Computer 101, Lesson 4
How to block unwanted email

Prerequisites: Lesson 2 (How to telnet to the server)

This lecture describes how to block unwanted email by creating a special file called ".procmailrc" on the server.
( Note: the URLs and email addresses have been munged to prevent harassment).

Advantages of blocking spam at the server instead of on your PC:

Working with Spam Assassin

If Spam Assassin is installed on your site, and your administrator has installed a sample .procmailrc file, blocking spam is ridiculously easy.

  1. Telnet to the mail server
  2. Type the command
      cp /etc/spamassassin.procmailrc ./.procmailrc 
    This command creates a simple .procmailrc file in your home directory containing the following:
      # Sample .procmailrc for users
      :0:
      * ^X-Spam-Status: Yes
      spam 
    Don't forget that the filename .procmailrc starts with a dot.
  3. That's it! All your spam messages will automatically go to a new mail folder called "spam". You should check it occasionally in case a real message is misclassified as spam.
  4. If you later decide not to block spam, login again and type
      rm  .procmailrc 
  5. If you want to change the sensitivity of Spam Assassin, telnet to the server and edit the file .spamassassin/user_prefs and change the line
    # required_hits          10 
    to
     required_hits           5 
    A lower number will block more spam. If the file doesn't exist, create it:
      mkdir  .spamassassin
      cd  .spamassassin
      pico user_prefs   

When using pico, remember that you are in a text-only terminal emulator, and mouse clicks do not work. Use the arrow keys to move around in the editor.

If Spam Assassin is installed on your site, and the sample .procmailrc file isn't there, just create a new file in your home directory on the server and copy those four lines into it.
  pico .procmailrc 

Viewing the spam message folder

Spam messages identified by Spam Assassin aren't deleted. They're moved to a different folder. If you use Outlook Express, you need to make sure it is set to IMAP before this folder is visible.

If you click on the server, it should say "Show/Hide IMAP folders". Where it says "Show folders which contain:" type "Mail" (without the quotes). Outlook Express will then proceed to download the entire contents of your home directory on the server. If you are connecting over a dialup line, and have a lot of files on the server, this could take several hours. However, it only needs to be done once.

Outlook Express will then display the folders which it thinks contain mail. If you have received spam, it will be in the folder called "Mail/spam". It's a good idea to check this folder occasionally in case a real message gets misclassified as spam.

Blocking a list of senders

If you would rather block email from a specific list of senders, do this:

  1. Telnet to the mail server
  2. Create a file called   blocklist
      pico -w blocklist 
  3. Type part or all of the senders' email addresses, one on each line. For example,
      akbell@spammers-r-us.com
      buy.com
      freemoney.com  
  4. Save the file by typing Ctrl-X.
  5. Type
      blockspam blocklist 
    This is a special script that converts your list to a   .procmailrc file. It will overwrite your previous   .procmailrc file if it exists. If the script is not installed on the server, you or your administrator will have to put it there using ftp (See lesson 3). Then make the file executable by typing the command:
     chmod a+x blockspam 
    This Unix command can convert any file into a program in much the same way that adding an ".exe" extension converts a file into a program in Windows.

  6. After you type   blockspam blocklist, the computer will say:
      Blocking all mail from: akbell@spammers-r-us.com
      Blocking all mail from: buy.com
      Blocking all mail from: freemoney.com  
  7. Type 'exit' when finished. That's it. Any mail from these senders will be deleted from the server with no trace.

Writing your own procmail script

You can also edit the .procmailrc file yourself to do more sophisticated things like sending an automatic response, printing every email from a specific sender, or augmenting Spam Assassin with your own blacklist. Be sure to test the .procmailrc file before using it. If you make a mistake, all your incoming email could be lost with no trace.

