Re: [newbie] Procmail and Fetchmail as system services

[robin]

HaywireMac wrote:

On Wed, 03 Sep 2003 16:43:03 +1000
Stephen Kuhn <[EMAIL PROTECTED]> uttered:
 

Why not /dev/null?
 

Have you actually read through the entire RC file yet?
   



Funnily enough, this is one of the first messages I received since a typo in my rc.mail sent all of my mail to /dev/null.  The only prog I know with more potential for embarrassment than procmail is postfix (I'll never forget the time I accidentally managed to send the backup log to everyone in our domain).

Now I know why sensible people also have a file named something like rc.testing

Sir Robin
--
"There are other rules, but you'll find out what those are when you break them."
- Blake's 7
Robin Turner
IDMYO
Bilkent Univeritesi
Ankara 06533
Turkey
www.bilkent.edu.tr/~robin




Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com

Re: [newbie] Procmail and Fetchmail as system services

[Stephen Kuhn]

On Wed, 2003-09-03 at 22:06, HaywireMac wrote:
> On Wed, 3 Sep 2003 07:49:39 -0400
> Bryan Phinney <[EMAIL PROTECTED]> uttered:
> 
> > This doesn't sound too hard.
> 
> To a software test engineer maybe... 

Ok...step by step.

1.) Download the nkvir-rc and put it in your /etc/ directory

2.) Edit the /etc/procmailrc and at the end of the file, but
INCLUDERC=/etc/nkvir-rc

3.) Fire up KCRON (nice GUI for editing the system crontab), locate ROOT
and then right-click TASKS - choose NEW/ADD - put in whatever
description you desire - and in the program field, put
/usr/bin/fetchmail --nodetach

4.) Set the schedule to run every day, at 15 minute intervals (or
whatever you so desire - I like the 15 minute bit because it keeps my
POP3 servers clean and tidy)

5.) On a workstation running MS Outlook Express, create a new account
using IMAP instead of POP3 - put in the name/IP of your linux box along
with the account name and password.

You're done.

stephen kuhn
==
illawarra computer services
a kuhn media australia company
http://kma.0catch.com
-
* This message was composed on a 100% Microsoft free computer *
-
You will step on the night soil of many countries.


Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com

Re: [newbie] Procmail and Fetchmail as system services

[Bryan Phinney]

On Wednesday 03 September 2003 02:09 pm, HaywireMac wrote:
> On Wed, 3 Sep 2003 13:51:49 -0400
>
> Bryan Phinney <[EMAIL PROTECTED]> uttered:
> > I don't think that it would be too hard.  I could do a DNS query for
> > an MX record and if you don't have one, simply deny the connect.  If
> > you are running a real mail server, you should have an MX record on a
> > DNS.  Dynamic ranges won't have those because they are dynamic.
>
> How does one "register" a mail server? Could I not register the one I am
> using, and get around it that way?
>
> My setup at Zoneedit.com allows me to add a mailserver, what if I just
> put mail.orderinchaos.org?

Might work for some but might not for others.  A reverse DNS on the IP won't 
show Zoneedit as the owner of the dynamic IP, it will show the ISP that the 
IP is assigned to.  Trying to connect to a MTA that does reverse lookups 
would get you denied because the IP would not match the domain that you 
report.  If they are doing that check.  I don't think that there is any real 
substitute for a static IP assigned through a registrar.

I think that in order to run a mailserver with a dynamic address, you have to 
use a mail reflector to bounce mail through.

-- 
Bryan Phinney
Software Test Engineer


Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com

Re: [newbie] Procmail and Fetchmail as system services

[Bryan Phinney]

On Wednesday 03 September 2003 12:00 pm, HaywireMac wrote:
...snip
>
> How is that accomplished? That would be a procmail recipe, I assume, no?

Yes, something like this:
:0H
* ^List-Owner: 
/var/spool/mail/user

In the above recipe, it checks headers for the List-Owner header and if it 
matches, it appends the message to /var/spool/mail/user directly rather than 
passing the mail back to the MTA for delivery.

This also serves to bypass any additional procmail recipes that are further 
down the procmailrc file.

>
> Ya, that's my one problem is *sending*, as I cannot use my own domain
> (lots of people do reverse lookups, see my IP is a "consumer" block and
> reject it...) and must tell Postfix to relay mail through my ISP so as
> not to get RBL'd. Someday, though...

Well, I don't have my own domain either, even if I did, my ISP blocks outgoing 
port 25 so I can't originate mail outbound, I simply let Postfix relay 
through my ISP, aka smarthosting mail.  

-- 
Bryan Phinney
Software Test Engineer


Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com

Re: [newbie] Procmail and Fetchmail as system services

[HaywireMac]

On Wed, 3 Sep 2003 12:02:15 -0400
Bryan Phinney <[EMAIL PROTECTED]> uttered:

> If he really wants to try to do that, I can try to find where that was
> again.

Nah, I'm gonna stick with the info you guys have provided for now, keep
it simple, right?

Thanks for all the help and explanations, I'm starting, just starting
mind you, to get the picture.

-- 
HaywireMac
Registered Linux user #282046
Homepage: nodex.sytes.net
++
Mandrake HowTo's & More: http://twiki.mdklinuxfaq.org
++
An idea is not responsible for the people who believe in it.

Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com

Re: [newbie] Procmail and Fetchmail as system services

[Bryan Phinney]

On Wednesday 03 September 2003 11:37 am, Derek Jennings wrote:
> On Wednesday 03 Sep 2003 4:28 pm, Bryan Phinney wrote:
> > On Wednesday 03 September 2003 10:45 am, HaywireMac wrote:
> > > > IIRC, Fetchmail can pass mail through Procmail like a filter,
> > >
> > > like so:?
> > >
> > > postconnect "procmail"?
> >
> > IIRC, I read this, but am not doing it myself.  I would have to research
> > to find the exact command and syntax to make it do this.
>
> If there is no MTA like Postfix or Sendmail listening on Port 25 fetchmail
> will automatically pass the mail to procmail so long as /etc/procmailrc or
> ~/.procmailrc exists.

Yeah, but that is because it is using Procmail as the MDA.  For some reason, I 
keep thinking that I read some writeup that said that you could pipe mail 
through Procmail with Fetchmail and still have it passed back to the MTA, so 
you could filter some mail out before it got to the MTA.

If he really wants to try to do that, I can try to find where that was again.

-- 
Bryan Phinney
Software Test Engineer


Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com

Re: [newbie] Procmail and Fetchmail as system services

[HaywireMac]

On Wed, 3 Sep 2003 11:28:13 -0400
Bryan Phinney <[EMAIL PROTECTED]> uttered:

> On Wednesday 03 September 2003 10:45 am, HaywireMac wrote:
> 
> > > IIRC, Fetchmail can pass mail through Procmail like a filter,
> >
> > like so:?
> >
> > postconnect "procmail"?
> 
> IIRC, I read this, but am not doing it myself.  I would have to
> research to find the exact command and syntax to make it do this.

Well, I might just have enough now to do a test run, we'll see how it
goes. I'm looking at Derek's tutorial right now, and it's called from
Postfix, so maybe I'll do it that way.

> > > after passing through, Procmail adds whatever is called for by the
> > > recipes and then Fetchmail delivers mail back to the local MTA,
> > > Postfix or Sendmail or whichever MTA you are running.  Also,
> > > Fetchmail can pass mail to Procmail which can act as an MDA and
> > > puts mail directly into the maildir folders, if that is the way
> > > that it is configured.
> >
> > Not to muddy the waters, but just out of curiosity, I could bypass
> > Postfix completely?
> 
> Yes.  Specify a specific MDA, like Procmail and you will bypass
> Postfix completely and write directly to /var/spool/mail/user or write
> directly to maildir type folders as specified by the MDA.
> 
> > I read in one "quickstart" guide that a .forward file is unnecessary
> > if using fetchmail...is that correct?
> 
> Most people only run one set of filters, not more than one since you
> would be checking the same content twice which is twice as much work
> as doing it all the first time.  So, if you use fetchmail and send to
> the MTA which is default behavior, you control delivery from the MTA,
> the .forward file is unnecessary

Excellent, the more steps I can skip while learning, the better...er...
at least in my mind ;-)
 
> No, you can send it wherever you like.  For myself, I don't write
> anything directly to a MAILDIR, I like to pull my mail down with the
> client so that I can do a little client side filtering, such as
> putting mail lists in folders, etc.  So, I use procmail to Append to
> file /var/spool/mail/user when I direct mail to specific places.
> 
> Messages that come from known mailing lists or things that I don't
> want to go through the SA or other filters gets appended to
> /var/spool/mail/user, based on who is subscribed to the mail list,
> directly, bypassing any additional filters in Procmail.

How is that accomplished? That would be a procmail recipe, I assume, no?

> Then, known crap is pushed off to /dev/null based on a pinhead list
> that I maintain seperately.

LOL! Hope I never end up on that one...I know I've come close a few
times with others... ;-)

> You can either append it directly using Procmail, or you can stick it
> in MAILDIR directly, or you can let the piped mail go to Postfix where
> it will match the local user specified by Fetchmail with the local
> account and drop it in the right mbox.

Cool.

> > Thanks so much for your time and explanations, I *am* reading the
> > docs at the same time, but as I always say, it is one thing to RTFM,
> > it is another to UTFM!
> 
> Some of the stuff you are wanting to do is stuff that I haven't done
> yet, I actually like running my own mail server, even if I don't have
> it open to the net to send mail from.

Ya, that's my one problem is *sending*, as I cannot use my own domain
(lots of people do reverse lookups, see my IP is a "consumer" block and
reject it...) and must tell Postfix to relay mail through my ISP so as
not to get RBL'd. Someday, though...

-- 
HaywireMac
Registered Linux user #282046
Homepage: nodex.sytes.net
++
Mandrake HowTo's & More: http://twiki.mdklinuxfaq.org
++
Faith goes out through the window when beauty comes in at the door.

Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com

Re: [newbie] Procmail and Fetchmail as system services

[HaywireMac]

On Wed, 3 Sep 2003 16:25:42 +0100
Derek Jennings <[EMAIL PROTECTED]> uttered:

> 
> If you install the fetchmail-daemon RPM then fetchmail will
> automatically start as a root service using /etc/fetcmailrc as its
> config file.
> BTW: I may have mentioned this before, but there is a writeup on my
> homepage on precisely the same application as you are trying to do.

ya, ya, you mentioned it, but it was a little more complicated than my
level of understanding up til now. I am reading it now, tho, there may
still be bits which I am unclear on (my fault, not yours), so don't RTFM
me if I still ask ?'s. k?

-- 
HaywireMac
Registered Linux user #282046
Homepage: nodex.sytes.net
++
Mandrake HowTo's & More: http://twiki.mdklinuxfaq.org
++
We have reason to be afraid.  This is a terrible place.
-- John Berryman

Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com

Re: [newbie] Procmail and Fetchmail as system services

[Derek Jennings]

On Wednesday 03 Sep 2003 4:28 pm, Bryan Phinney wrote:
> On Wednesday 03 September 2003 10:45 am, HaywireMac wrote:
> > > IIRC, Fetchmail can pass mail through Procmail like a filter,
> >
> > like so:?
> >
> > postconnect "procmail"?
>
> IIRC, I read this, but am not doing it myself.  I would have to research to
> find the exact command and syntax to make it do this.
>

If there is no MTA like Postfix or Sendmail listening on Port 25 fetchmail 
will automatically pass the mail to procmail so long as /etc/procmailrc or 
~/.procmailrc exists.

derek

-- 
--
www.jennings.homelinux.net
http://twiki.mdklinuxfaq.org


Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com

Re: [newbie] Procmail and Fetchmail as system services

[HaywireMac]

On Wed, 3 Sep 2003 09:01:05 -0400
Bryan Phinney <[EMAIL PROTECTED]> uttered:

> On Wednesday 03 September 2003 08:06 am, HaywireMac wrote:
> > On Wed, 3 Sep 2003 07:49:39 -0400
> >
> > Bryan Phinney <[EMAIL PROTECTED]> uttered:
> >
> > > 1.  Run Fetchmail as root
> >
> > So, if I were to follow Stephen's advice and use cron instead of
> > inetd, I could just su root and crontab -e to create an entry
> > then?
> 
> Or use Webmin, if you prefer the easy way to do things.

Yes, Webmin is a kickass tool, and cron entries still confuse the hell
out of me. This way I could configure cron thru Webmin, then see what it
spits out to get a better understanding...

> > And fetchmail would call Procmail, and then Postfix would
> > automagically be waiting when Procmail was done it's business? And
> > the hip bone's connected to the... ;-)
> 
> IIRC, Fetchmail can pass mail through Procmail like a filter, 

like so:?

postconnect "procmail"?

> after passing through, Procmail adds whatever is called for by the
> recipes and then Fetchmail delivers mail back to the local MTA,
> Postfix or Sendmail or whichever MTA you are running.  Also, Fetchmail
> can pass mail to Procmail which can act as an MDA and puts mail
> directly into the maildir folders, if that is the way that it is
> configured.

Not to muddy the waters, but just out of curiosity, I could bypass
Postfix completely?

> > > and pass the mail off through procmail on the way to Postfix.
> > > Procmail runs a /etc/procmailrc recipe as a root service and calls
> > > the nkvir recipe through an include file from that recipe.  You
> > > can also add in Spamassassin and any other filters in this recipe.
> >
> > Ok, so I had it backwards, it's Procmail *b4* Postfix then...
> 
> Fetchmail to Procmail to Postfix to var/spool/mail to .forward file

I read in one "quickstart" guide that a .forward file is unnecessary if
using fetchmail...is that correct?

> back to Procmail again and into maildir in the /home/user/mail
> directory.  I think.
> >
> > > 2.  Then the mail goes to Postfix who delivers to local mail box
> > > file,
> > >
> > > /var/spool/mail/user based on aliases or the rewrite done by
> > > fetchmail in the .fetchmailrc file ([EMAIL PROTECTED] is jblow
> > > here).
> >
> > Ya, since I'm already with configuring that on fetchmail I would
> > probably start there, and learn aliases after.
> 
> I have more than one POP email address.

Me too. I'm infamous for it, ;-)

> Aliases are useful when you want mail from particular accounts to
> pass to specific user accounts. So, mail from one POP might go to
> postmaster which is aliased to a specific user account but gets
> filtered into a specific folder based on the To info.

But again, that can be done in the fetchmailrc, right? I might stick
with that for now, just to keep it as simple as possible.
> >
> > I am looking at sticking to a strictly global config, assuming that
> > I will allow for a minimal amount of spam to reach the end user. The
> > main thing is to catch *all* attachments that end in .pif, etc.
> >
> > The occasional bit of annoying spam is OK.
> 
> Then why worry about the second call to Procmail at all. 

Exactly, I use Mailfilter to delete *definite* no-no's right off the POP
server, then Fetchmail --> Postfix --> Procmail will take care of
the rest...

> Simply pass mail from Fetchmail through Procmail with all filtering
> or even pass mail from Fetchmail directly to Postfix which passes mail
> through Procmail on the way to the /var/spool/mail file.  My own setup
> passes mail from Fetchmail to Postfix, through Procmail and then on to
> /var/spool/mail.  

