Procmail?/


#1

I will readily admit that I have not researched this at all yet so if it’s
covered in an FAQ, just point me there please :slight_smile:

I want to set up some procmail recipes to filter out spam and viruses from
my RT queus, has anyone done this before and if so do you have any
pointers?

Jason
Split Infinity

FREE Web Site Monitoring for ALL! 100% FREE!
http://www.ServerRat.com/tag/
Notifies you via: ICQ, AIM and EMAIL!


#2

I want to set up some procmail recipes to filter out spam and viruses from
my RT queus, has anyone done this before and if so do you have any
pointers?

I’m using procmail to filter out mailing list posts except for one
subscriber (one machine really). This way you get a to-do when the
machine has a package ready to go, everybody on the mailing list is
free to comment, but RT only accepts mail from that build machine.

just use procmail for your default delivery agent and put in a
.procmailrc file for the “rt” user. BUT you have to remember that
with sendmail, /etc/aliases gets called before getting to mail.local
so use [queuename]:rt in /etc/aliases.

for virus checking I’ve been using this procmail filter:
http://www.impsec.org/email-tools/procmail-security.html

I’ve only used it on a central SMTP server, not on one with RT
installed but it protects me from those damn *.vbs worms.

have fun.

–clark


#3

I use Amavis (http://www.amavis.org/) with the Linux version of McAfee
for virus scanning. Works wonderfully. I looked at the E-mail Sanitizer,
but didn’t like it nearly as much as Amavis, which is also free. The one
thing about the E-mail Sanitizer that I did like over Amavis was the
spam filtering. I’d think that both could be used together without any
problem, although I haven’t tried it.

St-

Clark Shishido wrote:

I want to set up some procmail recipes to filter out spam and viruses from
my RT queus, has anyone done this before and if so do you have any
pointers?

I’m using procmail to filter out mailing list posts except for one
subscriber (one machine really). This way you get a to-do when the
machine has a package ready to go, everybody on the mailing list is
free to comment, but RT only accepts mail from that build machine.

just use procmail for your default delivery agent and put in a
.procmailrc file for the “rt” user. BUT you have to remember that
with sendmail, /etc/aliases gets called before getting to mail.local
so use [queuename]:rt in /etc/aliases.

for virus checking I’ve been using this procmail filter:
http://www.impsec.org/email-tools/procmail-security.html

I’ve only used it on a central SMTP server, not on one with RT
installed but it protects me from those damn *.vbs worms.

have fun.

–clark


rt-users mailing list
rt-users@lists.fsck.com
http://lists.fsck.com/mailman/listinfo/rt-users

Steve Thomas + sthomas@apexvoice.com
Network Administrator + 818.379.8400 Voice
APEX Voice Communications, Inc. + 818.379.8410 Fax


#4

I will readily admit that I have not researched this at all yet so if it’s
covered in an FAQ, just point me there please :slight_smile:

I want to set up some procmail recipes to filter out spam and viruses from
my RT queus, has anyone done this before and if so do you have any
pointers?

Yep, I'm using procmail extensively.  Here's how I'm doing it
(Jesse, feel free to add this to contrib if you want.)

In the sendmail aliases file (note that you may need to place
the | inside the quotes, depending on your configuration):

queuename: | “/usr/local/bin/procmail -a queuename -d rt”

Procmail's -a flag lets us specify the contents of the $1
variable; -d lets you specify the user procmail will become
before attempting delivery.

Then, in ~rt/.procmailrc we have a bunch of log file config
and then the all-important line:

INCLUDERC=/path/to/standard.rc

I suppose I could put it all into RT's .procmailrc, but I
wanted to keep it in a seperate directory for my own sanity.

The standard.rc file archives every message that comes in
using the following recipe:

YRMON=date +%Y-%m
MAILDIR="/local/maps/tickets/archive/$1"
QUEUE="$1"

:0 rc
| gzip --to-stdout --fast >> $MAILDIR/$YRMON.gz

Then it does various filtering; if I want a filter to only
apply to one queue, I'd do something like:

:0

  • ? test $QUEUE = “queuename”

  • ^From:.*example@example.com
    { EXITCODE=69 HOST }

    Next, I’ll filter through stripmime (though we don’t need to
    do that for the queues that’ve been moved to RT2.) I’ve set
    stripmime’s $outputprog to “/bin/cat” so that it works as a
    filter, and further processing can occur afterwards:

:0 f

  • !^From:.*@mail-abuse.org
    | /local/maps/tickets/bin/stripmime | head -c 50000

    The head is so that messages are kept to a sane length,
    but we don’t want to do that before stripmime pulls out any
    attachments.

    I don’t like RT1’s autoresponder; quite simply, it’s way too
    prone to participating in mail loops (RT2 seems better.) So,
    we talked Jesse into creating rt-mailgate’s extended syntax
    somewhere around version 1.0.4, which allows complicated
    procmail-based autoresponder recipes such as:

:0
{
# pipe to rt-mailgate & grab ticket ID; we need error handling here
TICKETID=cat | /local/maps/rt/bin/rt-mailgate --extended-syntax \ --queue $QUEUE --action correspond --ticketid

# grab the subject
SUBJECT=`head -20 | /usr/local/bin/formail -XSubject:`

# autorespond if appropriate
:0 h
  # ever responded on this ticket before? (clear cache periodically)
* !? grep -sq $TICKETID $CACHEDIR/.ticketid.cache
  # is there a message file available?
* ? test -r $AREPDIR/$QUEUE
  # has the message ever looped through anything before?
* !^X-Loop:
  # is it from a daemon or similar?
* !^From.*(daemon|listserv|majordomo|mailman|auto)
  # check precedence
* !^Precedence:.*(junk|list|bulk|noreply|bofh)
  # is it from us?
* !^X-RT-Loop-Prevention: MAPS
  # is it from Alan Brown or tomcat@www.base.com.br?
* !^From.*(alan@manawatu\.gen\.nz|tomcat@www\.base\.com\.br)
| ( /usr/local/bin/formail -rt -I"From: $QUEUE@mail-abuse.org" \
        -I"Subject: [MAPS #$TICKETID] ($QUEUE) $SUBJECT" \
	-A"X-Request-ID: $TICKETID" \
	-A"X-RT-Loop-Prevention: MAPS" \
	-I"Precedence: junk" ; \
    cat $AREPDIR/$QUEUE ) \
  | /usr/sbin/sendmail -oi -t \
  && echo $TICKETID >> $CACHEDIR/.ticketid.cache

# didn't autorespond?  dump it.
:0 E
/dev/null

}

And at the end is a recipe that'll send any remaining messages
to me, in case something slipped through the cracks.

J.D. Falk "The Internet isn’t just a publishing medium or a
Product Manager medium for commerce, it’s a social medium."
Mail Abuse Prevention System LLC – Howard Rheingold