~/.procmailrc
# Here comes all the stuff in its own subdir...
INCLUDERC=$HOME/.procmail/pm-basic.rc
nifty, eh?
and then in ~/.procmail, it's:
pm-basic.rc
#####################################################################
# My own procmail file
# actually it's a ~/.procmail/pm-basic.rc
# called by the ~/.procmailrc which just contains
# # Here comes all the stuff in its own subdir...
# INCLUDERC=$HOME/.procmail/pm-basic.rc
#
# Written by Andreas Wagner <A.Wagner[at]stud.uni-frankfurt.de>
# (thanx go to Catherine Hampton from spambouncer.org and
# telsa for http://www.linux.org.uk/~telsa/BitsAndPieces/procmailrc
#
# Released to the Public Domain.
#
######################################################################
SHELL=/bin/sh # Shell used to run procmail. Be sure this points to
# your system's copy of sh. DO NOT substitute a
# different shell unless you really know UNIX
LINEBUF=4096 # Needed to keep Procmail from choking on long
# "recipes", or instructions on what to do with
# particular kinds of email.
PATH=$HOME/bin:/bin:/usr/bin:/usr/local/bin
# Path for your programs -- this is probably best
# left alone.
VERBOSE=off # Change this to "on" when you try a new recipe
# so that Procmail will log literally every step
# it takes. DO NOT LEAVE IT ON, though, because
# it creates huge logfiles.
#
# If i DO leave it on, then because i regularly
# run mailstat which mails me stats and cleans
# the log. (but the procmail anti-spam extensions
# give **lots** of log entries...)
LOGABSTRACT=all # another setting for mailstat
MAILDIR=$HOME/Mail # this is where the mail (sub)folders are
DEFAULT=/var/mail/yourlogin # Your default incoming mailbox. Change "yourlogin"
# to your login name.
ADMINFOLDER=${DEFAULT} # for bounced mail, mail from root,
# postmaster, abuse, etc.
BULKFOLDER=${DEFAULT} # for bulk mail which appears legitimate, such
# as mail from mailing lists or mail sent using
# Bcc:
LOGFILE=$MAILDIR/.log # this is where procmail tells you where it put all those mails...
FORMAIL=/usr/bin/formail # Needed for autoreply recipes. Modify this to
# your system's copy of formail.
SENDMAIL=/usr/sbin/sendmail # useful for autoreply recipes. Modify this to point
# to your system's copy of sendmail.
LOCKFILE=$MAILDIR/lockfile.lock
LOCKEXT=.lock # this is used for locking so that several instances don't mess up
# everything
DROPPRIVS=yes # run scripts safely
#
# Admin/Maintenance Stuff +++++++++++++++++++++++++++++++++++++++++++
#
# First reate a backup of every message in case of mistakes...
# (this is commented out since everyting has proven to work fine)
# :0 c
# | bzip2 -c >> MailBack/backup-mailbox.bz2
# :0 c
# backup
#
# The next is to reduce the backup to the most recent 100 msgs.
# :0 ic
# | cd backup && rm -f dummy `ls -t msg.* | sed -e 1,100d`
# Regenerate "From" lines to make sure they are valid
:0 fhw
| formail -I "From " -a "From "
# make old-style pgp-mails readable for mutt
# no longer necessary in current mutt - is it? i think it doesn't hurt to have it.
:0
* !^Content-Type: message/
* !^Content-Type: multipart/
* !^Content-Type: application/pgp
{
:0 fBw
* ^-----BEGIN PGP MESSAGE-----
* ^-----END PGP MESSAGE-----
| formail -i "Content-Type: application/pgp; format=text; x-action=encrypt"
:0 fBw
* ^-----BEGIN PGP SIGNED MESSAGE-----
* ^-----BEGIN PGP SIGNATURE-----
* ^-----END PGP SIGNATURE-----
| formail -i "Content-Type: application/pgp; format=text; x-action=sign"
}
# Nuke duplicate messages - no, i don't dare
# :0 Wh: msgid.lock
# | $FORMAIL -D 8192 .msgid-cache
# Now include the sorting and filtering recipes...
# ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
# INCLUDERC=$HOME/.procmail/pm-scanning.rc # scan everything for virii&malware
INCLUDERC=$HOME/.procmail/pm-sorting.rc # sort known positives
INCLUDERC=$HOME/.procmail/pm-spam.rc # then pipe the rest thru spamdetection dept.
