Easy Email Filtering with Procmail

There are two ways that procmail can be set up. You can set it up so that each user can choose to use it (or not) or you can have it invoked through your mailer. We're going to examine the first method.

For individual users, there are several steps to setting up procmail. Each new user should first set up his .procmailrc file. This file defines how his email will be processed -- which messages will be dropped into individual mailboxes, which will be deleted immediately, etc. He should then create the required directories and files (more on this in a minute). Third, he should create the .forward file that forces his incoming mail through his procmail filters. And last, he should run a test to make sure that his setup works.

The .procmailrc file contains the settings and filtering rules that procmail will use. The settings in this file might look like this:

# Set to yes when debugging
SHELL=/bin/bash
MAILDIR=$HOME/Msgs       # Make sure this directory exists!
LOGABSTRACT=all
VERBOSE=yes

In this example, we can see that we are specifying the mail directory where the user's filtered messages will be kept. We are also, initially anyway, using verbose mode to capture data in our log file. Once the setup is known to be working properly, it's a good idea to turn verbose logging off:

## LOGABSTRACT=all
VERBOSE=no

The .procmailrc file will also contain a series of rules or "recipes" that determine how messages are processed. The first line of each rule is generally just ":0". This marks the beginning of a recipe, invoking no special options.

The next line generally identifies what you are looking for and can include regular expressions. The recipe shown below, for example, looks for subject lines containing the word "test".

:0
* ^Subject:.*test
testing

The third line identifies the mailbox that you want to append the message to. In this case, our messages will be added to a file named "testing" in the $HOME/Msgs box identified earlier.

Notice that we are filtering on lines that begin (^) with "Subject:" (i.e., the subject line) and then have one or more characters between this text and the word "test".

To delete messages, send them to /dev/null using a rule like this:

:0
* ^Subject:.*v?agra
/dev/null

You can filter your incoming mail by sender, recipient, subject line, message length and key words contained in the message. You can even make some minor changes to the text, such as adding a warning to the beginning of the subjet line if the message appears suspicious.

Filtering on senders might look like this:

:0
* ^From.*nemesis@aol.com
/dev/null

:0:
* ^From.*bugfarm.org
bugfarm

Here's one the drops all messages with twelve or more recipients into a file named "SPAM":

:0:
* ^(To|CC):.*,.*,.*,.*,.*,.*,.*,.*,.*,.*,.*,.*
SPAM

This recipe puts messages with more then 10,000 characters in a file named "bigmsgs" for later perusal:

:0
* > 10000
bigmsgs

A rule like this would throw all incoming email into a file named hold4me. You might put a "catch all" rule filter like this at the bottom of all the others.

:0:

hold4later

Setting up the user's .forward file is a little tricky. Make the syntax look just like exactly this and make sure you include the double quotes. Just replace "shs" with your user's username:

"|IFS=' ' &&exec /usr/bin/procmail -f-|| exit 75 #shs"

Also make sure your .forward files are set to 600 (rw-------) permissions or sendmail is likely to ignore them.

Procmail is surprisingly modest in its use of system resources and is as good as your ability to characterize the mail that you receive.

What’s wrong? The new clean desk test
Join the discussion
Be the first to comment on this article. Our Commenting Policies