• NAME
• SYNOPSIS
• DESCRIPTION
• PROCMAIL AS THE LOCAL DELIVERY AGENT
• 1) Install procmail on your Virtual Server
• 2) Configure sendmail to use procmail as the local mail delivery agent
• 3) Configure procmail to filter viruses and spam on your system
• Now what?
• CAVEATS
• SEE ALSO
• AUTHOR
• COPYRIGHT

NAME

procmail - Advanced mail filtering for Virtual Servers

SYNOPSIS

procmail is a program especially suited to parsing mail files and delivering mail to certain locations based on the contents of the email message. This document describes how to install procmail as your local delivery agent for sendmail and use it to filter spam and viruses server-wide (i.e., for all mail accounts) without using .forward files.

DESCRIPTION

Many people are weary of receiving copies of the latest Windows virus du jour. SirCam and a host of VB and Word macro viruses have made us afraid to even check our mail for fear of a new, horrible virus that will delete our hard drive.

Further, UCE (unsolicited commercial email) or spam regularly consumes 50% of our mail quota at any given moment, wasting our time, money and server resources. What can we do about this?

One respectable and simple solution is to use procmail as our local delivery agent. procmail can replace /bin/imail in our sendmail.cf file as the local delivery agent. /bin/imail typically takes a message and appends it to the mail file for you to later view using POP or IMAP. With procmail, the incoming message is first passed through a series of ``recipes'' which you specify, telling procmail what to do with the message. Once all of the recipes have been processed, mail is delivered as usual to your mailbox.

PROCMAIL AS THE LOCAL DELIVERY AGENT

Using procmail as the local delivery agent on your Virtual Server requires three steps:

• Install procmail on your Virtual Server

• Configure sendmail to use procmail as the local mail delivery agent (updated 29 Jul 2002 -- easier!)

• Configure procmail to filter viruses and spam on your system

The remainder of this document describes these steps.

1) Install procmail on your Virtual Server

Telnet or SSH to your Virtual Server. Then, to install procmail on your server, simply type:

    server% vinstall procmail

This will unpack procmail and its helper programs in to ~/usr/local/bin.

2) Configure sendmail to use procmail as the local mail delivery agent

To install the sendmail configuration files, type:

    server% vinstall sendmail

at your server prompt. Once the sendmail configuration files have been installed, change your working directory to ~/usr/local/sendmail/cf/cf:

    server% cd ~/usr/local/sendmail/cf/cf

Now copy the file default-procmail-lda.cf to your ~/etc directory:

    server% cp -p default-procmail-lda.cf ~/etc
    server% cd ~/etc

Let's backup our old sendmail.cf file just in case we need to revert to it:

    server% cp -p sendmail.cf sendmail.cf-<date>

where <date> is something like '010910'. Now let's move our new sendmail configuration file into place for sendmail to use:

    server cp -fp default-procmail-lda.cf sendmail.cf

We should make sure we still receive mail:

    server% virtual mail -s test root
    hi
    ^D
    server% tail -n 2 ~/var/log/messages
    <XX>Sep 10 14:31:24 sendmail[24923]: f8AKVOg24923: from=server, size=27, \
    class=0, nrcpts=1, msgid=<200109102031.f8AKVOg24923@server.com>, \
    relay=server@localhost
    <XX>Sep 10 14:31:25 sendmail[24925]: f8AKVOg24923: to=server, ctladdr=server \
    (1234/100), delay=00:00:01, xdelay=00:00:00, mailer=local, pri=30027, \
    dsn=2.0.0, stat=Sent

and there's the message we just sent.

3) Configure procmail to filter viruses and spam on your system

Now that procmail is delivering our local mail, make a server-wide procmailrc file located in ~/etc/procmailrc:

    server% pwd
    /usr/home/server/etc

Edit procmailrc with your favorite editor (~/etc/procmailrc probably doesn't exist; you're creating it now); make it look something like this:

    VERBOSE=off
    LOGABSTRACT=yes
    LOGFILE=/var/log/procmail.log
    COMSAT=no

    ## this will catch the SirCam virus (or any email message that
    ## discusses the SirCam virus payload ;o)
    :0B:
    * (in order to have your advice|que me des tu punto de vista)
    /dev/null

    ## clean environment (this gets passed on to users)
    VERBOSE=
    LOGABSTRACT=
    LOGFILE=
    COMSAT=

If you don't want to risk any accidentally lost mail, send the mail to a real file instead (this file will grow quickly, so check its size often):

