BSD DevCenter
oreilly.comSafari Books Online.Conferences.

advertisement


FreeBSD Basics

Filtering Spam with Procmail

01/10/2002

In the last article, we installed the procmail utility and generated a few basic recipes. This week, let's start by looking at procmail's built-in logging mechanism. We'll then take a look at some other available resources that build on procmail's capabilities.

On your FreeBSD system, there is a utility called mailstats that gives you statistics on how many messages were handled by the sendmail program:


mailstats
Statistics from Mon Dec 24 08:17:21 2001
 M   msgsfr  bytes_from   msgsto    bytes_to  msgsrej msgsdis  Mailer
 0        0          0K        7         10K        0       0  prog
 8        8         30K        1          3K        0       0  relay
=============================================================
 T        8         30K        8         13K        0       0
 C        8                    8                    0

When you installed procmail, it installed its own mail statistics program known as mailstat; notice the lack of the "s" at the end. Its syntax is also slightly different than the built-in FreeBSD command; I enjoyed the error message I received the first time I ran procmail's mailstat program:

mailstat
Most people don't type their own logfiles; but, what do I care?

This program then sat there waiting for me to create a logfile; instead, I did a ctrl-c to end the program and tried again, this time giving the location of the log file that I specified when I created my .procmailrc:

mailstat ~/mail/from

  Total  Number Folder
  -----  ------ ------
   5911       1 questions
  -----  ------
   5911       1

This utility is handy if you've created procmail recipes that place your email into several different folders; you'll be able to quickly see how many messages went into each folder since the last time you checked your mail. Once you've run the mailstat utility, it saves that set of statistics in a file called from.old and starts counting new email from scratch. So if I immediately rerun mailstat:

mailstat
No mail arrived since Dec 24 10:32

I'll see that I haven't received any new mail since the last time I ran the mailstat program.

Last week, I demonstrated how to create some basic recipes that will sort your desired messages into their appropriate folders. After a bit of fine tuning, you'll find that the bulk of the messages that don't match a recipe, and therefore end up in your default folder, will be spam.

There are basically three options for dealing with the spam. The first is to become a procmail guru by figuring out how to create recipes that will catch spam without catching your non-spam messages. This is time-consuming, difficult, and a never-ending process -- definitely, the hard way, so I won't demonstrate it. The second is to install one of the spam solutions that works with procmail. If you choose this method, you can take advantage of the expertise of procmail gurus who have honed their recipes and decided to share them. I'll be demonstrating two of these solutions in the rest of this article. The third is the easiest way and, depending upon your psychological makeup, either the least or the most gratifying method: simply use your delete key and move on to the next message.

This site has an excellent list of resources that deal with procmail, including spam resources.

This site is a goldmine of procmail FAQs, tips, and resources, and is well worth bookmarking for future reference.

Two of the programs mentioned at this site are spam bouncer and junkfilter, both of which are in the FreeBSD ports collection. This makes their installation painless. You'll find, though, it will take some trial and error on your part to tweak any spam filter to suit your needs. Also, no spam filter can be 100% accurate, as there will always be legitimate users that have email accounts with blocked domains and spammers are always trying to find new ways to bypass spam filters.

Keeping this in mind, let's start by building and configuring junkfilter:

su
Password:
cd /usr/ports/mail/junkfilter
make install clean
exit

You'll note that I became the superuser to build the port, but exited back to a regular user account so I could configure junkfilter for this user only. I then followed the instructions in /usr/local/etc/junkfilter/README to configure junkfilter.

The instructions first suggested that I move my .procmailrc to a new directory, then create a link back to my home directory like so:

mkdir -m 755 $HOME/.procmail
mv -i $HOME/.procmailrc $HOME/.procmail/procmailrc
ln -s $HOME/.procmail/procmailrc $HOME/.procmailrc
Then, I added these lines to the variable section of procmailrc so procmail can find and use junkfilter:
PMDIR=$HOME/.procmail
JFDIR=/usr/local/etc/junkfilter/
INCLUDERC=$JFDIR/junkfilter

I also had to edit my path line so it looks like this:

PATH=$HOME/bin:/usr/bin:/bin:/usr/local/bin:/usr/local/etc:.

Finally, to tell junkfilter where to put the spam, the author suggests putting this recipe immediately after the INCLUDERC line:

        :0
        * JFEXP ?? .
        {
                :0 f
                * JFSTATUS ?? 1
                | formail -i "X-junkfilter: $JFVERSION" \
                        -i "X-Spammer: $JFEXP"

                :0 E :
                | formail -i "X-junkfilter: $JFVERSION" \
                        -i "X-Spammer: $JFEXP" >> junkmail
        }

At this point, junkfilter is ready to do its thing. You can fine tune what it does by becoming the superuser and tweaking the global configuration file /usr/local/etc/junkfilter/junkfilter.config. The nice thing about tweaking junkfilter is its simplicity. The configuration file itself contains straight-forward comments and you can toggle functions on and off by changing their values to 0 or 1. If you find that the filter is still catching legitimate mail instead of spam, you can also try putting your own filtering recipes before the junkfilter recipe. I'll leave it up to you to experiment with your own setup.

Pages: 1, 2

Next Pagearrow





Sponsored by: