Procmail - E-Mail Sorting and Filtering Utility
Procmail
is an e-mail processing utility and language. Procmail can be used to help
filter incoming spam from your server. Procmail replaces your
local delivery agent (MTA), letting your server decide where to place incoming email. Procmail
can be configured to delete, forward, bounce incoming email which meets your critiria. Procmail
uses what are called "recipies" to decide where email goes.
Installation
- To install procmail,
Telnet or SSH
to your Virtual Server and do the following:
% cd (change to your home directory)
% vinstall procmail
- Configure sendmail to use procmail as the local mail delivery agent
- To install the sendmail configuration files, type:
% vinstall sendmail
- From here we will edit the default sendmail configuraion file and add procmail as the MTA.
% cd ~/usr/local/sendmail/cf/cf
- Copy the server's default configuration file to a working one:
% cp -p default.mc mycopy.mc
- Now open mycopy.mc in your favorite text editor (e.g., vi, pico, etc.). Near the bottom of the file you'll find lines similar to these:
define(`LOCAL_MAILER_ARGS', `mail -f $g $u')dnl
define(`LOCAL_MAILER_FLAGS', `CmuX')dnl
define(`LOCAL_MAILER_PATH', `/bin/imail')dnl
MAILER(local)dnl
MAILER(smtp)dnl
- Insert the following line:
FEATURE(`local_procmail')dnl
so that your lines now look like this:
define(`LOCAL_MAILER_ARGS', `mail -f $g $u')dnl
define(`LOCAL_MAILER_FLAGS', `CmuX')dnl
define(`LOCAL_MAILER_PATH', `/bin/imail')dnl
FEATURE(`local_procmail')dnl
MAILER(local)dnl
MAILER(smtp)dnl
It is important that you insert the FEATURE line above after the LOCAL_MAILER lines; the FEATURE line will override the LOCAL_MAILER lines if it is placed after them (which is what we want it to do).
Save the file and exit your editor. At your shell prompt, type this to build a cf file from the mc file:
% ./Build mycopy.cf
This will read mycopy.mc and create a sendmail configuration file named mycopy.cf. If this process fails with error messages, check to make sure that you didn't add any extra lines or characters before saving mycopy.mc. Once you have successfully built a mycopy.cf file, copy it to your ~/etc directory:
% cp -p mycopy.cf ~/etc
% cd ~/etc
- Let's backup our old sendmail.cf file just in case we need to revert to it (its always good to backup):
% cp -p sendmail.cf sendmail.cf-
where is something like '010910'. Now let's move our new sendmail configuration file into place for sendmail to use:
% cp -fp mycopy.cf sendmail.cf
- With the new copy of the sendmail.cf file in place check to make sure your email gateway works. Use either your email client or via command line type:
% date | mail ROOTLOGIN
- Verify that this was delivered by using either your mail client or check your mail log:
% tail -n 2 ~/var/log/messages
Sep 10 14:31:24 sendmail[24923]: f8AKVOg24923: from=server, size=27, \ class=0, nrcpts=1,
msgid=<200109102031.f8AKVOg24923@server.com>, \relay=server@localhost
Sep 10 14:31:25 sendmail[24925]: f8AKVOg24923: to=server, ctladdr=server \
(1234/100), delay=00:00:01, xdelay=00:00:00, mailer=local, pri=30027, \
dsn=2.0.0, stat=Sent
(On busier systems you might need to tail more than 2 lines to see this activity)
- Configure procmail to filter viruses and spam on your system by creating procmail recipies:
- Now that procmail is delivering our local mail, make a server-wide procmailrc file located in ~/etc/procmailrc:
- Edit procmailrc with your favorite editor (~/etc/procmailrc probably doesn't exist; you're creating it now); make it look something like this:
VERBOSE=off
LOGABSTRACT=yes
LOGFILE=/var/log/procmail.log
COMSAT=no
## this will catch the SirCam virus (or any email message that
## discusses the SirCam virus payload ;o)
:0B:
* (in order to have your advice|que me des tu punto de vista)
/dev/null
## clean environment (this gets passed on to users)
VERBOSE=
LOGABSTRACT=
LOGFILE=
COMSAT=
- If you don't want to risk any accidentally lost mail, send the mail to a real file instead (this file will grow quickly, so check its size often):
:0B:
* (in order to have your advice|que me des tu punto de vista)
/var/log/sircam
- We can add some recipes to catch common spam content:
LOGFILE=/var/log/procmail.log.spam
## subject lines with 'adv' or 'advertisement' or some other variation
:0:
* ^Subject: \[?ADV.*\]?
/var/log/spam
## anyone who needs to invoke the spam law is a spammer
:0B:
* (section|s\.) ?1618
/var/log/spam
## yes it is...
:0B:
* This is not SPAM
/var/log/spam
- Now our ~/etc/procmailrc file looks like this:
VERBOSE=off
LOGABSTRACT=yes
COMSAT=no
LOGFILE=/var/log/procmail.log.sircam
## this will catch the SirCam virus (or any email message that
## discusses the SirCam virus payload ;o)
:0B:
* (in order to have your advice|que me des tu punto de vista)
/var/log/sircam
LOGFILE=/var/log/procmail.log.spam
## subject lines with 'adv' or 'advertisement' or some other variation
:0:
* ^Subject: \[?ADV.*\]?
/var/log/spam
## anyone who needs to invoke the spam law is a spammer
:0B:
* (section|s\.) ?1618
/var/log/spam
## yes it is...
:0B:
* This is not SPAM
/var/log/spam
## clean environment (this gets passed on to users)
VERBOSE=
LOGABSTRACT=
LOGFILE=
COMSAT=
Watch the size of ~/var/log/spam and ~/var/log/spam.log; consider installing some sort of file rotation program to manage them like savelogs.
Test your filter by sending an email message to any user on the Virtual Server. The message should contain a line in the body of the message 'in order to have your advice'. The message will be stored in ~/var/log/sircam (or deleted if you use /dev/null for your mailbox) and a three line entry made in ~/var/log/procmail.log.sircam containing whom the message was from, the subject line and size of the message, and where the message was stored.
|