so then we have
pm-sorting.rc
#####################################################################
# pm-sorting.rc
#
# My procmail recipes for sorting incoming messages into the right folders...
#
# Andreas Wagner
#
#####################################################################
#
# Discard AOL spam-returns
:0
* ^Subject:.Returned.mail:.User.unknown
* ^From:.Mail.Delivery.Subsystem.<MAILER-DAEMON@aol\.com>
/dev/null
# Uni Spam Resumes
:0
* ^From:.Uni.Spamschutz.<mailadmin@rz\.uni-frankfurt\.de>
* ^Subject:.*neue Mails in Ihrem Spamverdacht-Ordner
/var/mail/wagner
# mailing lists #####################################################
#
# (Mailman (e.g. sourceforge) lists can be caught best with a
# * ^X-BeenThere: mdbtools-dev@lists\.sourceforge\.net match - very useful)
#
#####################################################################
# Access ----------------
:0
* ^From:.*(newsletter@access-guru\.de|newsletter@accessware\.de)
lists/db.access
# mdbtools (splitting up the digests) -----------------
:0
* ^X-BeenThere: mdbtools-dev@lists\.sourceforge\.net
| formail +1 -ds >> lists/db.mdbtools
# blackbox -----------------
:0
* ^X-Loop:.blackbox
lists/os.bbox
# blackbox 4 windows
:0
* ^X-BeenThere: bb4win-general@lists\.sourceforge\.net
lists/os.bbox4win
# partimage -----------------
:0
* ^TO.*partimage-(users|announce)@lists\.sourceforge\.net
lists/os.partimage
:0
* ^X-BeenThere:.*partimage-(users|announce)@lists\.sourceforge\.net
lists/os.partimage
# anomy -----------------
:0
* ^TO.*anomy-list@mailtools\.anomy\.net
lists/sec.anomy
# fwlogwatch -----------------
:0
* ^X-BeenThere:.*fwlogwatch-announce@Lists\.CERT\.Uni-Stuttgart\.DE
lists/sec.fwlogwatch
# SuSE Security Maillist -----------------
:0
* ^TO.*suse-security@(lists\.)*suse\.(de|com)
lists/sec.suse
# Sleuthkit informer -----------------
:0
* ^X-BeenThere:.*sleuthkit-informer@lists\.sourceforge\.net
lists/sec.sleuth
# Privoxy -----------------
:0
* ^X-BeenThere:.ijbswa-users@lists\.sourceforge\.net
lists/sec.privoxy
# LaBrea -----------------
:0
* ^X-BeenThere:.labrea-users@lists\.sourceforge\.net
lists/sec.labrea
# JAP -----------------
:0
* ^X-BeenThere:.anon-(newversion|important)@lists\.sourceforge\.net
lists/sec.jap
# Uni motd -----------------
:0
* ^TO.*motd@mlist.uni-frankfurt.de
1-inbox
# CCC list -----------------
:0
* ^TO.*chaos-update@lists.ccc.de
1-inbox
# Compaq eList at Yahoogroups -----------------
:0
* ^TO.*eListe_Presario1800@yahoogroups\.de
lists/os.compaq
#####################################################################
# Philosophy newsletters
# Newsletter of Phenomenology
:0
* ^TO.*newsletter_of_phenomenology@yahoogroups\.com
philo/phenonews
#####################################################################
#####################################################################
#
# newsletters subfolders ********************************************
#
# Öko-Reporter --------------
:0
* ^TO.*ecoreporter\.de-magazin@domeus\.de
newsletters/fin.ecoreporter
# e-fellows --------------
:0
* ^Subject:.*e-fellows\.net Newsletter
newsletters/soc.e-fellows
# Untergrund --------------
:0
* ^From:.*untergrund@gmx\.net
newsletters/soc.untergrund
# Cordis (EU research programmes) --------------
:0
* ^From:.*CORDIS-RAPIDUS.<rapidus@cordis\.lu>
newsletters/soc.cordis
#####################################################################
#
# security subfolders
#
# Privacy --------------
:0
* ^TO.*quintessenz[-_]list@.*quintessenz\.at
security/privacy
:0
* ^TO.*office@statewatch\.org
security/privacy
:0
* ^From:.*office@statewatch\.org
security/privacy
# Linux Security News & SecuriTeam & SecurityUpdate & SecurityPortal
:0
* ^From.*@(securiteam\.com|SECURITYPORTAL\.COM|infowar\.com)
security/secnews
:0
* ^TO.*newsletter@linuxsecurity\.com
security/secnews
:0
* ^Subject:.Linux Security Week
security/secnews
:0
* ^Subject:.HNS Newsletter:
security/secnews
:0
* ^From.*news@securityspace\.com
security/secnews
:0
* ^From:.Secunia.Security.Advisories.<sec-adv@secunia\.com>
security/secnews
####################################################################
#
# CronJobs
#
# SpamAssassin Statistics
:0
* ^Subject:.*Cron.<wagner@hermes>.*spamassassin-log\.pl
security/system
# MailStat
:0
* ^Subject:.*Mail Summary$
security/system.maillog
did I mention that I think a procmailrc file is a great exercise for getting used
to regular expressions?
and finally
pm-spam.rc
#####################################################################
# pm-spam.rc
# My procmail recipes for filtering spam
#
#####################################################################
#####################################################################
# SpamBouncer settings
#
# You can ignore these if you aren't installing the SpamBouncer.
# If you are installing the SpamBouncer, PLEASE BE SURE TO READ
# the installation instructions at <http://www.spambouncer.org/>.
# The examples i've found have these settings at the top of the procmailrc
# file, but since i have split my procmail things up, i thought it more
# consequent to have it in the pm-spam.rc file. Hope it works...
ALTFROM=devnull@commontology.de #An alternate email address which doesn't
#show your normal email address, so that
#spammers don't get your usual email address
#from complaints. (Some spammers will mailbomb
#you or otherwise cause trouble.)
#I recommend opening a free email
#account at Yahoo or somewhere else and
#checking it occasionally to be sure nothing
#you want is sent there.
#Actually i try to see how far i get without ever
#having a look at devnull ;-)
BLOCKFOLDER=${MAILDIR}/spam/suspicious #for suspicious mail, but possibly not spam
BLOCKREPLY=SILENT #SILENT tells the SpamBouncer to just filter
#blocked email, and not reply to it.
#NOTIFY tells the SpamBouncer to tell the
#sender that his/her email was blocked, and
#tells them how to bypass the filter if their
#email is legitimate.
BYPASSWD=putyourpasswordhere #Password that allows people who send you
#legitimate email, but whose email is
#blocked for some reason by the Spam Bouncer,
#to bypass the SpamBouncer.
FREEMAIL=INTERNAL #Tells the SpamBouncer whether to filter
#email from sites which offer free email
#addresses, and which list to use.
MYEMAIL=${HOME}/.myemail #Tells the SpamBouncer all email addresses that
#belong to you. Useful for distinguishing personal
#from bulk email.
NOBOUNCE=${HOME}/whitelist/whitelist #Tells the SpamBouncer where your NOBOUNCE
#file is located.
NOLOOP=${ALTFROM} #Setting for email address used in X-Loop:
#header, a header which should prevent
#mailing loops. Leave this alone unless
#you know what you're doing.
PATTERNMATCHING=SILENT #Enables the SpamBouncer's Pattern Matching
#filter. NONE disables the filter; SILENT
#causes it to filter out suspected spam
#but not notify the senders; NOTIFY causes it
#to both filter out suspected spam and notify
#the sender exactly as for other blocked email.
SBDIR=${HOME}/.procmail/spambouncer #Directory where SpamBouncer program files
#are located. Edit this to point to that
#directory on your system.
SPAMFOLDER=${MAILDIR}/spam/caught #change this to SPAMFOLDER=/dev/null
#to delete spam entirely.
SPAMREPLY=SILENT #SILENT tells the SpamBouncer to filter spam,
#but not attempt to autocomplain about it.
#BOUNCE tells the SpamBouncer to send a
#"MAILER-DAEMON" bounce message to the spammer.
#COMPLAIN tells the SpamBouncer to send an
#autocomplaint to the spammer's postmaster and
#upstream sites. BOTH tells the SpamBouncer to
#send both a bounce to the sender and complain
#to the spammer's postmaster.
#####################################################################
#
# BEGIN RECIPES ********************************************************************
# Spamtrap ----------------------------------------------------
:0 Wc : /var/tmp/pyzor-report.lock
* ^To:.*[aA]aron\.[fF]ruehstuecksfleisch@commontology\.de
| /usr/bin/spamassassin -r -w aaron.fruehstuecksfleisch@commontology.de -l /home/wagner/Mail/spam/caught
:0 Wc : /var/tmp/pyzor-report.lock
* ^To:.*[zZ]ebediah\.[fF]ruehstuecksfleisch@commontology\.de
| /usr/bin/spamassassin -r -w zebediah.fruehstuecksfleisch@commontology.de -l /home/wagner/Mail/spam/caught
#####################################################################
#
# Whitelist first... ################################################
#
WHITELIST_DIR=$HOME/whitelist
WHITELIST=$WHITELIST_DIR/whitelist
BLACKLIST=$WHITELIST_DIR/blacklist
ffield=`formail -XFrom: | formail -r -xTo: | tr -d ' '`
:0fhw
* ? grep -F -i -x -q "$ffield" $WHITELIST
| formail -i "X-AW-Whitelist: YES"
:0Efhw
| formail -i "X-AW-Whitelist: NO"
:0
* ? grep -F -i -x -q "$ffield" $BLACKLIST
| formail -i "X-AW-Blacklist: YES" >> spam/caught
#####################################################################
#
# stupid support@ms.com virii... ####################################
#
:0
* ^From:.*support@microsoft\.com
* ^X-Mailer:.Microsoft Outlook Express 6\.00\.2600\.0000
* ^X-MailScanner:.Found to be infected
/dev/null
#####################################################################
#
# Spamchecks... ##############################################
#
# Put all messages to SpamAssassin ---------------------------
# While I'm using amavisd-new as well (which could call SA),
# I prefer calling SA here, so it runs as spamc/spamd and can use
# Bayesian Logic...
:0 Wf
| spamc -u wagner -p 11783
#####################################################################
#
# *****************************************************************
# Now move those marked as spam to spamblock **********************
# *****************************************************************
# Evaluate SpamAssassing's Findings: ------------
:0:
* ^X-Spam-Status: Yes
spam/caught
:0:
* ^X-Spam-Flag: Yes
spam/caught
# Put all messages through spamblock
INCLUDERC=$HOME/.procmail/pm-spamblock.rc
# Put all messages through spambouncer
# actually, this produces a few false positives, so i try without it now.
# INCLUDERC=${SBDIR}/sb.rc
# I am tired of chineese/korean spam, so if there's any left:
:0
* ^Content-Type: text/(plain|html); charset=(gb2312|"ks_c_5601-1987")
