Spam filtering | Notes In The Margin

This needs to be archived somewhere, or I won’t know how to do it next time.

OK, first of all, yes, I am running Sendmail. I have no particular animosity towards moving to postfix, or anything else for that matter, I have merely lacked the time. I suppose, however, that i have now spent more time on wrestling with Sendmail than it would have taken to migrate. That’s neither here nor there.

Note to self: Guy- on #apache will help integrating qmail with spamassassin if I decide to go that way.

The problem that I am trying to solve is spam filtering. Here’s the solution that I have in place at the moment.

I have two kind of email addresses – those that actually go to a local account, and those that are immediately forwarded out via an /etc/aliases entry. I currently have a good solution for the former, and a functional-but-annoying solution for the latter.

First, install spamassassin. It is at spamassassin.sourceforge.net and is easy to install.

Second, have sendmail call spamassassin on all incoming email. This is accomplished, at least in my current scenario, via a /etc/procmailrc file containing the following:

  BLOCKFILE=/var/spool/mail/spam

  :0fw
  | spamc -u $LOGNAME -s 2048000

  :0
  * ^X-Spam-Status: Yes
  {
      LOG="RECIPE: Blocked by SpamAssassin$NL"

  :0
  $BLOCKFILE
  }

This causes spamc to run as the user receiving the email. The -s specifies a maximum message size – larger messages are just passed through. This cuts down on enormous memory usage.

This causes all incoming email to get piped off through the spam filter. Note that spamd needs to be running for this to work.

For non-local accounts, this is harder. That is, for addresses that just have a forwarding entry in /etc/aliases, it seems that sendmail runs the forwarding phase before it gets to the procmail phase, so those addresses don’t get filtered. Here’s my solution, although I am *SURE* that there is a more elegant way to do this.

For these users, I’ve actually created a user acount. (I know, I know!) and in their home directory, I have the following .procmailrc file:

  VERBOSE=off
  SENDMAIL=/usr/sbin/sendmail
  MAILDIR=/var/spool/mail
  LOGFILE=/home/username/.procmail_log

  :0fw
  |/usr/bin/spamassassin

  :0:
  * ^X-Spam-Status: Yes
  spam

  :0:
  * ^To.*
  ! other@address.net

Now, I *know* there’s got to be a better way to do this, so I’m waiting for all you find people to email me and tell me about it.

And, again for my own records, here’s what Guy- on #apache recommended

<Guy-> DrBacchus: i.e. something like |sh -c 'DESTADDR=foo@some.where.com procmail -someswitch /etc/filter/procmailrc' or suchlike

The Margin Is Too Narrow