> I find that a spamassassin level of 10 has no false positives and
> anything above a 4 is a possible with very few false positives.  So
> above 10 gets sent to spam, above 4 is flagged for further checking
> prior to deletion.  Nkvir gets called first before spamassassin so
> viruses and nigerian stuff doesn't even make it to spamassassin.

I'll add the Spamassassin option in later to *really* kick some spam
butt!

This is where I am still confused, though. In the procmailrc, I am under
the impression that one must specify the maildir like so:

MAILDIR=/var/spool/mail/joehill

but of course, if I am dealing with mail for more than one user, do I
just specify /var/spool/mail and Procmail will know which spool to dump
it in, or is this where aliases come in?

Thanks so much for your time and explanations, I *am* reading the docs
at the same time, but as I always say, it is one thing to RTFM, it is
another to UTFM!

-- 
HaywireMac
Registered Linux user #282046
Homepage: nodex.sytes.net
++
Mandrake HowTo's & More: http://twiki.mdklinuxfaq.org
++
It is so stupid of modern civilisation to have given up believing in the
devil when he is the only explanation of it.
-- Ronald Knox, "Let Dons Delight"

Want to buy your Pack or Services from Mandrak

Re: [newbie] Procmail and Fetchmail as system services

[Bryan Phinney]

On Wednesday 03 September 2003 08:06 am, HaywireMac wrote:
> On Wed, 3 Sep 2003 07:49:39 -0400
>
> Bryan Phinney <[EMAIL PROTECTED]> uttered:
> > This doesn't sound too hard.
>
> To a software test engineer maybe... 

Hey, those who can't do, test. ;-}

My personal skillset consists, modestly, of being able to figure out where 
other people's elegant solutions are likely to fail.  I don't mind the work 
and I am pretty good at it, but being able to figure out how to break other 
people's creations is not a skill that one should get too arrogant about.
>
> > 1.  Run Fetchmail as root
>
> So, if I were to follow Stephen's advice and use cron instead of
> inetd, I could just su root and crontab -e to create an entry then?

Or use Webmin, if you prefer the easy way to do things.

> And fetchmail would call Procmail, and then Postfix would automagically
> be waiting when Procmail was done it's business? And the hip bone's
> connected to the... ;-)

IIRC, Fetchmail can pass mail through Procmail like a filter, after passing 
through, Procmail adds whatever is called for by the recipes and then 
Fetchmail delivers mail back to the local MTA, Postfix or Sendmail or 
whichever MTA you are running.  Also, Fetchmail can pass mail to Procmail 
which can act as an MDA and puts mail directly into the maildir folders, if 
that is the way that it is configured.

>
> > and pass the mail off through procmail on the way to Postfix.
> > Procmail runs a /etc/procmailrc recipe as a root service and calls the
> > nkvir recipe through an include file from that recipe.  You can also
> > add in Spamassassin and any other filters in this recipe.
>
> Ok, so I had it backwards, it's Procmail *b4* Postfix then...

Fetchmail to Procmail to Postfix to var/spool/mail to .forward file back to 
Procmail again and into maildir in the /home/user/mail directory.  I think.
>
> > 2.  Then the mail goes to Postfix who delivers to local mail box file,
> >
> > /var/spool/mail/user based on aliases or the rewrite done by fetchmail
> > in the .fetchmailrc file ([EMAIL PROTECTED] is jblow here).
>
> Ya, since I'm already with configuring that on fetchmail I would
> probably start there, and learn aliases after.

I have more than one POP email address.  Aliases are useful when you want mail 
from particular accounts to pass to specific user accounts.  So, mail from 
one POP might go to postmaster which is aliased to a specific user account 
but gets filtered into a specific folder based on the To info.
>
> > 3.  From the local user directory, create a .forward file that calls
> > procmail and applies a local user.procmailrc recipe to do local
> > filtering, although I imagine this is supposed to catch stuff that is
> > different from the first set of recipes, I am imagining a conservative
> > set of filters for global filtering and a more aggressive set here.
>
> I am looking at sticking to a strictly global config, assuming that I
> will allow for a minimal amount of spam to reach the end user. The main
> thing is to catch *all* attachments that end in .pif, etc.
>
> The occasional bit of annoying spam is OK.

Then why worry about the second call to Procmail at all.  Simply pass mail 
from Fetchmail through Procmail with all filtering or even pass mail from 
Fetchmail directly to Postfix which passes mail through Procmail on the way 
to the /var/spool/mail file.  My own setup passes mail from Fetchmail to 
Postfix, through Procmail and then on to /var/spool/mail.  Mail that is 
flagged as virus, or spam by spamassassin is tagged by Procmail and then 
moved directly to /var/spool/mail/spam mailbox where I check it once per week 
before allowing a cron job to delete it.  You could just as readily flag 
based on levels, pass viruses and definite-spam directly to /dev/null and 
then put possible-spam in a spam mailbox where you can check it periodically 
for false positives prior to deleting it.

I find that a spamassassin level of 10 has no false positives and anything 
above a 4 is a possible with very few false positives.  So above 10 gets sent 
to spam, above 4 is flagged for further checking prior to deletion.  Nkvir 
gets called first before spamassassin so viruses and nigerian stuff doesn't 
even make it to spamassassin.

