homepage Welcome to WebmasterWorld Guest from 54.204.73.126
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member
Home / Forums Index / Hardware and OS Related Technologies / Linux, Unix, and *nix like Operating Systems
Forum Library, Charter, Moderators: bakedjake

Linux, Unix, and *nix like Operating Systems Forum

    
procmail recipe - I must have something wrong
problems setting up procmail recipe. I must be missing something
Egbert Souse

10+ Year Member



 
Msg#: 854 posted 11:15 pm on Nov 17, 2003 (gmt 0)

I have set up a procmailrc file. It is in the right place. I asked the tech people at my host to make sure.

There are several more things I want to do, and a problem I need advice on

The file starts out with
:0
* ^Subject:.*Viagra同enis危ortgage合anax
/dev/null
#Body
:0 B:
*spammer1.biz
/dev/null
:0 B:
*spammer2.com
/dev/null
:0 B:
*spammer3.biz
/dev/null
:0 B:
*spammer4.biz
/dev/null

etc., etc.

The problem is that I still get spam with the spamvertised site spammer1.biz, or spammer2.com or whatever. Any ideas on why?

Second thing is that I would like to set up phrases for procmail to look for.

This would be phrases in the sumbect and also in the body. Anyone who can help with a simple recipe to do that would be greatly appreciated.

Finally, I would like to set up a white list for my procmailrc file and I am not quite sure on how to do that.

Anyone who can help with answers you are a godsend. I am drowning under 200 + spams per day.

 

mat

10+ Year Member



 
Msg#: 854 posted 8:28 am on Nov 18, 2003 (gmt 0)

Just looked at mine. There are differences, but they may just be down to server issues/configuration.

Anyway, some things to look at may be:

You have named the file .procmailrc, ie, with a period at the beginning?

My subject line check looks like this:

:0
* ^Subject.*(list她f安ords守sing如ipe宇o存eperate宇hem)
{

:0:
/dev/null
}

... note the various brackets and the vertical pipe - your post shows a 'broken' or dashed vertical pipe - not sure what that is called, and it may well just be the forum software causing it to appear like that.

I don't check the body for dodgy words as the server load, would, I suspect, be considerable, but with subject line and domain checking, coupled with Spam Assasin, 95% plus gets zapped.

To kill domains I use:

:0
* ^(From合-from吁ender合-sender吐eply-To吐eceived吐eturn-Path划rrors-To).*(@junk.com共morejunk.com共yougettheidea.com)
{

:0:
/dev/null
}

Try some further fiddling around and let me know how you get on.

mat

10+ Year Member



 
Msg#: 854 posted 8:34 am on Nov 18, 2003 (gmt 0)

Forgot - I upload it in ascii mode (from a Windows box to our 'nix server) - can't remember if that's absolutely necessary, however.

Josk

10+ Year Member



 
Msg#: 854 posted 9:53 am on Nov 18, 2003 (gmt 0)

Why are you using procmail for spam detection? Why not use spamassassin? It gets called from procmail and then marks emails as spam based a lot more rules than you will probably think of. Why re-invent wheels?

Oh, and you do know that Windows formats text files differently from Unix? The line breaks are different so get a decent text editor. One with "Save as Unix" should do...

mat

10+ Year Member



 
Msg#: 854 posted 10:03 am on Nov 18, 2003 (gmt 0)

Why re-invent wheels?

I love Spam Assasin. However, 2 buts - one, not everyone may be able to install it, and, two, without my own procmail recipe after Spam Assasin, I'd still be getting around 200 pieces of cr*p a day.

SA is good, but SA and procmail is better.

Egbert Souse

10+ Year Member



 
Msg#: 854 posted 2:00 pm on Nov 18, 2003 (gmt 0)

Thanks Mat and Josk for your comments and help they are greatly appreciated.

I was considering Spam Assasin, but I did not see the ability to do the following:

Whitelist
Check for spamvertised sites
Give me enough control

I also looked at and tried unsuccessfully to install and use Spam Bouncer but it bounced everything, and when I wrote to the auhor several times I never received any reply.

In the mean time, I have been saving in ascii and uploading the files in ascii.

In procmail can I just keep adding line by line with the askrisk? For example:
#Body
:0 B:
*spammer1.biz
*spammer2.com
*spammer3.biz
*spammer4.biz
/dev/null

One more question, I want to take spam that is sent either directly to or cc'd to a cancelled address at the domain, and automatically delete it.

For example an old address is water@example.com, chemicals@example.com, etc. so the spammer sends spam to water@example.com and cc's it to chemicals@example.com and also cc's it to a legitimate address at example.com

Most likely once I have this all sorted out, I will use a combination of SA and procmail.

Josk

10+ Year Member



 
Msg#: 854 posted 11:35 am on Nov 19, 2003 (gmt 0)

I was considering Spam Assasin, but I did not see the ability to do the following:

> Whitelist

Spam assassin supports whitelisting...

> In procmail can I just keep adding line by line with the? askrisk? For example:
> #Body
:0 B:
> *spammer1.biz
> *spammer2.com
> *spammer3.biz
> *spammer4.biz
> /dev/null

Isn't each line a logical AND? Means to trash anything that contains *spammer1.biz, AND *spammer2.com, etc. Perhaps using *spammer1.biz¦*spammer2.com¦*spammer3.biz¦*spammer4.biz would work? '¦' is the OR character in a regex.

Egbert Souse

10+ Year Member



 
Msg#: 854 posted 2:35 pm on Nov 19, 2003 (gmt 0)

Thanks Josk,

does it matter if the spamvertised sites separated by a ¦ wrap onto several lines?

One more question for now (I'm sure there will be more). I want to put in a rule in my procmailrc file that if a spam is sent either to an address at my domain, cc'd or BCC to that address, it automatically gets spam canned. Since all the addresses end in (lets call it exampledomain.com)
Would it be

:0
* ^(TO列C冰CC).*(void1@exampledomain.com宅oid2@exampledomain.com宅oid3@exampledomain.com¦and-so-on@exampledomain.com)
{

:0:
/dev/null
}

As this is getting more and more involved, and the flood of spam is getting ever higher, it will be impossible to keep up manually, so I know I will need a second solution in addition to my own recipes. Either that or give up the domain and email forever (which I really don't want to do).

One question regarding spam assassin, does it check blacklists and score on them? In otherwords will it check spamhaus; ORBS, spamcop, etc.? I have heard that there is a list that lists spamvertised sites as well.

Thanks for your

Josk

10+ Year Member



 
Msg#: 854 posted 5:13 pm on Nov 19, 2003 (gmt 0)

> does it matter if the spamvertised sites separated by a
> wrap onto several lines?

Do you mean several lines all seperated by a line break? If so, then yes. (That was what was wrong originally...)

> One more question for now (I'm sure there will be more).

Have you tested thet line? It looks reasonable enough...

> One question regarding spam assassin, does it check
> blacklists and score on them?

Spam Assassin FAQ: [spamassassin.taint.org...]

Egbert Souse

10+ Year Member



 
Msg#: 854 posted 9:51 pm on Nov 22, 2003 (gmt 0)

I did a little playing around with procmail and everytime I use the following recipes, every email sent to my domain, gets trashed.

The recipe was saved as Unix ascii text. It was loaded via FTP as a text file. The file is named .procmailrc No lines are wrapping.

It is loaded in the right place on my host.

I tried recipe 1 and no email could get thru. So I deleted it and replaced it with recipe 2. Still no email got thru.

Any ideas would be greatly appreciated.

Here are the recipes:

<-- Recipe 1 -->

#Void To etc
:0
* ^(TO列C冰CC).*(chemicals@exampledomain.com安ater@exampledomain.com圭hemical@exampledomain.com)
{

:0:
/dev/null
}

:0
* ^(TO列C冰CC).*(chemicalsales@exampledomain.com圭ustommade@exampledomain.com地lwshopnow@exampledomain.com)
{

:0:
/dev/null
}

:0
* ^(TO列C冰CC).*(sales-natural@exampledomain.com圭ustom-made@exampledomain.com地lw2004@exampledomain.com)
{

:0:
/dev/null
}

:0
* ^(TO列C冰CC).*(natural@exampledomain.com地lwlotto@exampledomain.com地lwjackpot@exampledomain.com)
{

:0:
/dev/null
}

:0:
/dev/null
}

:0
* ^(TO列C冰CC).*(John@exampledomain.com吉ewsletter-Recipients@exampledomain.com)
{

:0:
/dev/null
}

:0
* ^(TO列C冰CC).*(subscribed@exampledomain.com划veryone@exampledomain.com同earl@exampledomain.com圭orporate@exampledomain.com)
{

:0:
/dev/null
}

:0
* ^(TO列C冰CC).*(customers@exampledomain.com好aturalsales@exampledomain.com)
{

:0:
/dev/null
}

:0
* ^Subject.*(viagra****妃ortgage寺anax)
{

:0:
/dev/null
}

#Body
:0 B:
*(spammer1.biz存pammer2.com存pammer3.com存pammer4.biz存pammer5.info存pammer6.biz)
{

:0:
/dev/null
}

<-- Recipe 2 -->

#Void To etc

:0
*!^To:.*chemicals@exampledomain\.com
*!^Cc:.*chemicals@exampledomain\.com
*!^BCc:.*chemicals@exampledomain\.com
/dev/null

dingman

WebmasterWorld Senior Member 10+ Year Member



 
Msg#: 854 posted 12:58 am on Nov 24, 2003 (gmt 0)

Your problem is the '¦)' at the end of your conditions.