    :0B:
    * (in order to have your advice|que me des tu punto de vista)
    /var/log/sircam

We can add some recipes to catch common spam content:

    LOGFILE=/var/log/procmail.log.spam

    ## subject lines with 'adv' or 'advertisement' or some other variation
    :0:
    * ^Subject: \[?ADV.*\]?
    /var/log/spam

    ## anyone who needs to invoke the spam law is a spammer
    :0B:
    * (section|s\.) ?1618
    /var/log/spam

    ## yes it is...
    :0B:
    * This is not SPAM
    /var/log/spam

Now our ~/etc/procmailrc file looks like this:

    VERBOSE=off
    LOGABSTRACT=yes
    COMSAT=no

    LOGFILE=/var/log/procmail.log.sircam

    ## this will catch the SirCam virus (or any email message that
    ## discusses the SirCam virus payload ;o)
    :0B:
    * (in order to have your advice|que me des tu punto de vista)
    /var/log/sircam

    LOGFILE=/var/log/procmail.log.spam

    ## subject lines with 'adv' or 'advertisement' or some other variation
    :0:
    * ^Subject: \[?ADV.*\]?
    /var/log/spam

    ## anyone who needs to invoke the spam law is a spammer
    :0B:
    * (section|s\.) ?1618
    /var/log/spam

    ## yes it is...
    :0B:
    * This is not SPAM
    /var/log/spam

    ## clean environment (this gets passed on to users)
    VERBOSE=
    LOGABSTRACT=
    LOGFILE=
    COMSAT=

Watch the size of ~/var/log/spam and ~/var/log/spam.log; consider installing some sort of file rotation program to manage them like savelogs.

Test your filter by sending an email message to any user on the Virtual Server. The message should contain a line in the body of the message 'in order to have your advice'. The message will be stored in ~/var/log/sircam (or deleted if you use /dev/null for your mailbox) and a three line entry made in ~/var/log/procmail.log.sircam containing whom the message was from, the subject line and size of the message, and where the message was stored.

Now what?

Now you're on your own (sort of). You should read the following man pages:

procmail(1)

The procmail program manual gives a general idea how procmail works and some of the variables and environment settings it uses.

procmailrc(5)

procmailrc(5) explains what can be done with your ~/etc/procmailrc file (and ~/$HOME/.procmailrc file). It also explains how to filter message headers, message bodies, do case-sensitive matching, and link recipes together (i.e., if a condition is met for a particular recipe, continue on and process a second recipe).

procmailex(5)

procmailex(5) presents some useful procmail examples. Did you know that you can create autoresponders using procmail? Find out how to do it and much more in this manual page.

procmailsc(5)

procmailsc(5) provides for weighted scoring for procmail. You can get fancy with your procmail recipes, assigning messages a weight based on certain criteria. Many procmail based spam filters operate using procmail's weighted scoring technique and successfully block 99% of spam without blocking legitimate messages too.

CAVEATS

• With procmail set as your local delivery agent for sendmail, you no longer need $HOME/.forward files to invoke procmail if you were using them before. Simply creating $HOME/.procmailrc will invoke procmail for a user. This means that if your users want additional filtering, you could set up per-user .procmailrc files as described in procmailrc(5). Be careful with these files, though, because they also execute with the same privileges as the system ~/etc/procmailrc on a Virtual Server, meaning you could write mail to places you really shouldn't.

• Exercise caution when adding recipes to your system ~/etc/procmailrc file; every email message the server receives for local delivery will pass through these recipes. A poorly designed recipe with no safety net (e.g., our ~/var/log/spam is our safety net) can mean lost email messages for your users.

• Mail that is not destined for delivery on your server (e.g., an entry in your ~/etc/aliases or ~/etc/virtmaps file that bounces the mail to a yahoo.com or hotmail.com account) will not pass through these procmail recipes. procmail is your local delivery agent and only works for mail destined to be delivered to a file on your Virtual Server. Filtering all mail (i.e., locally delivered and remotely delivered) is beyond the scope of this document, but may be covered in another tutorial.

SEE ALSO

procmail(1), procmailrc(5), procmailex(5), procmailsc(5), sendmail(1) and the official sendmail documentation: <http://www.sendmail.org/>

AUTHOR

Scott Wiersdorf <scott@perlcode.org>

COPYRIGHT

Copyright (c) 2001 Scott Wiersdorf. This document may not be duplicated in any form without prior written consent of the author or his employer.