Re: Verifying .procmailrc settings to delete high scoring spam messages
On 04/07/2013 10:44 PM, Bob Proulx wrote: Thomas Cameron wrote: :0: * ^X-Spam-Level:.*\*\*\*\*\*\*\*\*\*\* /dev/null I believe that would match 10 asterisks or more, and redirect the e-mail to /dev/null. Am I right? Mostly all okay. However I don't like the ".*" in the front of it. That isn't likely to cause trouble but it is possible that it could on a crafted email message with a lot of garbage cause trouble. And it isn't needed. We know there will always be one space there. So no need for the ".*" there. Noted, thank you! With /dev/null you don't need the trailing ":" in the ":0:" designating a lockfile. I think procmail special cases /dev/null to avoid the lock file in that case anyway. But just the same I wouldn't put the trailing colon lockfile for /dev/null. Thanks, I realized that after I hit send. I think that was a bad copy-n-paste, it's been taken out. Also it is safer to store to a mail folder at least long enough to test your recipe. So just as a general paranoia instead of /dev/null I would at least start with a mail folder and then only after I have convinced myself that it is good to go only then convert it to a real /dev/null. I like maildir folders so will normally use "folder/" to have procmail create a maildir folder format. And maildir folders never need a lockfile. But use what you like. :0 * ^X-Spam-Level: \*\*\*\*\*\*\*\*\*\* devnull/ Good call, done. Since procmail uses Extended Regular Expressions there is one more optimization I would make. I wouldn't list out every star. It gets hard to count. Is there ten there? Or nine? Or eleven? Quick, without counting, how many? See that is hard. But you can use the normal extended regular expression syntax to simply list the number. :0 * ^X-Spam-Level: \*{10} devnull/ That makes the counting quick and easy. That is very cool, thank you for the regex advice! For me I don't tend to /dev/null things immediately. I tend to always keep at least a queue of them around so that I can look at them. With maildir format each message is an individual file. Meaning that it is easy to delete them by age from the devnull/* directories. I would keep something like this around for whatever you feel is reasonable. I would probably say ten days. That way if I need to go looking for a potentially very spammy message I could still find it within the time window. I would run this daily from cron. find $HOME/Mail/devnull -type f -mtime +10 -delete HTH, Bob Great advice, Bob, thank you very much! I've been watching the cruft in my spam mail folder, and I've never seen anything over 10 that was a false positive. I'm very confident that 10+ needs to just be nuked, but I see your point. I'll let it get filtered into a temporary mail folder for a few days to make sure I'm right, though. Thank you very much for the excellent advice, I really appreciate it! TC
Re: Verifying .procmailrc settings to delete high scoring spam messages
Thomas Cameron wrote: > :0: > * ^X-Spam-Level:.*\*\*\*\*\*\*\*\*\*\* > /dev/null > > I believe that would match 10 asterisks or more, and redirect the > e-mail to /dev/null. Am I right? Mostly all okay. However I don't like the ".*" in the front of it. That isn't likely to cause trouble but it is possible that it could on a crafted email message with a lot of garbage cause trouble. And it isn't needed. We know there will always be one space there. So no need for the ".*" there. With /dev/null you don't need the trailing ":" in the ":0:" designating a lockfile. I think procmail special cases /dev/null to avoid the lock file in that case anyway. But just the same I wouldn't put the trailing colon lockfile for /dev/null. Also it is safer to store to a mail folder at least long enough to test your recipe. So just as a general paranoia instead of /dev/null I would at least start with a mail folder and then only after I have convinced myself that it is good to go only then convert it to a real /dev/null. I like maildir folders so will normally use "folder/" to have procmail create a maildir folder format. And maildir folders never need a lockfile. But use what you like. :0 * ^X-Spam-Level: \*\*\*\*\*\*\*\*\*\* devnull/ Since procmail uses Extended Regular Expressions there is one more optimization I would make. I wouldn't list out every star. It gets hard to count. Is there ten there? Or nine? Or eleven? Quick, without counting, how many? See that is hard. But you can use the normal extended regular expression syntax to simply list the number. :0 * ^X-Spam-Level: \*{10} devnull/ That makes the counting quick and easy. For me I don't tend to /dev/null things immediately. I tend to always keep at least a queue of them around so that I can look at them. With maildir format each message is an individual file. Meaning that it is easy to delete them by age from the devnull/* directories. I would keep something like this around for whatever you feel is reasonable. I would probably say ten days. That way if I need to go looking for a potentially very spammy message I could still find it within the time window. I would run this daily from cron. find $HOME/Mail/devnull -type f -mtime +10 -delete HTH, Bob
Verifying .procmailrc settings to delete high scoring spam messages
All - I have a pretty simple .procmailrc setup for my home mail server. Right now it looks like: :0fw: spamassassin.lock * < 256000 | spamc :0: * ^X-Spam-Flag:.*YES spam That dumps everything that is flagged as spam into my spam folder. I want to delete any spam that scores over 10, though. I believe that I should insert a new rule between the first and second, and I want to use the X-Spam-Level header. But since it uses asterisks, which are interpreted as regex wildcards, I want to make sure I've got the right syntax. I think I would need to escape out the asterisks, right? Would it look like this? :0: * ^X-Spam-Level:.*\*\*\*\*\*\*\*\*\*\* /dev/null I believe that would match 10 asterisks or more, and redirect the e-mail to /dev/null. Am I right? Thanks! Thomas