and thoughtful response, Chris!
Actually, one of the the milters you mention (milter-sender) is scheduled for
application to the MX1 level, but won't be for a couple of months. So, this
procmail approach is just a bandaid until then to stop the bounces back from
MX2, etc. You'll see below why we don't need the milter-ahead.
VOILA! Since I posted the request for help, I found a way to talk procmail into
catching the stuff that would otherwise be backscatter (or blowback? bounces,
etc.).
I have this recipe below working although it is a bit crude and I need to yet
streamline the regex down to perhaps one line on the "score=xx" part.
As seen, the aim is to grab anything designated as SPAM=yes over the score=10
through score=99.9 and redirect to REVIEW folder....and, is working!
BTW: The spam threshold is set to 5.0 in SA, but spamass-milter is set to block
anything over 9 (we started at 40 and worked down), which created the problem
of bouncebacks to MX1. The user gets anything between 5.0 and 8.9. This is
after analyzing 1000s of messages redirected by spamass-milter to a local
account "spamcheck" on MX2.
Over the 9 block level, spamass-milter is bouncing back a mosterous load of
emails.
This new procmail recipe is aimed at stopping those bouncebacks above 8.9,
which were many 1000s and winding up in the MX1 mail queue and getting us in
trouble with spamcop for the multiple attempts to send the spam back. I wanted
to stop that immediately and can't wait for a couple of months when rebuilding
the MX1 with the milter-sender milter planned. Indeed, we do place the valid
users via a script on MX1 so it knows immediately if the user is valid and thus
the milter-ahead isn't necessary and we don't need to query the 1000+ domains
and their users to check for valids.
Now, I just need to figure our how to reduce the new procmail recipe down to
one line on the score=xx portion. Maybe something like: $(score=10[1-9]) to
grab any score from 10.1-99.9 (This doesn't work).
Would appreciate any tips about the regex syntax for IDing 10.1-99.9 on a
single line.
Here's the recipe I have in procmail now by scaning the headers after
spamassassin (and spamass-milter) is done with IDing the spams (really crude
yet).
## Redirect spams#:0:#* ^X-Spam-Status:(.*\<)?Yes#*
$(score=10)|$(score=20)|$(score=30)|$(score=40)|$(score=50)|$(score=60)|$(score=70)|$(score=80)|$(score=90)#$REVIEW
## Redirect spams:0:* ^X-Spam-Status:(.*\<)?Yes*
$(score=10|11|12|13|14|15|16|17|18|19)$REVIEW
## Redirect spams:0:* ^X-Spam-Status:(.*\<)?Yes*
$(score=20|21|22|23|24|25|26|27|28|29)$REVIEW
## Redirect spams:0:* ^X-Spam-Status:(.*\<)?Yes*
$(score=30|31|32|33|34|35|36|37|38|39)$REVIEW
## Redirect spams:0:* ^X-Spam-Status:(.*\<)?Yes*
$(score=40|41|42|43|44|45|46|47|48|49)$REVIEW
## Redirect spams:0:* ^X-Spam-Status:(.*\<)?Yes*
$(score=50|51|52|53|54|55|56|57|58|59)$REVIEW
## Redirect spams:0:* ^X-Spam-Status:(.*\<)?Yes*
$(score=60|61|62|63|64|65|66|67|68|69) $REVIEW ##
Redirect spams :0: * ^X-Spam-Status:(.*\<)?Yes *
$(score=70|71|72|73|74|75|76|77|78|79)$REVIEW
## Redirect spams:0:* ^X-Spam-Status:(.*\<)?Yes*
$(score=80|81|82|83|84|85|86|87|88|89)$REVIEW
## Redirect spams:0:* ^X-Spam-Status:(.*\<)?Yes*
$(score=90|91|92|93|94|95|96|97|98|99)$REVIEW
_________________________________________________________________
Peek-a-boo FREE Tricks & Treats for You!
http://www.reallivemoms.com?ocid=TXT_TAGHM&loc=us
____________________________________________________________
procmail mailing list Procmail homepage: http://www.procmail.org/
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail