We're now filtering all incoming emails on our server - our spam has reached around 9000 emails per month and whilst it's been interesting to see what people are sending out as bulk unsolicited email, it's become something of a nuisance.

We're using procmail ... which means that we've got ourselves into the programming / configuration file .procmailrc.   Anyone who has any questions / wants any tips (I know several of you use Hurricane as your ISP - they have it included in the package), please post a follow up.  Also any good procmail recipes you have?

I'm a HE.net customer, ans use procmail to forward all incoming email through spamassasin. (an email filter written in Perl)

my .procmailrc contains:
Code:

:0fw | /usr/bin/spamassassin -P :0e {    EXITCODE=$? } :0: * ^X-Spam-Status: Yes [spamspamspam]

Where [spamspamspam] is a file that all spam gets written to.

It seems to get about 95% of the unsolicited stuff

My worst offenders get "dev/null"ed
Code:

:0: * Received:.*mindtower.com /dev/null

I also write all email details to a procmail log
Code:

LOGFILE=/home/moylan/procmail.log

Which writes in the format of
Code:

From CustomerRelations@swtrains.co.uk  Thu Dec  5 09:45:28 2002 Subject: To john@somehost.co.uk from Dennis Manders  Folder: /usr/spool/mail/somehost.co.uk/john                                  1494

Which is very convinient as I have a perl prog on cronjob that looks at this file every 15 mins, if theres a new entry it send the details of it to my work address.

Yes, procmail is very nice, and some of the recipes I've seen are very powerful.

But simple can be good too.

jfp


I always suggest to folks that they have a look/see if the software they need is already out there before they write their own ... In hindsite, I think that spamassassin might have been better for me that my roll-my-own procmail recipes .... your suggestion is excellent, jfp ...  also like your crontrab and logging approach and I'm considering a switch to this away from the automated bounce.

However ... procmail done and configured now.  ... and updated over the weekend in the light of experience.   I think I have trapped around 80% of the incoming spam (I got up this morning and thought and my mailbox was so light I thought "what has gone wrong" ....)

Here's a couple of interesting recipies for procmailers:

Bounce any emails to a group of old email addresses:

Code:

:0 * ^To:.*@agm.net * !^X-Loop: graham@wellho.net {        :0 h        | (formail -t -r -A"X-Loop: graham@wellho.net " -A"From: Graham Ellis <graham@wellho.net> " ; \        cat $HOME/usergone.txt ) | \        /usr/bin/sendmail -t }

Bounce emails with certain words in the subject line:

Code:

:0 * ^Subject:.*(%anywhere%) * !^Subject:.*melksham * !^Mailing * !^X-Loop: graham@wellho.net {        :0 h        | (formail -t -r -A"X-Loop: graham@wellho.net "  -A"From: Graham Ellis <graham@wellho.net> "; \        cat $HOME/emailbounce.txt ) | \        /usr/bin/sendmail -t }

Note on this one - we have a Perl script that replaces %anywhere% with a regular expression made up of 74 common spam words held in a data file ... makes updating easier.

Other recipies exclude:
- emails that have subjects starting with 39 different words / strings
- emails with 31 different patters in the sender
- emails that have 10 non-lowercase characters in sucession in the subject
- emails that have 5 or more consonants in succession in the subject

All bounces have a nice message with them,  telling people that adding the word "melksham" makes their email acceptable, and all have an extra header added which we check for to avoid bouncing loops.



And still the spam increases  ... now between 500 and 1000 emails a day arriving at our server ... for two of us!

I've re-visited the subject and added spamassassin into our filter chain; I'm also keeping a log via a perl program too ... here's the entries in my procmailrc:

Code:

# Run Spam Assassin to see if it's clearly spam # Keep a note in mailwash! :0fw | /usr/bin/spamassassin | /home/wellho/mailwash

which adds a spam flag header, and also (my mailwash) generates a log, and then further down we bounce the spam, with a message explaining and inviting people to write back with a particular word in the subject line if it really isn't spam ....

Code:

:0 * ^X-Spam-Status: Yes * !^Subject:.*melksham {        :0 h        | (formail -t -r -A"X-Loop: graham@wellho.net "  -A"From: Graham Ellis <graham@wellho.net> "; \        cat $HOME/mailinfo.txt ) | \        /usr/bin/sendmail -t }

Here's "mailwash" - it simply passes through the email, extracting and logging statistics for me!

Code:

#!/usr/bin/perl # Mailwash $body = 0; $loop = 0; $mailsize = 0; while (<STDIN>) {        /^$/ and $body = 1;        unless ($body) {                /^From: (.*)/i and $from = $1;                /^To: (.*)/i and $to = $1;                /^Subject: (.*)/i and $subject = $1;                /^X-Spam-Status:.*(Yes|No)\D+([0-9.]+)\D+([0-9.]+)/ and ($spam,$score,$limit) = ($1,$2,$3);                /^X-Loop:.*graham@wellho.net/ and $loop = 1;                }        $mailsize += length;        print;        } chomp ($from,$to,$subject); open (LOG,">>/home/wellho/wash.log"); printf LOG ("%-20.20s %-20.20s %-40.40s %5s %5s %5s %8d %1d %d\n",$from,$to,$subject,$spam,$score,$limit,                $mailsize,$loop,time()); close LOG;

---