  1. Telnet to the mail server
  2. Create a file called   .procmailrc
    pico -w .procmailrc 
    Don't forget the dot at the start of the filename.
  3. Put the following lines at the top of the file:
     PATH=/bin:/usr/bin:/usr/bin
     MAILDIR=$HOME/mail      #you'd better make sure it exists
     LOGFILE=$MAILDIR/from   #recommended  
  4. Make sure you have a directory called "mail"; if not, create one by typing
    md mail
  5. Look at the headers of the email message you want to block. These are the lines at the very top of the message. For instance, here is a typical email message:
          From somebody@brplefluster.org Wed Nov 20 00:33:09 2002 -0500
          Received: from localhst354.com ([217.10.178.2])
                  by burplefluster.org (8.11.6/8.11.6) with SMTP id gAK5X5E23500
                  for <somebody@burplefluster>; Wed, 20 Nov 2002 00:33:06 -0500
          Message-Id: <200211200533.gAK5X5E23500@burplefluster>
          From: "MR AKHA BELLO" <akbell@xxxxxxxx.com> 
          Reply-To: a.akah@xxxxxxxx.com
          Date: Sun, 1 Dec 2002 18:38:18 -0800
          Subject: reply me!! 
          X-Mailer: Microsoft Outlook Express 5.00.2919.6900 DM
          MIME-Version: 1.0
          Content-Type: text/plain; charset="us-ascii"
          Content-Transfer-Encoding: 8bit
          X-MIME-Autoconverted: from quoted-printable to 8bit by burplefluster.org id gAK5X5E23500
          X-Sanitizer: This message has been sanitized!
          X-Sanitizer-URL: http://mailtools.anomy.net/
          X-Sanitizer-Rev: $Id: sanitizer.pl,v 1.35 2001/02/01 00:10:46 bre Exp $
          Status: RO
          X-Status: 
          X-Keywords:                 
          X-UID: 227
    
          ATTN: Sir,
          REQUEST FOR URGENT TRANSFER OF USD20 MILLION INTO YOUR COMPANY 
          OR PERSONAL ACCOUNT. I AM MR BELLO AKHA, AN ACCOUNTANT WITH THE 
          NIGERIAN NATIONAL PETROLEUM COROPERATION (NNPC) I CAME TO KNOW OF 
          YOU IN MY SEARCH FOR A RELIABLE AND REPUTABLE PERSON WHO CAN HANDLE 
          ... 
    The part before "ATTN: Sir," is the headers. In Outlook, you can view the headers by clicking "View->Message Options" and clicking on "Internet Headers". In Outlook Express, you can view the headers by clicking "File->Properties" and clicking on the "Details" tab. The "Message Source" button gives even more information. If you use pine, you must look at the inbox file to get the correct header, because pine may parse the headers when it displays email messages. To view the inbox file, telnet to the server and type ``less /var/spool/mail/myloginname''.

    Suppose that, for some unfathomable reason, you elected to block all messages from Mr. Akha Bello or Bello Akha or whatever his name is. For example, you may be wildly rich and don't need to take advantage of his great offer.

  6. Pick one of the headers that will identify the sender. Typically the best one is the "From" or the "Subject" header. These two headers are highlighted above. In this example, we will block both. The relevant headers are:
         From: "MR AKHA BELLO" <akbell@xxxxxxxx.com>
    and
         Subject: reply me!!
  7. In the .procmailrc file, type the following:
    :0:
    * ^From *MR AKHA BELLO
    nigeriamail 
    
    :0
    * ^Subject: reply me
    /dev/null
    
    :0
    * ^Subject:*reply me
    /dev/null
    
    :0:
    * ^Subject: test
    testmail 
    Note that each entry in .procmailrc starts with a colon (':') and a zero ('0'). The text must be identical to the text in the header, including the number of spaces between words. Alternatively, you can use a '*' character to separate 'Subject' from the subject. Or, you could substitute a '.', which means 'any character' for the spaces, so the entry looks like this:
    :0
    * ^Subject..reply me
    /dev/null 
    Important: Characters like '!', '*', '^', '+', '?', '$', '<', '>', or '|' could cause problems, because they have a special meaning to the software. Either avoid them, by substituting a '.' for each of these characters, or 'escape' them by preceding them with a backslash ('\') (for example, '\^').

