Mail Filtering with Procmail

This is an old page saved for posterity. It is no longer updated.

Procmail is an autonomous mail processor or mail filter for unix, anybody receiving more than a couple of emails a day can greatly benefit from the features provided.

I mainly use procmail to filter spam from my main inbox into a separate spam folder which I glance over every once in a while before deleting. Procmail can also be used to filter mail into different folders eg. for mailling lists.

You can get the recipe that I use here, This .procmailrc combines a list of email addresses from which
I always want to receive mail, a list of addresses I never want to receive mail from (sent to /dev/null) and a set of rules to try and look for common spammer patterns. I won’t make my list of blocked addresses available as it is quite tailored for myself and not really a generic spammers list.You can find spammer lists from many places on the net, here for example.

If you want to learn more about creating your own .procmailrc files a good place to start would be Mail
Filtering with Procmail
. Procmail uses extended regular expressions. You won’t understand a lot of the rules unless you understand regexps, there is a good guide to using regular expressions here.

There is also a lot of information in the various procmail man pages:

man procmail – The basic description of the program. It discusses options to the procmail program and has a couple examples at the end.

man procmailrc – Detailed description of the format of the .procmailrc file, which controls all the filtering.

man procmailex – Several working examples of .procmailrc entries. A very useful resource.

man procmailsc – Discusses weight-scoring, a technique for very expert-level filtering.

Timo Salmi has a page of procmail tips and recipes and his Foiling Spam with an Email Password System is a very interesting method of avoiding spam.

SpamAssassin
I am now using SpamAssassin in addition to Procmail. SpamAssassin is a mail filter that uses a comprehensive rule base to identify spam by parsing both the message body and headers.

All mail that passes through my own rules unscathed is fed through SpamAssassin, this way SpamAssassin can catch anything that may have slipped through. As SpamAssassin is fairly resource intensive catching things before it hits SpamAssassin helps to keep the server load down.

SWEN Email Virus Detection
Here’s a nice and short recipe I found on usenet to remove the SWEN email virus which has been a great annoyance recently:

:0
* > 140000
* < 165000

{
:0 BD
*b3IAAABBZG1pbgAAAEdFVCBodHRwOi8vd3cyLmZjZS52dXRici5jei9iaW4vY291bnRlci5naWYv
/dev/null
}

This searches message of the lengths sent out by the SWEN worm for a BASE-64 encoded URL which comes with each of the copies no matter how the rest of the payload is munged.

Procmail Mailing List Archive

Last modified: 21 July 2012