| formail -A "X-Spam-Procmail: corean charset rule" >> spam/caught
##########################################################################
# final delivery ########################
# it seems there are several approaches/tools ########################
##########################################################################
#####################################################################
# 1)
#
# Sort out mail that really is to you from mail Bcc'd to you, or mail
# which doesn't have any of your email addresses on the To: or Cc: line.
# For this to work properly, you must create a text file named .myemail
# in your home directory and enter all email addresses that belong to
# you in it, one per line, just as you do with your .nobounce file.
#
# This does =wonders= in keeping spam from appearing in your personal
# mail. :)
#
# Substitute your shell account email address, custom domain, and any other email
# address you may have for the entries below.
:0:
* ? test -f ${MYEMAIL} && \
(${FORMAIL} -zxTo: -zxCc: |\
fgrep -i -f ${MYEMAIL})
| ${FORMAIL} -A"X-Folder: Default" >>${DEFAULT}
# Deliver email which passed spam filtering, but which wasn't sent to
# a recognizable personal email address of yours, to your "bulk mail"
# folder, for reading on a less-urgent basis.
:0:
| ${FORMAIL} -A"X-Folder: Bulk" >>${BULKFOLDER}
#####################################################################
#
# but you can always need this...
#
EXITCODE=$?
# DEFAULT=/dev/null
# DEFAULT=~/Mail/tmda-test-null
the above references Spamblock,
which sits in pm-spamblock.rc but has the config outsourced to
pm-spamblock-local.rc
MYDOMAIN=uni-frankfurt\.de|commontology\.de|t-online\.de|onlinehome\.de|1und1\.de|frankfurterarbeitskreis\.de
GOODGUYS=some\.nice\.person@some\.domain\.com
SPAMBLOCK=$HOME/Mail/spam/caught
# "1^0" fungiert hier als ein ODER-Operator
:0 f
* 1^0 ^From:.*list_admin@lockergnome.com
* 1^0 ^From:.*@yahoogroups\.com
* 1^0 ^From:.*devnull@commontology\.de
* 1^0 ^Subject:.*(X-news|X-mem)
* 1^0 ^TO:.*@lists\.sourceforge\.net
* 1^0 ^X-AW-Whitelist:.*YES
| formail -A 'X-Spamblock: ignored by my ~/.procmail/pm-spamblock-local.rc whitelist'
Finally, here is the scanning part using
anomy,
but I am not using it right now (using avavisd-new/antivir+sophie+clam via postfix),
therefore the config is probably quite outdated:
pm-scanning.rc
#####################################################################
# pm-scanning.rc
#
# My procmail recipes for scanning incoming messages for malware...
#
# Andreas Wagner, March 2003
#
#####################################################################
ANOMY=/usr/share/anomy/
# Pass the messages through the sanitizer, using
# procmail's filter feature, possibly rewriting the message
# to deactivate virii, trojans, etc.
:0 fw
| /usr/share/anomy/bin/sanitizer.pl /home/wagner/.anomy/anomy.conf
...and to this belongs, of course
anomy.conf
# anomy-secure.conf
#
# Higher security example config file for Anomy Sanitizer.
#
# - Defangs MIME, web bugs and message/partial MIME types
# - Forces all attachments to have file names
# - Defangs all known MS Windows "Executable" file types
# - Macro-scans MS Office files
# - leaves graphics files and the like untouched
# - Looks for file types anywhere in file name, not just
# at the end (To defeat Outlook express "middle extension"
# bug: http://www.messagelabs.com/viruseye/report.asp?id=130
# - Renames everything else (to defeat the next "executable" file
# type discovered to exist in Windows)
#
# From http://advosys.ca/papers/postfix-filtering.html
# Advosys Consulting Inc., Ottawa
#
# but modified by Andreas Wagner, http://www.commontology.de/
feat_testing = 0 # Testing? Set to 1 for testing, 0 for production
feat_boundaries = 0 # Replace MIME boundaries with our own
# (this breaks PGP/MIME)
feat_files = 1 # Enable filename based policy decisions
feat_fixmime = 1 # Fix invalid and ambiguous MIME boundaries, if possible
feat_force_name = 1 # Force all parts (except text/html parts) to have file names.
