Procmail Strategies

Historical Document - Last Updated Thu Jul 18 13:19:53 2002

Procmail Strategies

for sorting your (Unix) mail into folders and filtering spam.

procmail is a Unix tool for filtering email. Typically one creates a ~/.forward file such as:

"|IFS=' '&&exec /triumfcs/bin/procmail ||exit 75 #JoeUser"

(replacing "JoeUser" with your own username), and creates a ~/.procmailrc file with various procmail commands. This has the effect of taking your email from the incoming mail spool and sorting it into a number of separate in-boxes. Some mail tools, such as Pine, and some mail notification tools such as newmail may be configured to use multiple in-boxes. For example, the following in ~/.pinerc sets up separate boxes for www-talk, junk, and valid mail:

incoming-folders=WWW-Talk mail/www.in,
        Mail mail/valid.in,
        IETF mail/junk.in

Online Database Filtering

Headers added by trmail for matches in the online anti-spam databases may be filtered by adding e.g.

:0
* X-Spam-List
mail/spam

You may wish to add the following line to .pinerc if using Pine:

incoming-folders=Spam mail/spam

(add more entries for mailing lists, etc.)

Mailing Lists

One simple use is to sort mailing-list messages into an appropriate box. The following .procmailrc rule sorts messages from the WWW mailing list into a box named "www-talk.in":

:0
* .*www-talk@w3
www-talk.in

The wildcard ensures they go in the box regardless of whether they are to the list directly, to someone else Cc: the list, or to named recipients and also the list.

Spam

(apologies to Hormel foods ..)

Broadcasters of junk email have adopted a number of strategies to ensure that you read their messages, while making it difficult for irate recipients to reply. One would usually like "important" mail to receive more priority than junk mail. The following is an outline for dealing with unwanted mail:

Filter mailing-list messages.
When you subscribe to a mailing list or listserv, note the typical form of messages from the list and craft a procmail filter to sort it. Occasionally mail may arrive with a header using an alias of the listserv (e.g. mail.xxx.com instead of xxx.com).
Decide on priority domains.
You may wish to treat all mail from the triumf.ca domain as valid. It wouldn't do to discard a memo from your boss! You might include a line such as
```
:0
* ^From:.*triumf.ca
valid.in
```
Decide on junk domains or patterns.
You may decide that all mail from rodent.com is junk. You can file it using a similar filter:
```
:0
* ^From:.*rodent.com
junk.in
```

Spamming Patterns

The following are common junk email headers patterns:

From: someuser@rodent.com
To: someuser@rodent.com
Subject: Hi

From: someuser@rodent.com
To: friends@aol.com
Subject: Your message

From: postmaster@triumf.ca
To: yourid@triumf.ca
Subject: I think you should see this

From: yourid@triumf.ca
To: yourid@triumf.ca
Subject: Your recent posting

One useful filter is to require that personal email has a valid To: or Cc: header (is addressed to you personally). After filtering all registered mailing lists, one can sort other mail with a filter such as:

:0
* !^To:.*yourid@triumf.ca|^cc:.*yourid@triumf.ca
junk.in

which says that any mail NOT To you or Cc you goes in "junk.in". You may like to filter mail apparantly from yourself or postmaster, too:

:0
* !^From:.*yourid@triumf.ca|From:.*postmaster@triumf.ca
junk.in

Note that you may get valid mail from "postmaster", depending on your mail configuration, if you send mail to a bad local address, so be careful.

The Complete .procmailrc

(your configuration may be different)

PATH=$HOME/bin:/usr/bin:/bin:/usr/local/bin:.
MAILDIR=$HOME/mail      # You'd better make sure it exists
DEFAULT=$MAILDIR/valid.in
LOGFILE=$MAILDIR/from
LOCKFILE=$HOME/.lockmail
SENDMAIL=/usr/sbin/sendmail

# typical mailing list folder
:0
* .*www-talk@w3.*|.*www-html@w3.*
www-talk.in

# mailing list I want in the valid box
:0
* .*vcs-dev@es.net
valid.in

# various known spam domains
:0
* ^From:.*hotmail.com|^From:.*nobody@nobody|^From:.*savetrees.com|^From:.*t-3net.com|^From:.*answerme.com|^From:.*t-1net.com
junk.in

# NOT known valid domains
:0
* !^To:.*triumf.ca|^cc:.*triumf.ca|^From:.*triumf.ca
junk.in

# everything else falls through to DEFAULT (valid.in)

Deleting Mail

Although procmail can be set to delete mail, this is probably not a good idea. For instance, if you delete all mail from aol.com, you will miss messages from your cousin who just got online with them, and if one of your mailing lists changes its software you may lose messages. Just having most of the junk messages in one folder makes it much easier to group and delete them manually.

Tracing Email

Email broadcast software has the ability to forge any email headers. There is no guarantee that any of the addresses are valid. Examining the "audit trail" may be useful, though some broadcast software may forge dates to hide the routing information (making the source look like a relay, and a relaying host look like the original sender), or use special routing hosts that suppress source information. It's best just to delete junk mail, and reserve ones efforts for more serious offences (repeated mail bombs, or libellous mail forgery, for instance).