>
> Ok, so you and Stephen seem to be in agreement there. With IMAP, tho, is
> it still /var/spool/mail/*?

Actually, I think that the way that IMAP works, mail goes directly to $maildir 
which would be /home/user/Mail/etc where users look directly at the mail in 
the directory.  New mail goes to inbox in the maildir directory.  With IMAP, 
I think that you bypass the /var/spool/mail which is an mbox type of file.

-- 
Bryan Phinney
Software Test Engineer


Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com

Re: [newbie] Procmail and Fetchmail as system services

[HaywireMac]

On Wed, 3 Sep 2003 07:49:39 -0400
Bryan Phinney <[EMAIL PROTECTED]> uttered:

> This doesn't sound too hard.

To a software test engineer maybe... 
 
> 1.  Run Fetchmail as root 

So, if I were to follow Stephen's advice and use cron instead of
inetd, I could just su root and crontab -e to create an entry then?
And fetchmail would call Procmail, and then Postfix would automagically
be waiting when Procmail was done it's business? And the hip bone's
connected to the... ;-)

> and pass the mail off through procmail on the way to Postfix. 
> Procmail runs a /etc/procmailrc recipe as a root service and calls the
> nkvir recipe through an include file from that recipe.  You can also
> add in Spamassassin and any other filters in this recipe.

Ok, so I had it backwards, it's Procmail *b4* Postfix then...
 
> 2.  Then the mail goes to Postfix who delivers to local mail box file,
> 
> /var/spool/mail/user based on aliases or the rewrite done by fetchmail
> in the .fetchmailrc file ([EMAIL PROTECTED] is jblow here).  

Ya, since I'm already with configuring that on fetchmail I would
probably start there, and learn aliases after.

> 3.  From the local user directory, create a .forward file that calls
> procmail and applies a local user.procmailrc recipe to do local
> filtering, although I imagine this is supposed to catch stuff that is
> different from the first set of recipes, I am imagining a conservative
> set of filters for global filtering and a more aggressive set here. 

I am looking at sticking to a strictly global config, assuming that I
will allow for a minimal amount of spam to reach the end user. The main
thing is to catch *all* attachments that end in .pif, etc.

The occasional bit of annoying spam is OK.

> So, you could also call spamassassin a second time here and apply
> user_prefs that would apply a customized set of filters for user mail.
>  Procmail, called from the .forward file would then 
> put the mail into $maildir/user, should be /home/user/Mail/etc.  
> 
> 4.  Run an IMAP daemon that allows a user to connect with IMAP and
> they will pull read and write their mail directly to the maildir
> directories, no need to use POP which would remove the mail from the
> server to a local directory, with IMAP, mail stays on the server and
> the user just accesses through the client direct to the server and
> their maildir directories.

Ok, so you and Stephen seem to be in agreement there. With IMAP, tho, is
it still /var/spool/mail/*? 

> This is way more complex than what I currently do but I think that
> this is the way that it would work.

Ya, like I say, it's mainly a learning exercise. I'll take it slow, I
have a test mail account I can use, and a seperate server box, so if I
bork it I can just start over, no harm done. Nice to have that luxury,
wot?

Thanks very much!

-- 
HaywireMac
Registered Linux user #282046
Homepage: nodex.sytes.net
++
Mandrake HowTo's & More: http://twiki.mdklinuxfaq.org
++
A thing is not necessarily true because a man dies for it.
-- Oscar Wilde, "The Portrait of Mr. W.H."

Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com

Re: [newbie] Procmail and Fetchmail as system services

[HaywireMac]

On Wed, 03 Sep 2003 16:43:03 +1000
Stephen Kuhn <[EMAIL PROTECTED]> uttered:

> > Why not /dev/null?
> 
> Have you actually read through the entire RC file yet?


 
> The idea would be to collect the crap, inspect the crap, then delete
> the crap...

I generally don't want to inspect crap, but I see your point.
  
> Just like having Exchange and using a public message box/forum - do
> you want your wife to CC you on email funnies, or you to CC her on
> them? Why not dump them into a public folder that everyone in the
> house can access so that you're not necessarily CC'ing everyone that
> you live with - helps to cut down unnecessary email traffic, ya
> reckon? I've got public folders that I copy stuff to for legal
> purposes - so the wife and look at them or refer back to them for
> accounting/business reasons...

Like I say, this is more of a learning thing than a practical thing...

Like you say below, baby steps?

> > 
> > Well, I'll take that as encouragement and get started in the AM.
> 
> It's so easy even YOU can do it.

Uh, er, thanks... 
  
> > But I want to know *how* I would do it in a large scale ops...
> > apparently this Linux thing could become attractive in certain
> > business sectors, or so I've read in the tabloids, so I would like
> > to be able to say, hey, I know how to do that...
> 
> Baby steps, Bob.

I gotcha.
 
> > Maybe, tho, I've got two things confused, using a *global*
> > fetchmail, postfix, and procmail config, and running the lot as a
> > system service. I*do* want it to run at boot, and not just as a
> > regular user.
> 
> If you setup proper cron jobs, they run at boot - and why even bother
> to reboot a unix/linux box anyways?