feat_forwards = 1 # Sanitize forwarded content too
feat_html = 1 # Defang active HTML
feat_lengths = 1 # Protect against buffer overflows and null values
feat_no_partial = 1 # Disable message/partial MIME types
feat_scripts = 1 # Defang shell scripts
feat_trust_pgp = 1 # Trust signed and/or encrypted messages
feat_uuencoded = 1 # Defang UUEncoded files
feat_webbugs = 1 # Disable web bugs
# Logging and Reporting:
feat_verbose = 1 # Warn user about unscanned parts, etc.?
feat_log_inline = 1 # Insert log in the message itself?
feat_log_stderr = 0 # Log to STDERR?
feat_log_xml = 0 # Log in XML?
# Advertisement to insert in each mail header:
header_info = X-Sanitizer: mail filter v. 1.57 - http://mailtools.anomy.net/
header_url = 0
header_rev = 0
msg_pgp_warning = WARNING: Unsanitized (signed or encrypted) content follows.\n
file_name_tpl = /var/spool/mail/quarantine/att-$F-$T.$$
# Disable "score" based mail discarding:
score_panic = 0
score_bad = 0
##
## File attachment name mangling rules:
##
# Number of rulesets we are defining:
file_list_rules = 5
# ...but first define defaults:
file_default_policy = defang
file_default_filename = unnamed.file
# 1. Virus-scan EVERYTHING with f-prot:
file_list_1_scanner = 0:2:3:/usr/share/anomy/contrib/check_for_virus %FILENAME
file_list_1_policy = unknown:defang:save:save
file_list_1 = (?i).*
# 2. Handle M$'s TNEF-formatted winmail.dat:
file_list_2_scanner = 0:::/usr/share/anomy/contrib/tnef2multipart.pl %FILENAME
file_list_2_policy = accept:drop:drop:drop
file_list_2 = (?i)(winmail.dat)
# 3. Defang obviously nasty attachments:
file_list_3_scanner = 0
file_list_3_policy = defang
file_list_3 = (?i)\.(
file_list_3 += [23]86|vb[se]|jse|cpl|crt|chm|cpl|inf|ins|isp|dll|drv|msi|cmd|sc[rt]|sys|bat|pif|lnk
file_list_3 += |hlp|ms[cip]|asd|sh[bs]|app|ocx|htt|hta|mht|url|exe|ws[cfh]|ops
file_list_3 += )\s*$
# 4. Accept harmless attachments:
file_list_4_scanner = 0
file_list_4_policy = accept
file_list_4 = (?i)\.(
file_list_4 += jpe?g|gif|png|tiff?|bmp|psd|pcx|x[pb]m|
file_list_4 += |vsd|drw
file_list_4 += |t(xt|ex)|asc|nfo|me|csv|l(og|yx)|reg
file_list_4 += |[ch](pp|\+\+)?|s|inc|asm|patch|java|php\d?|jsp|bas
file_list_4 += )(\.g?z|\.bz\d?)*\s*$
# 5. Pipe office files thru the builtin macro scanner:
file_list_5_scanner = 0:1:2:builtin/macro 30
file_list_5_policy = accept:accept:save:save
file_list_5 = (?i)\.(
file_list_5 += doc|dot|rtf|pdf|dvi|e?ps|htm|[sp]?html?
file_list_5 += |xls|xlw|xlt|csv|wk[1-4]
file_list_5 += |ppt|pps|pot
file_list_5 += |pl|class|upd|wp\d?|m?db
file_list_5 += |z(ip|oo)|ace|ar[cj]|lha|g?z|tgz|bz\d?|[tr]ar|lzo|rpm|deb|tgz|slp
file_list_5 += |mp[32]|wav|au|avi|mpe?g|mov|ram?)\s*$