December 10, 2002

Spam filtering

This needs to be archived somewhere, or I won't know how to do it next time.

OK, first of all, yes, I am running Sendmail. I have no particular animosity towards moving to postfix, or anything else for that matter, I have merely lacked the time. I suppose, however, that i have now spent more time on wrestling with Sendmail than it would have taken to migrate. That's neither here nor there.

Note to self: Guy- on #apache will help integrating qmail with spamassassin if I decide to go that way.

The problem that I am trying to solve is spam filtering. Here's the solution that I have in place at the moment.

I have two kind of email addresses - those that actually go to a local account, and those that are immediately forwarded out via an /etc/aliases entry. I currently have a good solution for the former, and a functional-but-annoying solution for the latter.

First, install spamassassin. It is at spamassassin.sourceforge.net and is easy to install.

Second, have sendmail call spamassassin on all incoming email. This is accomplished, at least in my current scenario, via a /etc/procmailrc file containing the following:

  BLOCKFILE=/var/spool/mail/spam

  :0fw
  | spamc -u $LOGNAME -s 2048000

  :0
  * ^X-Spam-Status: Yes
  {
      LOG="RECIPE: Blocked by SpamAssassin$NL"

  :0
  $BLOCKFILE
  }

This causes spamc to run as the user receiving the email. The -s specifies a maximum message size - larger messages are just passed through. This cuts down on enormous memory usage.

This causes all incoming email to get piped off through the spam filter. Note that spamd needs to be running for this to work.

.

For non-local accounts, this is harder. That is, for addresses that just have a forwarding entry in /etc/aliases, it seems that sendmail runs the forwarding phase before it gets to the procmail phase, so those addresses don't get filtered. Here's my solution, although I am *SURE* that there is a more elegant way to do this.

For these users, I've actually created a user acount. (I know, I know!) and in their home directory, I have the following .procmailrc file:

  VERBOSE=off
  SENDMAIL=/usr/sbin/sendmail
  MAILDIR=/var/spool/mail
  LOGFILE=/home/username/.procmail_log

  :0fw
  |/usr/bin/spamassassin

  :0:
  * ^X-Spam-Status: Yes
  spam

  :0:
  * ^To.*
  ! other@address.net

Now, I *know* there's got to be a better way to do this, so I'm waiting for all you find people to email me and tell me about it.

And, again for my own records, here's what Guy- on #apache recommended

<Guy-> DrBacchus: i.e. something like |sh -c 'DESTADDR=foo@some.where.com procmail -someswitch /etc/filter/procmailrc' or suchlike
Posted by rbowen at December 10, 2002 10:03 AM | TrackBack
Comments

Interesting idea, but definitely not elegant - especially when you have a number of aliases. I believe if it's workable to filter /etc/aliases, you could also filter /etc/mail/virtusertable .... With that, I have multiple names for different domains going different locations.... so this solution can't work. But somebody HAS to have tackled this before!

If anyone knows how to have sendmail filter spam with spamassassin for messages before forwarding via /etc/aliases or /etc/mail/virtusertable, please pass along the url or email. Many thanks.

Posted by: myke on February 2, 2003 06:11 PM

I set up some aliases for relatives on my mail server and I am facing the same problem.
However, I think I have found a slightly more elegant solution:

The entry in /etc/aliases reads:

dear-relative: |/usr/bin/spamc -f -e /usr/bin/procmail -m HOME=/var/mail /etc/dear-realtive.procmailrc


and /etc/dear-realtive.procmailrc contains:

:0
*
! dear-relative@real.provider


This way, I don't have to add extra accounts and get the flexibility of having separate procmailrc files for everyone.
However, maybe I still need something to omit the Sender header added this way...

Posted by: Holger Spielmann on March 14, 2003 09:52 AM

hey..

got this line for .procmail to filter unwanted attachments:

:0 B
* Content-Disposition:
* .*filename=.*\.(bat|chm|cmd|com|do|exe|hta|jse|rm|scr|pif|vbe|vbs|vxd|xl)
spam


Hope it's of some use to you :)

Posted by: cavey on August 28, 2003 06:47 AM

testreject: "|/bin/procmail -m /etc/mail/procmailrc.reject testreject@somewhere.com"

or majordomo:
list: "|/bin/procmail -m /etc/mail/procmailrc.listname \"/path/to/majordomo/wrapper resend -l list list-file\""

and the magical procmail file:

DELIVERY=$1

:0fw: /tmp/spamassassin.lock
*
| /usr/local/bin/spamassassin

#kill spam
:0
* ^X-Spam-Flag: YES
* ^X-Spam-Status: Yes*
/dev/null

# return message back to majordomo
:0
| $DELIVERY

THis handles all normal aliases, but how does one do virtusertable?

Posted by: Isaac on September 22, 2003 08:50 PM

Hey there,

Did you ever solve this? I am running redhat 7.x and just installed Spam Assassin, just to discover that all my virtual accounts get forwarded before I /etc/procmailrc runs.

Ideally, I just want to run a procmail filter before the virtualusertable or aliases files get parsed and the mail gets moved. *sigh*

Posted by: Brian on April 11, 2004 03:50 PM
Post a comment