On 04/07/2013 10:44 PM, Bob Proulx wrote:
Thomas Cameron wrote:
:0:
* ^X-Spam-Level:.*\*\*\*\*\*\*\*\*\*\*
/dev/null
I believe that would match 10 asterisks or more, and redirect the
e-mail to /dev/null. Am I right?
Mostly all okay. However I don't like the ".*" in the front of
it. That isn't likely to cause trouble but it is possible that it
could on a crafted email message with a lot of garbage cause trouble.
And it isn't needed. We know there will always be one space there.
So no need for the ".*" there.
Noted, thank you!
With /dev/null you don't need the trailing ":" in the ":0:"
designating a lockfile. I think procmail special cases /dev/null to
avoid the lock file in that case anyway. But just the same I wouldn't
put the trailing colon lockfile for /dev/null.
Thanks, I realized that after I hit send. I think that was a bad
copy-n-paste, it's been taken out.
Also it is safer to store to a mail folder at least long enough to
test your recipe. So just as a general paranoia instead of /dev/null
I would at least start with a mail folder and then only after I have
convinced myself that it is good to go only then convert it to a real
/dev/null. I like maildir folders so will normally use "folder/" to
have procmail create a maildir folder format. And maildir folders
never need a lockfile. But use what you like.
:0
* ^X-Spam-Level: \*\*\*\*\*\*\*\*\*\*
devnull/
Good call, done.
Since procmail uses Extended Regular Expressions there is one more
optimization I would make. I wouldn't list out every star. It gets
hard to count. Is there ten there? Or nine? Or eleven? Quick,
without counting, how many? See that is hard. But you can use the
normal extended regular expression syntax to simply list the number.
:0
* ^X-Spam-Level: \*{10}
devnull/
That makes the counting quick and easy.
That is very cool, thank you for the regex advice!
For me I don't tend to /dev/null things immediately. I tend to always
keep at least a queue of them around so that I can look at them. With
maildir format each message is an individual file. Meaning that it is
easy to delete them by age from the devnull/* directories. I would
keep something like this around for whatever you feel is reasonable.
I would probably say ten days. That way if I need to go looking for a
potentially very spammy message I could still find it within the time
window. I would run this daily from cron.
find $HOME/Mail/devnull -type f -mtime +10 -delete
HTH,
Bob
Great advice, Bob, thank you very much! I've been watching the cruft in
my spam mail folder, and I've never seen anything over 10 that was a
false positive. I'm very confident that 10+ needs to just be nuked, but
I see your point. I'll let it get filtered into a temporary mail folder
for a few days to make sure I'm right, though.
Thank you very much for the excellent advice, I really appreciate it!
TC
