# .procmailrc by Julian Stacey jhs@berklix # VERBOSE=YES # For debugging only. Grows Rapidly ! # commenting: # I indent the # as mush as possible, toward the text, # so I can easier search for eg "^I[a-z]" as they are # generally mistakes that should be preceded by a "*" # Bug to analyes JJLATER: # this works ~mk/procmailrc.spam@ -> ../jhs/.procmailrc.spam # But I cannot use ~mk/.procmailrc -> ../jhs/.procmailrc # http://www.berklix.com/~jhs/dots/.procmailrc # http://www.berklix.com/~jhs/dots/.procmailrc.spam # http://www.berklix.com/~jhs/dots/.procmailrc.spam.phrases # http://www.berklix.com/~jhs/dots/Makefile # man procmail # man 5 procmailrc # man 5 procmailex # man 1 egrep # This & some, but not all, included files are on web, so: # - Does not contain passwords. # - Does not contain full email strings to avoid crawlers for spammers. # - I let star completion do the job for procmail, # while not providing quite enough for spammer harvester robots # ag@muc 15 Oct 1998: # |> Ich bekomme noch mals dass Probleme wohin meine emails sind ungewunscht # |> zusammen gestoessen, mit nur 4 mal Control A inzwischen. # Ctrl-A sind Trennzeichen bei MMDF-Mails, und auch bei Mail-Digests. # Wir stellen Mails nicht im MMDF-Format zu. # Mail ueber UUCP wird bei uns nicht gebuendelt. # Strategies for spam filtering: # - http://www.cs.helsinki.fi/~wirzeniu/mailfilter.html # - http://www.ii.com/internet/robots/procmail (per CT mag 7.97) # - http://mops.vix.com/rbl (or nops) black hole list against spammers # Action Notes: # ! Forwards to all the specified mail addresses. # | Starts the specified program, # example/. # delivers numeric files into directories, # without updating files, # | $RCVSTORE +example ; tri_mail # edits the ~/mail/_folders_/.mh_sequences unseen: fields # however I hashed out tri_mail as I got a dup of # everything in Inbox # cw # I dropped the w(ait) # on many, as if a sym link to an archive dir. is not in place, # I dont want my Inbox to flood with dups or errs. # Similarly I reduced many "0 w$" to "0" # I don''t want this functionality, but keep syntax for interest: # To get rid of the duplicates, put this in your .procmailrc: # # Avoid messages with duplicate Message-ID # :0 W: msgid.lock # | formail -D 65536 msgid.cache # ----------------------------------------------------------------------------- PATH=/bin:/usr/bin:/usr/local/bin MAILDIR=$HOME/mail # ----------------------------------------------------------------------------- DEFAULT=$MAILDIR/Inbox/. INBOX_PLAIN = Inbox # INBOX_PLAIN used by .procmailrc.private_keep & .procmailrc # ----------------------------------------------------------------------------- LOGFILE=$MAILDIR/procfile.log # If this is defined, 3 lines go to it for every email received: # From , Subject:, Folder: # Its good to leave it defined, at least occasionaly after adding rules, # to pick up procmailrc syntax errors. # LOGFILE will also contain any error or diagnostic messages # from procmail # or other programs started by procmail. If this file not specified, # any diagnostics or error messages will be mailed back to the sender. # ----------------------------------------------------------------------------- # Meta Characters # Man procmail* refers to egrep # man egrep lists some meta characters. # man procmailex lists more meta characters eg () as in (optional) # man procmailrc lists SHELLMETAS as &|<>~;?