True, true.

-- 
HaywireMac
Registered Linux user #282046
Homepage: nodex.sytes.net
++
Mandrake HowTo's & More: http://twiki.mdklinuxfaq.org
++
Superstition, idolatry, and hypocrisy have ample wages, but truth goes
a-begging.
-- Martin Luther

Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com

Re: [newbie] Procmail and Fetchmail as system services

[Bryan Phinney]

On Tuesday 02 September 2003 09:15 pm, HaywireMac wrote:
> On Wed, 03 Sep 2003 07:35:42 +1000
>
> Stephen Kuhn <[EMAIL PROTECTED]> uttered:
> > Look - it's dependent on your need and requirement.
>
> What I want to do is implement that wunderbar procmail recipe you linked
> us to, and test it out, eventually I would like to have a mail server up
> and running so that it:
>
> 1. Retrieves the mail from the ISP (fetchmail, precalls mailfilter as
> 1st line of defense against the viagra, penis enlargement, (definitely
> not needed ;-)), etc.)
>
> 2. Postfix then deposits the mail, I guess, from what others have
> posted, in appropriate users mailboxes (/var/spoo/mail/[username]
>
> 3. Procmail looks at the mail using said recipe and acts as second line
> of defense against .pif attachments, Nigerian free money scams etc.
>
> 4. IMAP package allows clients on LAN to retrieve mail from mailserver
> using POP.
>
> I gave up on this before, but I really think I can do it this time!
>
> But I want this to be a *system* service type deal, because I want to
> learn it as a sysadmin would see it, rather than as an end user, see?

This doesn't sound too hard.

1.  Run Fetchmail as root and pass the mail off through procmail on the way to 
Postfix.  Procmail runs a /etc/procmailrc recipe as a root service and calls 
the nkvir recipe through an include file from that recipe.  You can also add 
in Spamassassin and any other filters in this recipe.

2.  Then the mail goes to Postfix who delivers to local mail box file, 
/var/spool/mail/user based on aliases or the rewrite done by fetchmail in the 
.fetchmailrc file ([EMAIL PROTECTED] is jblow here).  

3.  From the local user directory, create a .forward file that calls procmail 
and applies a local user.procmailrc recipe to do local filtering, although I 
imagine this is supposed to catch stuff that is different from the first set 
of recipes, I am imagining a conservative set of filters for global filtering 
and a more aggressive set here.  So, you could also call spamassassin a 
second time here and apply user_prefs that would apply a customized set of 
filters for user mail.  Procmail, called from the .forward file would then 
put the mail into $maildir/user, should be /home/user/Mail/etc.  

4.  Run an IMAP daemon that allows a user to connect with IMAP and they will 
pull read and write their mail directly to the maildir directories, no need 
to use POP which would remove the mail from the server to a local directory, 
with IMAP, mail stays on the server and the user just accesses through the 
client direct to the server and their maildir directories.

This is way more complex than what I currently do but I think that this is the 
way that it would work.
-- 
Bryan Phinney
Software Test Engineer


Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com

Re: [newbie] Procmail and Fetchmail as system services

[Stephen Kuhn]

On Wed, 2003-09-03 at 12:12, HaywireMac wrote:

> Why not /dev/null?

Have you actually read through the entire RC file yet?

The idea would be to collect the crap, inspect the crap, then delete the
crap...

What if something came through that WASN'T a bug and WAS important?

 
> > Uh - why not just have the clients on the network use IMAP - so that
> > you can share a public set of folders...??
> 
> Not familiar with that concept, I guess, is why I never thunk of it...

Just like having Exchange and using a public message box/forum - do you
want your wife to CC you on email funnies, or you to CC her on them? Why
not dump them into a public folder that everyone in the house can access
so that you're not necessarily CC'ing everyone that you live with -
helps to cut down unnecessary email traffic, ya reckon? I've got public
folders that I copy stuff to for legal purposes - so the wife and look
at them or refer back to them for accounting/business reasons...

> How does that work? My wife uses Outhouse Express, can that even do
> IMAP? I'm scared to go near that machine...

LookOut Express can do either POP3, IMAP or HTTP-mail...

> > It's so bloody easy - but mind you, I substitute SENDMAIL for POSTFIX
> > - other than that, it's easy as pie.
> 
> Well, I'll take that as encouragement and get started in the AM.

It's so easy even YOU can do it.
 
> But I want to know *how* I would do it in a large scale ops...
> apparently this Linux thing could become attractive in certain business
> sectors, or so I've read in the tabloids, so I would like to be able to
> say, hey, I know how to do that...

Baby steps, Bob.

> Maybe, tho, I've got two things confused, using a *global* fetchmail,
> postfix, and procmail config, and running the lot as a system service. I
> *do* want it to run at boot, and not just as a regular user.

If you setup proper cron jobs, they run at boot - and why even bother to
reboot a unix/linux box anyways?

stephen kuhn
==
illawarra computer services
a kuhn media australia company
http://kma.0catch.com
-
* This message was composed on a 100% Microsoft free computer *
-
There are few people more often in the wrong than those who cannot
endure to be thought so.


Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com

Re: [newbie] Procmail and Fetchmail as system services

[HaywireMac]

On Wed, 03 Sep 2003 11:53:52 +1000
Stephen Kuhn <[EMAIL PROTECTED]> uttered:

> 

> 
> /etc/procmailrc calls the /etc/nkvir-rc from the INCLUDERC= file - so
> you have to look through the nkvir-rc and make sure you create a
> /var/spool/mail/virus/ directory - other than that, it's quite cool...

Why not /dev/null?

> > 2. Postfix then deposits the mail, I guess, from what others have
> > posted, in appropriate users mailboxes (/var/spoo/mail/[username]
> > 
> > 3. Procmail looks at the mail using said recipe and acts as second
> > line of defense against .pif attachments, Nigerian free money scams
> > etc.
> 
> Speaking of "Nigerian" - I get announcements from the US Government
> about US citizens travelling abroad - it marked one of the "US Travel
> Announcements" as possible spam this morning...so it's doing its job.
> 
> > 4. IMAP package allows clients on LAN to retrieve mail from
> > mailserver using POP.
> 
> Uh - why not just have the clients on the network use IMAP - so that
> you can share a public set of folders...??

Not familiar with that concept, I guess, is why I never thunk of it...

How does that work? My wife uses Outhouse Express, can that even do
IMAP? I'm scared to go near that machine...

> > I gave up on this before, but I really think I can do it this time!
> 
> It's so bloody easy - but mind you, I substitute SENDMAIL for POSTFIX
> - other than that, it's easy as pie.

Well, I'll take that as encouragement and get started in the AM.
 
> > But I want this to be a *system* service type deal, because I want
> > to learn it as a sysadmin would see it, rather than as an end user,
> > see?
> 
> I like doing it at home as a sysadmin would - some users have
> particular needs - hence the customisation per user. Screw the system
> service. That's for large scale ops - more than 50 - so I stick with
> this. Nyah! Pffftp!

But I want to know *how* I would do it in a large scale ops...
apparently this Linux thing could become attractive in certain business
sectors, or so I've read in the tabloids, so I would like to be able to
say, hey, I know how to do that...

Maybe, tho, I've got two things confused, using a *global* fetchmail,
postfix, and procmail config, and running the lot as a system service. I
*do* want it to run at boot, and not just as a regular user.

-- 
HaywireMac
Registered Linux user #282046
Homepage: nodex.sytes.net
++
Mandrake HowTo's & More: http://twiki.mdklinuxfaq.org
++
If you find a solution and become attached to it, the solution may
become
your next problem.

Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com

Re: [newbie] Procmail and Fetchmail as system services

[Stephen Kuhn]

On Wed, 2003-09-03 at 11:15, HaywireMac wrote:

> What I want to do is implement that wunderbar procmail recipe you linked
> us to, and test it out, eventually I would like to have a mail server up
> and running so that it:
> 
> 1. Retrieves the mail from the ISP (fetchmail, precalls mailfilter as
> 1st line of defense against the viagra, penis enlargement, (definitely
> not needed ;-)), etc.)

/etc/procmailrc calls the /etc/nkvir-rc from the INCLUDERC= file - so
you have to look through the nkvir-rc and make sure you create a
/var/spool/mail/virus/ directory - other than that, it's quite cool...

> 2. Postfix then deposits the mail, I guess, from what others have
> posted, in appropriate users mailboxes (/var/spoo/mail/[username]
> 
> 3. Procmail looks at the mail using said recipe and acts as second line
> of defense against .pif attachments, Nigerian free money scams etc.

Speaking of "Nigerian" - I get announcements from the US Government
about US citizens travelling abroad - it marked one of the "US Travel
Announcements" as possible spam this morning...so it's doing its job.

> 4. IMAP package allows clients on LAN to retrieve mail from mailserver
> using POP.

Uh - why not just have the clients on the network use IMAP - so that you
can share a public set of folders...??

> I gave up on this before, but I really think I can do it this time!

It's so bloody easy - but mind you, I substitute SENDMAIL for POSTFIX -
other than that, it's easy as pie.

> But I want this to be a *system* service type deal, because I want to
> learn it as a sysadmin would see it, rather than as an end user, see?

I like doing it at home as a sysadmin would - some users have particular
needs - hence the customisation per user. Screw the system service.
That's for large scale ops - more than 50 - so I stick with this. Nyah!
Pffftp!

stephen kuhn
==
illawarra computer services
a kuhn media australia company
http://kma.0catch.com
-
* This message was composed on a 100% Microsoft free computer *
-
In 1967, the Soviet Government minted a beautiful silver ruble with
Lenin in a very familiar pose -- arms raised above him, leading the
country to revolution. But, it was clear to everybody, that if you
looked at it from behind, it was clear that Lenin was pointing to 11:00,
when the Vodka shops opened, and was actually saying, "Comrades, forward
to the Vodka shops. It became fashionable, when one wanted to have a
drink, to take out the ruble and say, "Oh my goodness, Comrades, Lenin
tells me we should go.


Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com

Re: [newbie] Procmail and Fetchmail as system services

[HaywireMac]

On Wed, 03 Sep 2003 07:35:42 +1000
Stephen Kuhn <[EMAIL PROTECTED]> uttered:

> Look - it's dependent on your need and requirement. 