(foo¦bar¦baz) matches "foo" or "bar" or "baz"
(foo¦bar¦baz¦) matches "foo" or "bar" or "baz" or "".

The result is that almost any of the conditions in the section you labeled "Recipe 1" will delete any mail at all.

I'm not so sure about what you labeled as "Recipe 2". I don't think that it's even a valid procmail recipe, but if it is I certainly don't know what it would do.

For anyone who is trying to come up with a whole bunch of Procmail recipes to control their spam, let me reccomend installing Bogofilter. It works like a charm - far better, in my experience, than SpamAssasin, and you don't have to manually write any rules except the one to feed everything through Bogofilter before delivery.

Egbert Souse

10+ Year Member



 
Msg#: 854 posted 2:01 pm on Nov 24, 2003 (gmt 0)

Thanks Dingman. That explains it. Like Rosanna Rosanna Danna on Saturday Night Live used to say "If it's not one thing, it's something else."

I was looking at bogofilter as well. I read an article on webmonkey called frying spam where he recommends combining bogofilter with spam assassin.

I think that once I get a good understanding of this and how procmail works, I will use all three procmailrc, spam assassin, and bogofilter. Right now I am wasting entirely to much time with spam and sifting thru this garbage to find legitimate emails.

donb01

10+ Year Member



 
Msg#: 854 posted 4:36 am on Dec 3, 2003 (gmt 0)

I know this is an old thread, but I am reading it for the first time!

If you really want to study procmail recipes go to www.spambouncer.org and download spambouncer. The whole thing is a huge collection of procmail recipes, and she keeps it updated every few weeks. All you need to use it is a home directory or someplace that the system always looks when you login to check mail. you put in your .procmailrc file and point it at where you unpacked the spambouncer files. It gives you the options of either sending various types of files (viruses, spam - after you trust it, etc) to /dev/null, or to a file to examine later. It buries headers in the mail that you can filter for in a variety of decent POP mail programs as well.

Hope you find this informative.

Egbert Souse

10+ Year Member



 
Msg#: 854 posted 2:28 pm on Dec 3, 2003 (gmt 0)

Hello donb01,

I looked at spambouncer. It looked like the answer to what I needed. I installed it at my ISP, they heven had some tech people help. All it did was delete every single message I received.

Their tech people including staff who know procmail and procmailrc could not figure out why this was happening. I wrote to the author several times and never received any reply. What a shame.

From my experience, I looks great but does not work at all. Maybe it is just me I dunno.

donb01

10+ Year Member



 
Msg#: 854 posted 3:53 pm on Dec 3, 2003 (gmt 0)

That's odd... She's usually pretty good at returning messages, although she IS very busy. Did you mail to ariel@spambouncer.org?

A couple of things that I have found that are needed in order for spambouncer to run - I don't mean to insult if your knowledge is greater than mine - is that the spambouncer files must be put in a directory that YOU have read access to. On my box I have it in /usr/local/sb - there is one copy for everyone that needs it, so if I update it once it updates for everyone (except new options that would have to go in each user's procmailrc file - more on that later).

The next thing, is that I have found that it will only work if you are a REAL user on the system, or you have shell access to the OS, or if you have a definate home directory that you drop into when you sign in. I have a wonderful program called 'tequila' on my system that allows each user group to configure their own mailboxes for their own domains so that I don't have to be annoyed making changes whenever they need them, but it creates all the domains and users as virtual postfix users and not real users, so I cannot use spambouncer if I use that environment. I have had discussions with both software designers, and as of yet we have not figured out how to get spambouncer to work with virtual postfix users because they have no REAL login/home directory. So that's another issue.

Now, assuming you have your own box, or a shell login and your own home directory ( a home directory and a shell login may be different than just 'webspace' on some systems, as with just 'webspace' you can still be a virtual user with no home directory. ), you need to make sure all of the support files that spambouncer needs are present - even if they are empty. You need a .legitlists file, a .localhost file, a .myemail file, a .nobounce file, and, of course, .procmailrc file. If these files do not exist you can create blank ones from a shell ($) prompt by saying "touch <filename>". The .myemail file should have your own email addresses in it for the machine you're on, and the .localhosts file should have a list of all your own domains in it. Otherwise you can get by with empty files to start with.

Then, make sure the .procmailrc file's SBDIR variable is pointed to the absolute path (from /) on the system where the spambouncer files are located. ** added ** You can use the sample .procmailrc file she includes with the sb files and just change a few variables.

Hope some of this helps if you decide to play with it again.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Hardware and OS Related Technologies / Linux, Unix, and *nix like Operating Systems
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved