Just looked at mine. There are differences, but they may just be down to server issues/configuration.

Anyway, some things to look at may be:

You have named the file .procmailrc, ie, with a period at the beginning?

My subject line check looks like this:

:0
* ^Subject.*(list¦of¦words¦using¦pipe¦to¦seperate¦them)
{

:0:
/dev/null
}

... note the various brackets and the vertical pipe - your post shows a 'broken' or dashed vertical pipe - not sure what that is called, and it may well just be the forum software causing it to appear like that.

I don't check the body for dodgy words as the server load, would, I suspect, be considerable, but with subject line and domain checking, coupled with Spam Assasin, 95% plus gets zapped.

To kill domains I use:

:0
* ^(From¦X-from¦Sender¦X-sender¦Reply-To¦Received¦Return-Path¦Errors-To).*(@junk.com¦@morejunk.com¦@yougettheidea.com)
{

:0:
/dev/null
}

Try some further fiddling around and let me know how you get on.

Forgot - I upload it in ascii mode (from a Windows box to our 'nix server) - can't remember if that's absolutely necessary, however.

Why are you using procmail for spam detection? Why not use spamassassin? It gets called from procmail and then marks emails as spam based a lot more rules than you will probably think of. Why re-invent wheels?

Oh, and you do know that Windows formats text files differently from Unix? The line breaks are different so get a decent text editor. One with "Save as Unix" should do...

Why re-invent wheels?

I love Spam Assasin. However, 2 buts - one, not everyone may be able to install it, and, two, without my own procmail recipe after Spam Assasin, I'd still be getting around 200 pieces of cr*p a day.

SA is good, but SA and procmail is better.

Thanks Mat and Josk for your comments and help they are greatly appreciated.

I was considering Spam Assasin, but I did not see the ability to do the following:

Whitelist
Check for spamvertised sites
Give me enough control

I also looked at and tried unsuccessfully to install and use Spam Bouncer but it bounced everything, and when I wrote to the auhor several times I never received any reply.

In the mean time, I have been saving in ascii and uploading the files in ascii.

In procmail can I just keep adding line by line with the askrisk? For example:
#Body
:0 B:
*spammer1.biz
*spammer2.com
*spammer3.biz
*spammer4.biz
/dev/null

One more question, I want to take spam that is sent either directly to or cc'd to a cancelled address at the domain, and automatically delete it.

For example an old address is water@example.com, chemicals@example.com, etc. so the spammer sends spam to water@example.com and cc's it to chemicals@example.com and also cc's it to a legitimate address at example.com

Most likely once I have this all sorted out, I will use a combination of SA and procmail.

I was considering Spam Assasin, but I did not see the ability to do the following:

> Whitelist

Spam assassin supports whitelisting...

> In procmail can I just keep adding line by line with the? askrisk? For example:
> #Body
:0 B:
> *spammer1.biz
> *spammer2.com
> *spammer3.biz
> *spammer4.biz
> /dev/null

Isn't each line a logical AND? Means to trash anything that contains *spammer1.biz, AND *spammer2.com, etc. Perhaps using *spammer1.biz¦*spammer2.com¦*spammer3.biz¦*spammer4.biz would work? '¦' is the OR character in a regex.

Thanks Josk,

does it matter if the spamvertised sites separated by a ¦ wrap onto several lines?

One more question for now (I'm sure there will be more). I want to put in a rule in my procmailrc file that if a spam is sent either to an address at my domain, cc'd or BCC to that address, it automatically gets spam canned. Since all the addresses end in (lets call it exampledomain.com)
Would it be

:0
* ^(TO¦CC¦BCC¦).*(void1@exampledomain.com¦void2@exampledomain.com¦void3@exampledomain.com¦and-so-on@exampledomain.com)
{

:0:
/dev/null
}

As this is getting more and more involved, and the flood of spam is getting ever higher, it will be impossible to keep up manually, so I know I will need a second solution in addition to my own recipes. Either that or give up the domain and email forever (which I really don't want to do).

One question regarding spam assassin, does it check blacklists and score on them? In otherwords will it check spamhaus; ORBS, spamcop, etc.? I have heard that there is a list that lists spamvertised sites as well.

Thanks for your

> does it matter if the spamvertised sites separated by a
> ¦ wrap onto several lines?

Do you mean several lines all seperated by a line break? If so, then yes. (That was what was wrong originally...)

> One more question for now (I'm sure there will be more).

Have you tested thet line? It looks reasonable enough...

> One question regarding spam assassin, does it check
> blacklists and score on them?

Spam Assassin FAQ: [spamassassin.taint.org...]

I did a little playing around with procmail and everytime I use the following recipes, every email sent to my domain, gets trashed.

The recipe was saved as Unix ascii text. It was loaded via FTP as a text file. The file is named .procmailrc No lines are wrapping.

It is loaded in the right place on my host.

I tried recipe 1 and no email could get thru. So I deleted it and replaced it with recipe 2. Still no email got thru.

Any ideas would be greatly appreciated.

Here are the recipes:

<-- Recipe 1 -->

#Void To etc
:0
* ^(TO¦CC¦BCC¦).*(chemicals@exampledomain.com¦water@exampledomain.com¦chemical@exampledomain.com¦)
{

:0:
/dev/null
}

:0
* ^(TO¦CC¦BCC¦).*(chemicalsales@exampledomain.com¦custommade@exampledomain.com¦alwshopnow@exampledomain.com¦)
{

:0:
/dev/null
}

:0
* ^(TO¦CC¦BCC¦).*(sales-natural@exampledomain.com¦custom-made@exampledomain.com¦alw2004@exampledomain.com¦)
{

:0:
/dev/null
}

:0
* ^(TO¦CC¦BCC¦).*(natural@exampledomain.com¦alwlotto@exampledomain.com¦alwjackpot@exampledomain.com¦)
{

:0:
/dev/null
}

:0:
/dev/null
}

:0
* ^(TO¦CC¦BCC¦).*(John@exampledomain.com¦Newsletter-Recipients@exampledomain.com¦)
{

:0:
/dev/null
}

:0
* ^(TO¦CC¦BCC¦).*(subscribed@exampledomain.com¦Everyone@exampledomain.com¦Pearl@exampledomain.com¦corporate@exampledomain.com)
{

:0:
/dev/null
}

:0
* ^(TO¦CC¦BCC¦).*(customers@exampledomain.com¦naturalsales@exampledomain.com¦)
{

:0:
/dev/null
}

:0
* ^Subject.*(viagra¦****¦mortgage¦xanax¦)
{

:0:
/dev/null
}

#Body
:0 B:
*(spammer1.biz¦spammer2.com¦spammer3.com¦spammer4.biz¦spammer5.info¦spammer6.biz¦)
{

:0:
/dev/null
}

<-- Recipe 2 -->

#Void To etc

:0
*!^To:.*chemicals@exampledomain\.com
*!^Cc:.*chemicals@exampledomain\.com
*!^BCc:.*chemicals@exampledomain\.com
/dev/null

Your problem is the '¦)' at the end of your conditions.

(foo¦bar¦baz) matches "foo" or "bar" or "baz"
(foo¦bar¦baz¦) matches "foo" or "bar" or "baz" or "".

The result is that almost any of the conditions in the section you labeled "Recipe 1" will delete any mail at all.

I'm not so sure about what you labeled as "Recipe 2". I don't think that it's even a valid procmail recipe, but if it is I certainly don't know what it would do.

For anyone who is trying to come up with a whole bunch of Procmail recipes to control their spam, let me reccomend installing Bogofilter. It works like a charm - far better, in my experience, than SpamAssasin, and you don't have to manually write any rules except the one to feed everything through Bogofilter before delivery.

Thanks Dingman. That explains it. Like Rosanna Rosanna Danna on Saturday Night Live used to say "If it's not one thing, it's something else."

I was looking at bogofilter as well. I read an article on webmonkey called frying spam where he recommends combining bogofilter with spam assassin.

I think that once I get a good understanding of this and how procmail works, I will use all three procmailrc, spam assassin, and bogofilter. Right now I am wasting entirely to much time with spam and sifting thru this garbage to find legitimate emails.

I know this is an old thread, but I am reading it for the first time!

If you really want to study procmail recipes go to www.spambouncer.org and download spambouncer. The whole thing is a huge collection of procmail recipes, and she keeps it updated every few weeks. All you need to use it is a home directory or someplace that the system always looks when you login to check mail. you put in your .procmailrc file and point it at where you unpacked the spambouncer files. It gives you the options of either sending various types of files (viruses, spam - after you trust it, etc) to /dev/null, or to a file to examine later. It buries headers in the mail that you can filter for in a variety of decent POP mail programs as well.

Hope you find this informative.

Hello donb01,

I looked at spambouncer. It looked like the answer to what I needed. I installed it at my ISP, they heven had some tech people help. All it did was delete every single message I received.

Their tech people including staff who know procmail and procmailrc could not figure out why this was happening. I wrote to the author several times and never received any reply. What a shame.

From my experience, I looks great but does not work at all. Maybe it is just me I dunno.

That's odd... She's usually pretty good at returning messages, although she IS very busy. Did you mail to ariel@spambouncer.org?

A couple of things that I have found that are needed in order for spambouncer to run - I don't mean to insult if your knowledge is greater than mine - is that the spambouncer files must be put in a directory that YOU have read access to. On my box I have it in /usr/local/sb - there is one copy for everyone that needs it, so if I update it once it updates for everyone (except new options that would have to go in each user's procmailrc file - more on that later).

The next thing, is that I have found that it will only work if you are a REAL user on the system, or you have shell access to the OS, or if you have a definate home directory that you drop into when you sign in. I have a wonderful program called 'tequila' on my system that allows each user group to configure their own mailboxes for their own domains so that I don't have to be annoyed making changes whenever they need them, but it creates all the domains and users as virtual postfix users and not real users, so I cannot use spambouncer if I use that environment. I have had discussions with both software designers, and as of yet we have not figured out how to get spambouncer to work with virtual postfix users because they have no REAL login/home directory. So that's another issue.

Now, assuming you have your own box, or a shell login and your own home directory ( a home directory and a shell login may be different than just 'webspace' on some systems, as with just 'webspace' you can still be a virtual user with no home directory. ), you need to make sure all of the support files that spambouncer needs are present - even if they are empty. You need a .legitlists file, a .localhost file, a .myemail file, a .nobounce file, and, of course, .procmailrc file. If these files do not exist you can create blank ones from a shell ($) prompt by saying "touch <filename>". The .myemail file should have your own email addresses in it for the machine you're on, and the .localhosts file should have a list of all your own domains in it. Otherwise you can get by with empty files to start with.

Then, make sure the .procmailrc file's SBDIR variable is pointed to the absolute path (from /) on the system where the spambouncer files are located. ** added ** You can use the sample .procmailrc file she includes with the sb files and just change a few variables.

Hope some of this helps if you decide to play with it again.