.: Procmail Primer :.

About Procmail

Procmail, written by Stephen R. van den Berg and Philip A. Guenther, is a powerful e-mail filtering program that can be used to process your messages either as they arrive or after they have been placed in the appropriate mail directory. I personally use procmail to process the numerous mailing lists I'm on, filter out spam, forward messages, and auto-respond to certain messages.

The purpose of this page is to get you started on procmail. I can't provide ALL the details about this program, but I can provide enough to get you started and can point you to other sources of information. Please let me know if you find any errors in this information or outdated links. I strive to maintain this page and keep it up-to-date :)

What you need

To use procmail you must have the following:

• A telnet program or secure shell client.
• A shell account on a UN*X server. This can be your own computer if you use Linux or *BSD.

If you are a user of Qualcomm's Eudora, Microsoft Outlook/Outlook Express, Pegasus Mail, or other non-UN*X based program, then this tutorial will not be of much use to you. The good news is that these clients all include their own filtering mechanisms and I invite you to consult your user documentation or help menus. In theory, you can use procmail to tag specific e-mail and then let your own client's filter process that mail based on the tag ... a useful tool for handling unsolicited commercial e-mail (aka SPAM).

Telnet Clients

Windows 95/98/NT comes with it's own telnet client which you can run by selecting START -> RUN and then typing "telnet" (without quotes). If you think that the Microsoft telnet client is a little lacking like I do, I invite you to check out CRT-Telnet. You can try it out for 30-days, but then you have to register it. Personally, I think it's worth the USD $30.

UN*X users already have access to a telnet client. Please be sure that the telnet program is in your PATH.

Macintosh users can use BetterTelnet. I've used it in the past and found it a nice full-featured product. The nicer thing about it is that it's free.

If you don't like either of these clients or are using some other operating system, check out TUCOWS, which has a large selection of network-related applications. If you are concerned about security, you may consider using an ssh (secure shell) client instead.

A word of caution: Telnet clients send your user name and password in clear text when you log into a remote server. Black-hat hackers will often set up sniffers on compromised machines to get user names and passwords. My recommendation is to use a Secure Shell (ssh) client. For more information, please check out one of the following links:

• SSH Communications Security
• SecureCRT, from the makers of CRT-Telnet.
• OpenSSH, a free SSH implementation from the producers of OpenBSD.

Shell Accounts

If you cannot run procmail on your home computer, you have a number of options available to you:

• See if your ISP offers Shell Accounts. Please note that ISPs offering shell accounts are few and far between.
• If you are still in college, you may obtain an account on either your university's servers or else join an organization that offers shell accounts. For instance, as a member of the Virginia Tech ACM chapter, I get an account on cowpie, the VTACM FreeBSD server.
• Go through a commercial provider. I'm now with PANIX, although have used Transbay Networks and Linux-shell.Net in the past. So far, I've been very impressed with PANIX. They keep their software up-to-date and keep users informed of any network or systems problems. Awesome set of anti-spam filters too.

If your provider doesn't have procmail, be sure to ask about having it installed.

Just a bit of warning based on experience: A lot of people get shell accounts to run IRC bots on them. These bots can be very resource intensive and are often attacked by script kiddies on power trips, usually at the expense of other people using the system. For instance, I was about to set up shop on one provider when they were subject to a massive DDOS and their co-location host pulled the plug. Not fun.

Setting up Procmail

You will need to create a file called .procmailrc in your home directory. Open it up with your favorite editor and be sure to set up the following variables. Be sure to use the ABSOLUTE PATH to the variables!!!

• SHELL: Location of your shell. /bin/sh should work okay.
• PMDIR: Procmail folder. If in doubt, create a folder called .procmail in your home directory and set PMDIR to $HOME/.procmail.
• LOGFILE: Log file for procmail. I use $PMDIR/log
• MAILDIR: Directory where mail is stored. Most elm users should set this to $HOME/Mail while most pine users should set this to $HOME/mail. Please be aware that some providers may have a specialized set-up.

You are welcome to set up any other environment variables as you see fit.

