Re: spamfilter package -- help requested
Response to self.
on Fri, Nov 03, 2000 at 12:16:05PM -0800, kmself@ix.netcom.com
(kmself@ix.netcom.com) wrote:
> I've installed and tweaked the spamfilter package (Lars Wirzenius's
> procmail recipies). While I'm largely happy with the filters (I see
> *no* spam, though logs show over 80 spam messages blocked since early
> September -- despite lifting my ISP's spam filter (largely ineffective),
> and posting liberally to Usenet, several mailing lists, with multiple
> online references to my email address.
> The problems:
>
> - Mail sent *from* me *to* several mailing lists, and echoed to me
> from the list, is classified as local outgoing mail, and isn't
> filtered to the appropriate list folder. This occurs only for
> certain lists. debian-user, for example, works fine. The lsec
> list, as an example, doesn't. Instead, the mail is appended to the
> auto-generated greylist. I believe this is governed by the mainline
> script, I'm attaching my local copy.
Indeed it was. Several problems.
First, my ~/.procmailrc was referencing the *system*, not *local*,
mainline script. Modifying the following line toward the end of
~/.procmailrc:
INCLUDERC=/usr/lib/spamfilter/rules/mainline
to
INCLUDERC=$PM_RULES/mainline
...insures that modifications to the mainline file do take effect. I'd
copied mainline to ~/.procmail/rules/ to make local modifications.
The second issue was the set of headers being used to detect list mail.
The following set of rules in 'mainline' needs to have one additional
header added to it to match several commonly used lists:
| #
| #
| # See if this mail is _from_ me, and if so, use it to update the greylist
| #
| :0
| * $ ^Received:.*from.*$MYHOST
| * $ ^Message-ID:.*$MYHOST
| * $ ^From:.*$MYADDR
| * ! ^Resent-From:
| * ! ^X-Loop:
| * ! ^X-Mailing-List:
| * ! ^X-Been-There:
| {
Add:
* ! ^X-BeenThere:
...which is inserted by several list management software packages.
> - Non-blacklist spam. Mail which is identified as being spam w/o
> being listed in my blacklist appears to get /dev/null'ed. I'd
> rather it went to a spam folder. I believe this is goverened by the
> spam.rules script.
Though I haven't made the change yet, this is where the 'c' procmail
rule flag comes into play. Create a carbon-copy of the mail for the
purposes of replying to spam, then file the original message to some
spam folder. Preliminary tests suggest this is what I want.
> - Debugging procmail filters isdifficult. My understanding is
> that I should be able to take a message, say, dumped to the backup
> directory, and run it through procmail with:
>
> $ cat message | procmail procmailrc-file
>
> ...which will filter one message 'message' through procmail using
> the procmail rc file 'procmailrc-file'. But it don't seem to work
> for me. Clue?
Setting the "VERBOSE=yes" variable helps. Diagnostics are printed to
stdout.
On another note, my ISP disabled my account for a 24 hour period due to
an autoresponder war I'd managed to get into with a third-party ISP's
abuse@ address. Their abuse message:
1. Came from a non-recognized address.
2. Tripped two 'likely spam' keywords, include "remove" and
"commercial *mail.
3. On account of prior issues, I'd removed the 'spam-reply.txt'
file, so my responses were
After exchanging some 353 messages in a 24 hour period, the other party
blacklisted my ISP for email. My ISP killed my account as part of its
abuse response ten days later (I've had words, and received a grand
total of $0.70 pro rata reimbursement for the downtime ).
I've recommended to Brian White, and he's added to the default
whitelist, the following general response accounts:
# Useful addresses to keep open
postmaster@
abuse@
administrator@
root@
...would recommend others do same.
