Verifying .procmailrc settings to delete high scoring spam messages
All - I have a pretty simple .procmailrc setup for my home mail server. Right now it looks like: :0fw: spamassassin.lock * 256000 | spamc :0: * ^X-Spam-Flag:.*YES spam That dumps everything that is flagged as spam into my spam folder. I want to delete any spam that scores over 10, though. I believe that I should insert a new rule between the first and second, and I want to use the X-Spam-Level header. But since it uses asterisks, which are interpreted as regex wildcards, I want to make sure I've got the right syntax. I think I would need to escape out the asterisks, right? Would it look like this? :0: * ^X-Spam-Level:.*\*\*\*\*\*\*\*\*\*\* /dev/null I believe that would match 10 asterisks or more, and redirect the e-mail to /dev/null. Am I right? Thanks! Thomas
Re: Verifying .procmailrc settings to delete high scoring spam messages
Thomas Cameron wrote:
:0:
* ^X-Spam-Level:.*\*\*\*\*\*\*\*\*\*\*
/dev/null
I believe that would match 10 asterisks or more, and redirect the
e-mail to /dev/null. Am I right?
Mostly all okay. However I don't like the .* in the front of
it. That isn't likely to cause trouble but it is possible that it
could on a crafted email message with a lot of garbage cause trouble.
And it isn't needed. We know there will always be one space there.
So no need for the .* there.
With /dev/null you don't need the trailing : in the :0:
designating a lockfile. I think procmail special cases /dev/null to
avoid the lock file in that case anyway. But just the same I wouldn't
put the trailing colon lockfile for /dev/null.
Also it is safer to store to a mail folder at least long enough to
test your recipe. So just as a general paranoia instead of /dev/null
I would at least start with a mail folder and then only after I have
convinced myself that it is good to go only then convert it to a real
/dev/null. I like maildir folders so will normally use folder/ to
have procmail create a maildir folder format. And maildir folders
never need a lockfile. But use what you like.
:0
* ^X-Spam-Level: \*\*\*\*\*\*\*\*\*\*
devnull/
Since procmail uses Extended Regular Expressions there is one more
optimization I would make. I wouldn't list out every star. It gets
hard to count. Is there ten there? Or nine? Or eleven? Quick,
without counting, how many? See that is hard. But you can use the
normal extended regular expression syntax to simply list the number.
:0
* ^X-Spam-Level: \*{10}
devnull/
That makes the counting quick and easy.
For me I don't tend to /dev/null things immediately. I tend to always
keep at least a queue of them around so that I can look at them. With
maildir format each message is an individual file. Meaning that it is
easy to delete them by age from the devnull/* directories. I would
keep something like this around for whatever you feel is reasonable.
I would probably say ten days. That way if I need to go looking for a
potentially very spammy message I could still find it within the time
window. I would run this daily from cron.
find $HOME/Mail/devnull -type f -mtime +10 -delete
HTH,
Bob
Re: Verifying .procmailrc settings to delete high scoring spam messages
On 04/07/2013 10:44 PM, Bob Proulx wrote:
Thomas Cameron wrote:
:0:
* ^X-Spam-Level:.*\*\*\*\*\*\*\*\*\*\*
/dev/null
I believe that would match 10 asterisks or more, and redirect the
e-mail to /dev/null. Am I right?
Mostly all okay. However I don't like the .* in the front of
it. That isn't likely to cause trouble but it is possible that it
could on a crafted email message with a lot of garbage cause trouble.
And it isn't needed. We know there will always be one space there.
So no need for the .* there.
Noted, thank you!
With /dev/null you don't need the trailing : in the :0:
designating a lockfile. I think procmail special cases /dev/null to
avoid the lock file in that case anyway. But just the same I wouldn't
put the trailing colon lockfile for /dev/null.
Thanks, I realized that after I hit send. I think that was a bad
copy-n-paste, it's been taken out.
Also it is safer to store to a mail folder at least long enough to
test your recipe. So just as a general paranoia instead of /dev/null
I would at least start with a mail folder and then only after I have
convinced myself that it is good to go only then convert it to a real
/dev/null. I like maildir folders so will normally use folder/ to
have procmail create a maildir folder format. And maildir folders
never need a lockfile. But use what you like.
:0
* ^X-Spam-Level: \*\*\*\*\*\*\*\*\*\*
devnull/
Good call, done.
Since procmail uses Extended Regular Expressions there is one more
optimization I would make. I wouldn't list out every star. It gets
hard to count. Is there ten there? Or nine? Or eleven? Quick,
without counting, how many? See that is hard. But you can use the
normal extended regular expression syntax to simply list the number.
:0
* ^X-Spam-Level: \*{10}
devnull/
That makes the counting quick and easy.
That is very cool, thank you for the regex advice!
For me I don't tend to /dev/null things immediately. I tend to always
keep at least a queue of them around so that I can look at them. With
maildir format each message is an individual file. Meaning that it is
easy to delete them by age from the devnull/* directories. I would
keep something like this around for whatever you feel is reasonable.
I would probably say ten days. That way if I need to go looking for a
potentially very spammy message I could still find it within the time
window. I would run this daily from cron.
find $HOME/Mail/devnull -type f -mtime +10 -delete
HTH,
Bob
Great advice, Bob, thank you very much! I've been watching the cruft in
my spam mail folder, and I've never seen anything over 10 that was a
false positive. I'm very confident that 10+ needs to just be nuked, but
I see your point. I'll let it get filtered into a temporary mail folder
for a few days to make sure I'm right, though.
Thank you very much for the excellent advice, I really appreciate it!
TC
