Email filtering with procmail

Procmail is a mail delivery agent (MDA) or mail filter. Among many other things, it can be used for advanced filtering tasks that web hosts’ GUI tools cannot accommodate.

In this example we will use procmail to perform several common tasks:

  • Delete obvious spam
  • Place probable spam in a special spam folder, not in the inbox
  • Place mail with **SPAM** in the subject in the spam folder
  • Delete mail from a particular sender
  • Place everything else in the inbox
  • Log everything for testing purposes

This example presumes that SpamAssassin is running on the server and has already scored incoming mail before procmail receives it. A common newbie error is to try to use procmail to directly detect spam, often by looking for specific words in the subject or body. Far better to let SpamAssassin, a spam filter, do the detection and have procmail, a delivery filter, handle the delivery. If you don’t already have SpamAssassin running on your mail server, go do that first and come back here later.

I use IMAP hosted with Pair Networks, but the discussion that follows should be broadly applicable to any remote or local mail server. For purposes of illustration, let’s assume we have the domain “example.com”, our hosting account’s username is “account”, and the mailbox we will be working with is “user@example.com”. Pair Networks uses mbox format, but as far as I know the following will work equally well with maildir format.

Consider the following example procmail script:

# Comment out next 2 lines to turn off logging
LOGFILE=/usr/home/account/procmail_log
VERBOSE=on

# Make this script, not qmail, deliver all mail
EXITCODE=99

# General format for filters:
# - Lock (:0:) or not (:0) the file to be written to as needed
# - Filter on header
# - Move to indicated folder

# Delete mail with spam score of 9 or greater
:0
* ^X-Spam-Level: *********
/dev/null

# Put remaining mail flagged as spam in spam box
:0:
* ^X-Spam-Flag:.*YES
/usr/boxes/account/example.com/user^/.imap/INBOX.Spam

# Put mail with **SPAM** in subject in spam box
# Catches mail flagged as spam by another system and then forwarded to this
# box, which did not flag it. Caution: Generates false positives
:0:
* ^Subject:.***SPAM**
/usr/boxes/account/example.com/user^/.imap/INBOX.Spam

# Delete mail from a particular sender
:0
* ^From:.*annoying_pest@example.com
/dev/null

# Any other items go here, before the last item

# Last item: put everything else in normal mailbox
:0:
/usr/boxes/account/example.com/user

Season to taste. Name it (typically .procmailrc) and upload the script to the server at /usr/home/account.

Now enable the script. Pair Networks customers should enter the Account Control Center (ACC) and open Email Management. Find the appropriate domain and click on “This domain has X recipes and Y mailboxes.” Find the user’s mailbox and click on the “[add recipe]” link to the right of it. Insure that you have a single email address selected, user@example.com, and select the “Filter” option. Press “Proceed”.

In the “E-Mail Filter” field, enter (changing the path as needed):

procmail -f- /usr/home/account/.procmailrc

Enable Junk E-Mail Filtering and press “Create Filter”. Note that it may take up to 10 minutes to become active.

Send yourself test messages to insure that mail is being properly filtered. Note that filtered mail may take a few minutes to arrive. Use the logfile to debug. Once all is well, comment out logging from .procmailrc and delete the logfile.

TODO: Investigate if it is possible to use a site-wide .procmailrc file to perform site-wide mail filtering tasks instead of having to have a separate .procmailrc for every mailbox.

ALTERNATIVES TO PROCMAIL
Procmail is complicated and unmaintained; maildrop is often recommended as a simpler modern replacement.

REFERENCES
Procmail Tips
Procmail Tutorials

Advertisements

About Warren Post

So far: Customer support guy, jungle guide, IT consultant, beach bum, entrepreneur, teacher, diplomat, over-enthusiastic cyclist. Tomorrow: who knows?
This entry was posted in Uncategorized and tagged , . Bookmark the permalink.

7 Responses to Email filtering with procmail

  1. anonymous says:

    Anonymous writes:cheers sir!!!!!!!!!1its gr8

  2. wpost says:

    Glad you found it helpful; best regards.

  3. anonymous says:

    Richard writes:Thanks for making this available. It actually works! We have used pair for our webserver for many years, but I've never been able to figure out the secret to getting procmail to work using their account admin interface, and have relied on other means. But to deal with a new problem I've had to dig into it again, and eureka! The only thing I did different was to enter the full path for the procmail binary in the Admin screen form.Thanks again

  4. wpost says:

    My pleasure; glad it worked for you. I was in a similar situation as you: years ago I tried and failed to get my head around procmail, and only revisited the issue last year when spam had gotten bad enough to make it worth my while to give it a second look. Turned out to be very easy, as you see.

  5. anonymous says:

    Richard writes:I'm also interested in the TODO mentioned above. I made a brief effort trying to set up different filters for different accountsusing this in my ACC recipes:accountA filter: procmail -f $HOME/.procmailrc-accountAaccountB filter: procmail -f $HOME/.procmailrc-accountBBut pair seemd to ignore my filter settings (in the ACC) and instead used the $HOME/.procmailrc file I orignally setup. I guess I should try deleting that and seeing if the others then worked.

  6. wpost says:

    Richard, if you get that figured out please post your experiences here. That's something I want to learn how to do, too.

  7. Pingback: Spam control on a mail server with SpamAssassin | Warren's tech notes

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s