--
Karsten M. Self http://www.netcom.com/~kmself
Evangelist, Zelerate, Inc. http://www.zelerate.org
What part of "Gestalt" don't you understand? There is no K5 cabal
http://gestalt-system.sourceforge.net/http://www.kuro5hin.org
pgpnLRzeKmgQM.pgp
Description: PGP signature
spamfilter package -- help requested
I've installed and tweaked the spamfilter package (Lars Wirzenius's procmail recipies). While I'm largely happy with the filters (I see *no* spam, though logs show over 80 spam messages blocked since early September -- despite lifting my ISP's spam filter (largely ineffective), and posting liberally to Usenet, several mailing lists, with multiple online references to my email address. Enough advocacy. For anyone else using the package, I'd appreciate assistance with... The problems: - Mail sent *from* me *to* several mailing lists, and echoed to me from the list, is classified as local outgoing mail, and isn't filtered to the appropriate list folder. This occurs only for certain lists. debian-user, for example, works fine. The lsec list, as an example, doesn't. Instead, the mail is appended to the auto-generated greylist. I believe this is governed by the mainline script, I'm attaching my local copy. Diagnostics from the procmai.log follow below. I've modified the mainline script to try to correct this without success to date. - Non-blacklist spam. Mail which is identified as being spam w/o being listed in my blacklist appears to get /dev/null'ed. I'd rather it went to a spam folder. I believe this is goverened by the spam.rules script. I'm attaching my local copy. - Debugging procmail filters isdifficult. My understanding is that I should be able to take a message, say, dumped to the backup directory, and run it through procmail with: $ cat message | procmail procmailrc-file ...which will filter one message 'message' through procmail using the procmail rc file 'procmailrc-file'. But it don't seem to work for me. Clue? I'm also attaching my main .procmailrc file, though it's little changed from defaults. lsec processing log -- this should be filtered to greylist, is instead being applied to the local greylist. From [EMAIL PROTECTED]/Linux-Consulting.com Fri Nov 03 11:56:26 2000 Subject: [lsec] test, ignore Folder: /home/karsten/.procmail/backup/msg.3ZH 3136 procmail: Unlocking "/home/karsten/.procmail/run/backup.lock" procmail: Executing " test x$DEBUG = xyes" procmail: Match on " test x$DEBUG = xyes" procmail: Locking "/home/karsten/.procmail/run/backup.lock" procmail: Executing " cd $PM_BACKUP && rm -f dummy `ls -t | sed -e 1,200d`" procmail: Assigning "LASTFOLDER= cd $PM_BACKUP && rm -f dummy `ls -t | sed -e 1,200d`" From [EMAIL PROTECTED]/Linux-Consulting.com Fri Nov 03 11:56:26 2000 Subject: [lsec] test, ignore Folder: cd $PM_BACKUP && rm -f dummy `ls -t | sed -e 1,200d`3136 procmail: Unlocking "/home/karsten/.procmail/run/backup.lock" procmail: Assigning "OBVIOUSLYTO=(((Original-)?(Resent-)?(To|Cc)):(.*[^a-zA-Z])?)" procmail: Assigning "INCLUDERC=/home/karsten/.procmail/rules/priority.rules" procmail: Match on "^Message-ID:.*(myhostname|ix.netcom.com)" procmail: Match on "^From:.*(kmself(|,|$|@.*(ix.netcom.com|ix.netcom.com))|kmself|karsten|kar [EMAIL PROTECTED]|root|[EMAIL PROTECTED])" procmail: Match on ! "^Resent-From:" procmail: Match on ! "^X-Loop:" procmail: Match on ! "^X-Mailing-List:" procmail: Match on ! "^(((Original-)?(Resent-)?(To|Cc)):(.*[^a-zA-Z])?)(kmself(|,|$|@.*(ix.ne tcom.com|ix.netcom.com))|kmself|karsten|[EMAIL PROTECTED]|root|[EMAIL PROTECTED])" procmail: Assigning "LASTFOLDER= addpat --append $GREYLIST --header "To|Cc|Bcc|Reply-To" --ma il $USER --from $OFFADDR --dest "greylist" $WHITELIST $GREYLIST" From [EMAIL PROTECTED]/Linux-Consulting.com Fri Nov 03 11:56:26 2000 procmail: Executing " addpat --append $GREYLIST --header "To|Cc|Bcc|Reply-To" --mail $USER -- from $OFFADDR --dest "greylist" $WHITELIST $GREYLIST" Subject: [lsec] test, ignore Folder: addpat --append $GREYLIST --header "To|Cc|Bcc|Reply-To" --ma3136 procmail: Notified comsat: "karsten@: addpat --append $GREYLIST --header "To|Cc|Bcc|Reply-To" --mail $USER --from $OFFADDR --dest "greylist" $WHITELIST $GREYLIST" procmail: Unlocking "/home/karsten/.procmail/run/procmail.lock" -- Karsten M. Self http://www.netcom.com/~kmself Evangelist, Zelerate, Inc. http://www.zelerate.org What part of "Gestalt" don't you understand? There is no K5 cabal http://gestalt-system.sourceforge.net/http://www.kuro5hin.org # # # $Id: mainline,v 1.13 1998/05/22 21:07:22 bcwhite Exp $ # # Spam Filter -- Mainline # # # WARNING: If the global lockfile has been disabled, it is vital that # every delivery rule in the sub-files (special.rules, list.rules, # spam.rules, and user.rules) have a local lockfile (trailing ":"). # Otherwise, you could get corrupted mail