What I want to do is implement that wunderbar procmail recipe you linked
us to, and test it out, eventually I would like to have a mail server up
and running so that it:

1. Retrieves the mail from the ISP (fetchmail, precalls mailfilter as
1st line of defense against the viagra, penis enlargement, (definitely
not needed ;-)), etc.)

2. Postfix then deposits the mail, I guess, from what others have
posted, in appropriate users mailboxes (/var/spoo/mail/[username]

3. Procmail looks at the mail using said recipe and acts as second line
of defense against .pif attachments, Nigerian free money scams etc.

4. IMAP package allows clients on LAN to retrieve mail from mailserver
using POP.

I gave up on this before, but I really think I can do it this time!

But I want this to be a *system* service type deal, because I want to
learn it as a sysadmin would see it, rather than as an end user, see?

-- 
HaywireMac
Registered Linux user #282046
Homepage: nodex.sytes.net
++
Mandrake HowTo's & More: http://twiki.mdklinuxfaq.org
++
It is only with the heart one can see clearly; what is essential is
invisible to the eye.
-- The Fox, 'The Little Prince"

Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com

Re: [newbie] Procmail and Fetchmail as system services

[Mark]

On Tue, 2 Sep 2003, HaywireMac wrote:

> 
> Most of the guides and tutorials I see use ~/.procmalrc as an example,
> for use with Fetchmail.
> 
> Now, I would like my machine to run Fetchmail as a system service, then
> have Procmail twiddle with the mail once it's been delivered to the
> appropriate maildirs, ie. /var/spool/mail/[username].
> 
> Am I barking up the wrong tree here? Can a systemwide Procmail config
> deal with multiple user accounts that have their mail delivered with
> Fetchmail, or should I be using Postfix instead of Fetchmail (can
> Postfix retrieve mail from a POP server?!)
> 
> Brain...feels...sore...
> 

you're definately barking up the correct tree here. there are a few 
different ways you can use procmail to filter and sort the mail as it 
comes in. 

1) you can create a .procmailrc file for each individual user
   on the machine.

2) you can configure, by hand the /etc/procmailrc file and load
   the recipes in with a text editor.

3) you can use the Procmailrc config utility that is available
   through webmin to assist in the creation and configuration
   of procmail.  https://127.0.0.1:1/procmail/

There is also a ton of awesome Procmail primers on the net that can help 
get you started and configure a fine implementation of Procmail.

This is likely the best procmail "security" page I've ever seen:
http://www.impsec.org/email-tools/procmail-security.html

here's a good "getting started" page: 
http://www.uwasa.fi/~ts/info/proctips.html

-- 
Mark

"If necessity is the mother of invention, then who's the father?"
---
Paid for by Penguins against modern appliances(R)
Linux User Since 1996
Powered by Mandrake Linux 8.2 & 9.1
ICQ# 27816299

Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com

Re: [newbie] Procmail and Fetchmail as system services

[Bryan Phinney]

On Tuesday 02 September 2003 03:10 pm, HaywireMac wrote:
> Most of the guides and tutorials I see use ~/.procmalrc as an example,
> for use with Fetchmail.
>
> Now, I would like my machine to run Fetchmail as a system service, then
> have Procmail twiddle with the mail once it's been delivered to the
> appropriate maildirs, ie. /var/spool/mail/[username].
>
> Am I barking up the wrong tree here? Can a systemwide Procmail config
> deal with multiple user accounts that have their mail delivered with
> Fetchmail, or should I be using Postfix instead of Fetchmail (can
> Postfix retrieve mail from a POP server?!)
>
> Brain...feels...sore...

Fetchmail usually delivers mail directly to Postfix which then does the local 
delivery, passing through procmail at that point or afterward.  Fetchmail can 
also deliver mail through procmail but procmail would have to act as an mda, 
mail delivery agent, to put the mail directly into the maildir folders or 
mbox file depending on your preference.

The recommended setup is for fetchmail to pull mail from a pop and deliver to 
an mta (postfix or sendmail) which then does the local delivery.  This allows 
you to use procmail or whatever other filtering agents you want on all mail, 
regardless of who it is going to and to use mta aliases to insure that the 
right pop mail goes to the right local accounts.

BTW, Postfix will NOT retrieve mail from a POP server, it can request the 
server to push mail to it, if the POP server is configured to do so, but most 
individuals will not have an ISP that does this for them unless they are 
running a business account with their own domain name that is hosted by the 
ISP.

You might be better off telling us what you are trying to do with procmail, 
fetchmail, etc. and let us make suggestions that will work for you.  
Personally, I want procmail to do its business before mail hits the local 
account, that way, the most egregious spam is already dealt with, mail from 
people on the blacklist gets trashed before it gets to a local mailbox and 
viruses and the like are filtered before they get to the local users mailbox.  
YMMV.

There is also no reason why you can't do both, use procmail at a system level 
for major filtering and then if you want to use procmail at the local level 
to sort mail into folders, do that using a mail client that pipes messages 
through a local promail recipe.  That depends on the flexibility of the email 
client.

-- 
Bryan Phinney
Software Test Engineer


Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com