*[ # Assume all of these are special & need delimiting: # ! # $ & '' ( ) * + - . < > ? [ \ ] ^ `` { | } \ # the `` and '' are duplicated above to satisfy brackets.c # Assume these do not need delimiting: @ = : ; % ~ # What about: " # ----------------------------------------------------------------------------- # SQUEEZE="formail -I Received: |" # Msg-Protect=0644 RCVSTORE=/usr/local/libexec/nmh/rcvstore # ----------------------------------------------------------------------------- # LOCKFILE=$MAILDIR/lockfile.mine # I tried Enabling this 2009.06.18 while off line, but I then saw # LOGFILE report "No match on" 1 line from my spam list, each maybe 4 # seconds. # Whatever, I cant afford it that slow. # So unless maybe I add some way to change times, It's no use # to try to avoid flood of procmail processes eating much CPU, # when first connecting after off line during night. # man procmail: # When delivering to directories, MH folders, or maildir # folders, you don't need to use lockfiles to prevent several # concurrently running procmail programs from messing up. # # Delivering to MH folders is slightly more time consuming # than deliver- ing to normal directories or mailboxes, because # procmail has to search for the next available number # (instead of having the filename immedi- ately available). # ----------------------------------------------------------------------------- INBOX_HTML_NO_PLAIN=Inbox.d/html-plain # ----------------------------------------------------------------------------- # Spam Policy Switchable Here, If: # - One suspects occasional loss of valid mail. # - One suspect spammers are flooding, # which though automatically deleted, wastes bandwidth & CPU, # - Spam autopsy desired, eg to analyse IPs of major offenders. SPAM_NULL_NO_RCVSTORE=/dev/null # Discard spam forever (& maybe lose an odd valid mail?). # Note when rcvstore was used with this (which I now avoid) # it used to complain: unable to change directory to /dev/null # SPAM_NULL_NO_RCVSTORE=$MAILDIR/.null # Append to invisible file for rescue/ debug. Truncate manually. ## SPAM_NULL_NO_RCVSTORE=$MAILDIR/spam/Null/. # Save each spam in a seperate file for checking. # Capital N to make it near first, to realise special. # Note, not filled by $RCVSTORE so EXMH does not turn blue. SPAM_USER_SUSPENDED=spam/user_suspended/. # SPAM_USER_SUSPENDED=$SPAM_NULL_NO_RCVSTORE SPAM_NULL_NO_ACCESS=$SPAM_NULL_NO_RCVSTORE # usually masquerading spammers, unless eg SASL goes wrong. # SPAM_NULL_NO_ACCESS=spam/no_access/. PRI_MAIL=$HOME/txt/mail PRI_MAIL_SYSTEMS=$PRI_MAIL/systems # Warning do not add macros for condition lines, as procmail will not use them. # ----------------------------------------------------------------------------- :0 H # ------------------------------------------------------------------------ * ^Subject:.*majordomo_backup # No need to also filter on To: jhs-list@flat, list_backup@tower { # majordomo_backup from ~/public_html/bin/.sh/majordomo.sh # Divert monster backups, before many spam rules slow system. # No longer a monster, so could move. :0 B # ---------------------------------------------------------------- * ^begin 644 majordomo.20 # 20 is first part of year eg 2009. # | $RCVSTORE +owner/backup | /home/jhs/bin/.sh/majordomo_rx.sh } :0 H # -- Above starts the shell, below collects shell output ----------------- * ^Subject:.*majordomo_rx.sh | $RCVSTORE +cron/majordomo_rx # ----------------------------------------------------------------------------- # INCLUDERC: # 2 level nested/ cascading includes work, ie with .procmailrc # including .procmailrc.private, & .procmailrc.private # including .procmailrc.spam # Non nested also works. # ---- # Some of files below for mk@ are dummies, but all are valid for jhs@ # each time I add one I should add a dummy for mk@ INCLUDERC = $HOME/.procmailrc.divert # Diverter with a non public string PUB_MAIL=/pub/mail PUB_MAIL_LIST=$PUB_MAIL/list PUB_FREEBSD_MAIL=/pub/FreeBSD/mail # PUB_MAIL & PUB_MAIL_LIST & PUB_FREEBSD_MAIL used by both: # .procmailrc.berklix & .procmailrc.lists INCLUDERC = $HOME/.procmailrc.berklix # Mail lists normal recipient. INCLUDERC = $HOME/.procmailrc.lists # Mail lists normal recipient. INCLUDERC = $HOME/.procmailrc.system_logs # System logs to keep. # mk@ also includes this to divert # fetchmail.sh bounces. # Before .procmailrc.spam # As security logs lists rejected mail hosts. # Before .procmailrc.private_keep # To avoid logs being archived to julian/ INCLUDERC = $HOME/.procmailrc.private_keep # Family & business enquiries, # After .procmailrc.lists as mk@ postings # to bg-org@ are not personal. INCLUDERC = $HOME/.procmailrc.private_dump # Kill list, Offensive people, # After .procmailrc.lists, # As may be less offensive on lists. INCLUDERC = $HOME/.procmailrc.web_form # Ski # Before .procmailrc.spam (I review) # As some automaticly discardable. # JJLATER consider moving .procmailrc.people.inc up from below to here. & add mk@ OWNER_MAJORDOMO=owner/majordomo # Used by both .procmailrc.owner_dump & .procmailrc.owner_keep INCLUDERC = $HOME/.procmailrc.owner_dump # Masqueraded spam bounces, # To postmaster & lists & domo owner. INCLUDERC = $HOME/.procmailrc.fonts # Foreign spam, with fonts. INCLUDERC = $HOME/.procmailrc.spam.inc # Specific spam phrases & domains, # Late as possible as: # - Waste of machine time: 68K rule lines. # - Waste of human time: I take a quick # glance at list of senders & block cursor # scroll delete. INCLUDERC = $HOME/.procmailrc.multi # Multi Line Combination Spam # After single line spam phrases INCLUDERC = $HOME/.procmailrc.errors # Mail system errors, # After spam phrases; Many sites stupidly # bounce to me, victim of masquerading spammers. INCLUDERC = $HOME/.procmailrc.owner_keep # List & domo stuff to keep. # After .procmailrc.spam as spammers # target owner@ as well as jhs@ # Maybe move to here: INCLUDERC = $HOME/.procmailrc.owner_dump INCLUDERC = $HOME/.procmailrc.private_self # Self archived copies. # As spammers masquerade as me sending to me. # Include after spammer filtering INCLUDERC = $HOME/.procmailrc.3d # 99.5% spam, but some friends. # Include this after spam phrases. :0 BW # No Body --------------------------------------------------------------- * ![a-z0-9] { # No body. Likely spam unless message in subject line only # which happens occasionaly. # Above, I do not use ![[:print:]] but ![a-z0-9], as: # - If there's just puntuation or parity high foreign char # set junk it's not legible & wanted for me. # - Other rules often FAIL on [[:print:]] :0 HW * !^Subject: # No subject either. Perhaps probes from virused PCs ? | $RCVSTORE +spam/empty :0 W # ---------------------------------------------------------------- | $RCVSTORE +Inbox.d/no_body } :0 HW # No subject line. From someone in a rush ? ---------------------------- * !^Subject: | $RCVSTORE +Inbox.d/no_subject :0 HW # Nearly empty subject line. From someone in a rush ? ----------------- # These rules fail to detect a completely empty line: # JJLATER FAILS * !^Subject:[[:blank:]]*$ # JJLATER FAILS * !^Subject:[[:print:]] # JJLATER FAILS * !^Subject:[[:print:]] * !^Subject:.*[a-z0-9\-] | $RCVSTORE +Inbox.d/subject_empty :0 HW # ------------------------------------------------------------------------ * ^MIME-Version: { :0 HW # --------------------------------------------------------------- * ^Content-Type: multipart # multipart/alternative; From mk@work & other MS. # multipart/mixed; From majordomo-users-owner@greatcircle # multipart/related { :0 BW # ------------------------------------------------------- * ^Content-Type: text/html # Various valid senders are incompetent & # send HTML, & are too ignorant to # understand let alone change mailer settings. { :0 BW # ----------------------------------------------- * !^Content-Type: text/plain # Spammers are more likely to avoid plain text filters. # Avoid catching friends who send plain + html + pics. { :0 BW # --------------------------------------- * ^Content-Transfer-Encoding: base64 { # An enclosure containing # HTML & base64 in same # enclosure would almost # certainly be spam, but no # idea if in same enclosure, # so do not send to # $SPAM_NULL_NO_RCVSTORE # However as also no plain # text, is likely spam. :0 HW # ------------------------------- * may be forged $SPAM_NULL_NO_RCVSTORE :0 HW # ------------------------------- # JJLATER likely rule would FAIL: # [[:blank:]]*[[:print:]]+ * ^Subject:.*[a-z0-9\-]+ gave me this link | $RCVSTORE +spam/phrases.egrep # ------------------------------------- :0 W # Probably spam, unless a friend # sent HTML, no plain, + pics # | $RCVSTORE +spam/base64html # No EXMH blue, # auto deleted after a while spam/base64html/. } :0 WH # ---------------------------------------- * ^Content-Type: text/html # HTML From Spammers & Incompetents. | $RCVSTORE +$INBOX_HTML_NO_PLAIN } } :0 BW # ------------------------------------------------------- * ^Content-Type: application/octet-stream * ^Content-Transfer-Encoding: base64 * name="[a-z]+\.rtf" | $RCVSTORE +Inbox.d/rtf } # Divert known people with mailer tools that always emit MIME header, # including some who send pictures # JJLATER consider moving .procmailrc.people.inc outside the MIME INCLUDERC = $HOME/.procmailrc.people.inc # --------------------------------------------------------------------- :0 HW # Catch spammers sending images of pills ------------------------ # Most use include random text as disguise for spam graphics, # * ^Content-Type: multipart/mixed # * ^Content-Type: multipart/alternative * ^Content-Type: multipart { :0 BW # ------------------------------------------------------- # Avoid catching friends who include jpeg camera pics & jokes. * !^Content-Type: image/(jpeg|jpg); { :0 WB # ----------------------------------------------- * ^Content-Type: multipart/alternative; # I have seen: Content-Type: text/plain; # but omit the ';' & allow html instead # --------- * ^Content-Type: text/[a-z] # --------- * ^Content-Type: image/[a-z] # I have seen: Content-Type: image/png; # but catch any images # --------- * ^Content-Transfer-Encoding: base64 | $RCVSTORE +Inbox.d/image+text :0 WB # Spam images with no text ---------------------- * ^Content-Type: image/[a-z] | $RCVSTORE +Inbox.d/image } :0 BW # ------------------------------------------------------- * ^Content-Type: image/(jpeg|jpg); | $RCVSTORE +Inbox.d/jpeg } :0 HW # --------------------------------------------------------------- # The previous text/html rule was conditional also on multipart, # now catch HTML with no plain equivalent. * ^Content-Type: text/html | $RCVSTORE +$INBOX_HTML_NO_PLAIN :0 w # ---------------------------------------------------------------- | $RCVSTORE +Inbox.d/mime } :0 WH # ---------------------------------------------------------------------- # Trap spam trying to look personal with To jhs in subject line. * ^Subject: ((To|For)(:|) |)jhs(\-list|)@((flat|tower|slim|js)\.|)(berklix|bsdpie|surfacevision|monometro)\.(org|com|net|eu|co\.uk) spam/subject_to_jhs/. :0 WH # ---------------------------------------------------------------------- # jhs-list gets occasional private replies to list postings, but mostly spam. # * ^Subject: ((To|For)(:|) |)jhs(\-list|)@((flat|tower|slim|js)\.|)(berklix|bsdpie|surfacevision|monometro)\.(org|com|net|eu|co\.uk) * ^(To|Cc): .+jhs\-list@((flat|tower|slim|js)\.|)(berklix|bsdpie|surfacevision|monometro)\.(org|com|net|eu|co\.uk) | $RCVSTORE +Inbox.d/jhs-list :0 WH # ---------------------------------------------------------------------- * ^To: +("[a-z \.]+" \<|)jhs\-list@berklix * ^From: +("[a-z \.]+" \<|)jhs\-list@berklix | $RCVSTORE +Inbox.d/jhs-list-to_from :0 WH # ---------------------------------------------------------------------- * ^From jhs-list@berklix # Spam - i never mail myself with this, & lists get filtered before. | $RCVSTORE +spam/jhs-list-from :0 WH # ---------------------------------------------------------------------- * ^To: jhs@(flat|tower|slim|js).berklix | $RCVSTORE +Inbox.d/hosts :0 WH # ---------------------------------------------------------------------- * ^Delivered-To: jhs@freebsd.or # Old address perhaps a spammer harvesting. | $RCVSTORE +Inbox.d/freebsd :0 WH # ---------------------------------------------------------------------- * ^To: jhs@js.berklix | $RCVSTORE +Inbox.d/js :0 WHB # ---------------------------------------------------------------------- * ^Content-Transfer-Encoding: base64 # Mostly spam, But pictures from friends too ? # Non Spams have included: # Content-Type: application/x-pkcs7-signature # Content-Type: application/pdf | $RCVSTORE +Inbox.d/base64 :0 WH # ---------------------------------------------------------------------- * ^To: undisclosed-recipients:; # Probably a spammer (though Geoff used to use it too). # Divert it, so it does not ring my Inbox bell. | $RCVSTORE +Inbox.d/undisclosed :0 WH # ----------------------------------------------------------------------- * ^Cc: recipient list not shown: # Probably a spammer. Might be a a person who does not want friends to see # each other's addresses. # Divert it, so it does not ring my Inbox bell. | $RCVSTORE +Inbox.d/undisclosed :0 WH # ----------------------------------------------------------------------- # Trap spammers using wrong name eg To: "Santos" # (unfortunately will also trap genuine mis-spellers) # totalregistrations addresses me as "jhs@mx.berk # Do not catch addresses without double quotes eg 'Julian Stacey * \ | $RCVSTORE +$INBOX_HTML_NO_PLAIN :0 WB # ----------------------------------------------------------------------- * \ * \  | $RCVSTORE +$INBOX_HTML_NO_PLAIN :0 WB # ----------------------------------------------------------------------- * \ * \  | $RCVSTORE +$INBOX_HTML_NO_PLAIN :0 WH # ----------------------------------------------------------------------- # (mmds-216-19-11-135.tbm.az.commspeed.net [216.19.11.135] (may be forged)) # satisfy brackets.c ( # JJLATER might FAIL: * \[[[:digit:]]+\.[[:digit:]]+\.[[:digit:]]+\.[[:digit:]]+\] \(may be forged\)\) # ( brackets.c compensator * \[[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+\] \(may be forged\)\) * !Received: from js.berklix.net \(p[0-9]+.dip.t-dialin.net # ) brackets.c matcher | $RCVSTORE +spam/forged :0 WB # ----------------------------------------------------------------------- # Trap mail with font to avoid ringing my bell, likely spam * \ * http:// { :0 WH * !^Subject: Cron calendar * !^From: jhs@berklix\.(com|net|org) \(Cron Daemon\) | $RCVSTORE +Inbox.d/http } :0 BW # ----------------------------------------------------------------------- # Mime enclosure: # These cause trouble to exmh. OK it won't catch all, # as some slide earlier into Mbox, also it wont trigger biff. # Tough on both scores, it will catch some. # These Content-Transfer-Encoding: quoted-printable are bastards, # I've also seen them split domains in body of text eg # "USAA.Web.Services@customermail=" \n "usaa.com" # Maybe look at eg /usr/ports/mail/mimedefang * ^Content\-Transfer\-Encoding: quoted\-printable | $RCVSTORE +Inbox.d/quoted-printable # ----------------------------------------------------------------------------- # Msg-Protect=0600 :0 wc # ----------------------------------------------------------------------- # Store rest & get it to change colour in EXMH with rcvstore. | $RCVSTORE +$INBOX_PLAIN :0 Wc # ----------------------------------------------------------------------- # Keep a copy of last 100 personal mails see "man 5 procmailex" # dot at beginning makes it invisible to exmh. .Recent :0 Wic # ---------------------------------------------------------------------- | cd .Recent && rm -f dummy `ls -t msg.* | sed -e 1,100d` # Example of directory content: # -rw------- 1 jhs staff 1440 Mar 17 15:12 msg.-a_J # ... 98 lines deleted ... # -rw------- 1 jhs staff 972 Mar 19 00:02 msg.zc_J # JJLATER I should perhaps keep last few days # $SPAM_NULL_NO_RCVSTORE spams. :0 W # So bell will ring with eg: xbiff -file /usr/home/jhs/mail/.xbiff # ----- $MAILDIR/.xbiff # man procmailrc: # If processing falls off the end of the rcfile, # procmail will deliver the mail to $DEFAULT # So Why, as the .xbiff line above has no "c" do I get duplicates ? # So see if anything gets here # :0 # | $RCVSTORE +error/dups # end # No, nothing received.