Filtering Spam with Procmail
01/10/2002In the last article, we installed the procmail utility and generated a few basic recipes. This week, let's start by looking at procmail's
built-in logging mechanism. We'll then take a look at some other
available resources that build on procmail's capabilities.
On your FreeBSD system, there is a utility called mailstats that gives you statistics on how many messages were handled by the sendmail program:
mailstats
Statistics from Mon Dec 24 08:17:21 2001
M msgsfr bytes_from msgsto bytes_to msgsrej msgsdis Mailer
0 0 0K 7 10K 0 0 prog
8 8 30K 1 3K 0 0 relay
=============================================================
T 8 30K 8 13K 0 0
C 8 8 0When you installed procmail, it installed its own mail statistics program
known as mailstat; notice the lack of the "s" at the end. Its syntax is
also slightly different than the built-in FreeBSD command; I enjoyed the
error message I received the first time I ran procmail's mailstat program:
mailstat
Most people don't type their own logfiles; but, what do I care?This program then sat there waiting for me to create a logfile;
instead, I did a ctrl-c to end the program and tried again, this time giving the
location of the log file that I specified when I created my .procmailrc:
mailstat ~/mail/from
Total Number Folder
----- ------ ------
5911 1 questions
----- ------
5911 1This utility is handy if you've created procmail recipes that place
your email into several different folders; you'll be able to quickly see how
many messages went into each folder since the last time you checked your
mail. Once you've run the mailstat utility, it saves that set of statistics in a file called from.old and starts counting new email from scratch. So if I immediately rerun mailstat:
mailstat
No mail arrived since Dec 24 10:32I'll see that I haven't received any new mail since the last time I ran
the mailstat program.
Last week, I demonstrated how to create some basic recipes that will sort your desired messages into their appropriate folders. After a bit of fine tuning, you'll find that the bulk of the messages that don't match a recipe, and therefore end up in your default folder, will be spam.
There are basically three options for dealing with the spam. The first
is to become a procmail guru by figuring out how to create recipes that
will catch spam without catching your non-spam messages. This is
time-consuming, difficult, and a never-ending process -- definitely, the
hard way, so I won't demonstrate it. The second is to install one of
the spam solutions that works with procmail. If you choose this method,
you can take advantage of the expertise of procmail gurus who have honed
their recipes and decided to share them. I'll be demonstrating two of these
solutions in the rest of this article. The third is the easiest way
and, depending upon your psychological makeup, either the least or the most
gratifying method: simply use your delete key and move on to the next
message.
This site has an excellent list of
resources that deal with procmail, including spam
resources.
This site is a goldmine of procmail FAQs, tips, and resources, and is
well worth bookmarking for future reference.
Two of the programs mentioned at this site are spam bouncer and
junkfilter, both of which are in the FreeBSD ports collection. This makes their
installation painless. You'll find, though, it will take some trial and
error on your part to tweak any spam filter to suit your needs. Also,
no spam filter can be 100% accurate, as there will always be legitimate
users that have email accounts with blocked domains and spammers are always
trying to find new ways to bypass spam filters.
Keeping this in mind, let's start by building and configuring junkfilter:
su
Password:
cd /usr/ports/mail/junkfilter
make install clean
exitYou'll note that I became the superuser to build the port, but exited
back to a regular user account so I could configure junkfilter for this
user only. I then followed the instructions in /usr/local/etc/junkfilter/README
to configure junkfilter.
The instructions first suggested that I move my .procmailrc to a new
directory, then create a link back to my home directory like so:
mkdir -m 755 $HOME/.procmail
mv -i $HOME/.procmailrc $HOME/.procmail/procmailrc
ln -s $HOME/.procmail/procmailrc $HOME/.procmailrcprocmailrc so
procmail can find and use junkfilter:
PMDIR=$HOME/.procmail
JFDIR=/usr/local/etc/junkfilter/
INCLUDERC=$JFDIR/junkfilterI also had to edit my path line so it looks like this:
PATH=$HOME/bin:/usr/bin:/bin:/usr/local/bin:/usr/local/etc:.Finally, to tell junkfilter where to put the spam, the author
suggests putting this recipe immediately after the INCLUDERC line:
:0
* JFEXP ?? .
{
:0 f
* JFSTATUS ?? 1
| formail -i "X-junkfilter: $JFVERSION" \
-i "X-Spammer: $JFEXP"
:0 E :
| formail -i "X-junkfilter: $JFVERSION" \
-i "X-Spammer: $JFEXP" >> junkmail
}At this point, junkfilter is ready to do its thing. You can fine tune
what it does by becoming the superuser and tweaking the global
configuration file /usr/local/etc/junkfilter/junkfilter.config. The
nice thing about tweaking junkfilter is its simplicity. The configuration
file itself contains straight-forward comments and you can toggle
functions on and off by changing their values to 0 or 1. If you
find that the filter is still catching legitimate mail instead of spam,
you can also try putting your own filtering recipes before the
junkfilter recipe. I'll leave it up to you to experiment with your own setup.
Pages: 1, 2 |