Invoking Procmail

You will need to create a .forward file in your home directory. Here's what mine looks like:

"|IFS=' '&p=/usr/bin/procmail&test -f $p&exec $p -YF-||exit 75 #cfuhrman"
  

Not all systems have procmail in /usr/bin. It may be in /usr/local/bin on some systems. The next step is to replace "cfuhrman" with your own loginid. Make sure the permissions are set to readable (chmod 644 .forward) and you should be set.

Important note: Some providers may have set up their mail servers to use procmail as their Mail Delivery Agent (MDA). I know for a fact that later versions of Red Hat Linux have sendmail set up this way. If this is the case, you will not need a .forward file as this will interfere with the delivery of your e-mail.

Creating Filter Recipes

All recipes should be placed in your .procmailrc file. For your convenience, I've set up an example procmailrc file that you are welcome to download and modify to your liking. If you are subscribed to multiple mailing lists, you can create a separate file with all your mailing list recipes in it and then include the following line in your .procmailrc file.

INCLUDERC = <path to your other rc file>
  

Here's an example of a procmailrc recipe:

# The afd mailing list
:0:
* ^Sender:.owner-afd@ict.org
in-afd
  

The first line is just a comment line. All comments are preceded with '#'s, which should be familiar to anyone who's done shell scripts.

The second line marks the beginning of a recipe. The final ":" at the end of the line indicates that the filtering file is locked.

The third line is a condition. These start with a leading `*' and use standard regular expressions to search the header of the message. Here, it is looking for any mail with the sender line as "owner-afd@ict.org". This could, in theory, be anything:

• * ^From:.president@whitehouse.gov
• * ^To:.ArthurDent@Hitchhikers.Org
• * ^Subject:.*MAKE MONEY FAST*

You get the general idea. The last line is merely the file to be filtered to. Unless it's an absolute path, then the default location is where ever you set MAILDIR to.

Scoring

Procmail also provides a scoring mechanism. This allows you to assign a weight to a particular pattern that procmail finds. When the score meets a certain threshold, procmail will then take whatever action you wish.

Let's take the following example:

:0 Bhb
* -400^0
*   20^1 ^*This.is.not.spam*
*   40^1 ^*to.be.removed*
*  100^2 ^*sent.in.compliance*
in-spam
  

The first line basically says to only search the body of the message, not the header. Since procmail won't take action until the score is positive, we set the initial score to -400. As procmail greps through the body of the following rules apply:

• For every instance of "This is not spam", a point score of 20 is added.
• For every instance of "to be removed", a point score of 40 is added.

The last line is a little different. The first instance of "sent in compliance" adds a point score of 100. The second instance will add 200. The third instance adds 300 and so forth. When the score reaches 0 (remember, we set it initially to -400), then procmail will file the e-mail into the folder in-spam.

As you can see, procmail's scoring facility is a powerful means of processing your mail based on content.

Other Examples

Let's say you wanted to look for "momlist@mom.org" on the To: line and the Cc: line. Try the following:

:0:
* (^To:.|Cc:.*)momlist@mom.org
in-momlist
  

Once again, you can use regular expressions to set up your conditionals (in fact, procmail uses egrep to pattern match!). If you're familiar with grep or perl, you shouldn't have any problems.

Some handy recipes

Tired of having to write a procmail recipe for every mailing list? Here is one for the ubiquitous Yahoo Groups! Mailing List:

# This will catch ALL yahoogroups traffic
:0w
* ^Delivered-To:.mailing.list.\/[^@]+@yahoogroups.com
{
        # Main filter goes here
        LISTNAME=${MATCH}
        :0w
        * LISTNAME??^\/[^@]+
        $MAIL/.in-egroups-${MATCH}/
}

Users who are subscribed to the popular GNU Mailman listserv software can modify this recipe. Note the use of the X-BeenThere header:

:0w
* ^X-BeenThere:.\/[^@]+@redhat.com
{
        
        LISTNAME=${MATCH}
        :0w
        * LISTNAME??^\/[^@]+
        $MAIL/.in-redhat-${MATCH}/
}

Although, if you are subscribed to any Red Hat mailing list, this will work as is.