    The first entry will cause any email from Mr. Bello to be sent to a special mail folder named "nigeriamail". Because it's going to a file, we put an extra ':' at the end, which creates a lock file in case a second message comes from the same location while procmail is writing.

    The next two entries will cause any email with the subject "reply me" to be sent to a special device on the computer called "/dev/null", which means it is deleted.

    The last entry will put any email with the subject "test" to a special folder called "testmail". This is good for testing your script.

  8. Save the file by typing Ctrl-X.
  9. Type
       cat .procmailrc 
    to make sure the file was saved correctly.

You can also block email based on words that appear in the message body. However, spammers often obfuscate certain words to get around spam filters. A common trick is to use a '!' or '' instead of an 'i'. This entry will classify as spam any message that contains the word "Vi*gra" in its body (where the * in this case is an 'a'), even if the second letter has been obfuscated.
# Obfuscated v-agra in body
:0 B
* V.agra
spam 
You could modify this by substituting '[Vv]' for 'V', in case the spammer doesn't capitalize the first letter.

I also use the following to block any message that has an obfuscated "remove me" HTML tag, as these are invariably spam messages:
# Obfuscated remove me in body
:0 B
* *\-\->ove Me
spam

# Obfuscated remove me in body
:0 B
* *\-\-\>ove Me\\
spam

# Obfuscated remove me in body
:0 B
* ove Me\\
spam

While on the subject, messages whose Subject line starts with "ISO-8859-1" are also usually spam. Some of these lines may be overkill, but they work well at filtering them out:
# Spam
:0
* ^Subject: =?ISO\-8859\-1
spam

# Spam
:0
* ^Subject: ..ISO.8859.1
spam

# Spam
:0
* ^Subject: =?iso\-8859\-1
spam

# Spam
:0
* ^Subject: \[ISO\-8859\-1\]
spam

# Spam
:0
* ^Subject: \[iso\-8859\-1\]
spam

Automatic replies

Suppose, however, that someone is harassing you by email and you want the computer to automatically send a preformatted reply. For example, suppose the person's header is:
     From: Napoleon Bonaparte <nb@grand.armee.fr> 
You could put this in your   .procmailrc file:
     :0
     * ^From.*Napoleon
     * !^X-Loop: your@own.mail.address
     | (formail -r ; cat $HOME/rejectmail.txt) | $SENDMAIL -oi -t
In this example, we didn't put Napoleon's entire name in the file. Thus, our procmail script will not only block Napoleon Bonaparte, but also Napoleon Smith, Napoleon Jones, etc.

Then you would create a file in your home directory called   rejectmail.txt that might say something like this:
     Dear Napoleon,
   
     Please stop sending me all these emails. I've written a
     procmail script to reply to them automatically. I'm going 
     to Vienna. You can come anytime to take your little brat 
     kid off my hands. What a rotten kid.
     
     Sincerely yours,
     Marie-Louise
     
     P.S. If you are not Napoleon, please disregard this message. 
This message would be sent immediately to the sender whenever an email is received from Napoleon. It is also possible to use procmail to start programs automatically, which could trigger any response, such as sending a different response each time.

Of course, you have to check the "Reply-To" header before doing this. If their Reply-to header is different than their "From" header, your witty and acerbic reply may go nowhere.

Here is the message that I use:
     The mail filter at this site has identified your mail as coming 
     from a source known to send spam and/or harassing electronic mail. 
     Accordingly, your message has been deleted unread. 

     If you feel that you have received this message in error, please
     contact the intended recipient by some other means so that the filter
     can be corrected. 

Whatever you do, don't set procmail to forward a reply without including the "X-loop" option shown in the previous example. (Extra credit question: Why, what could happen?)

Printing

You can also setup procmail to automatically print every email as it comes in. Before you print an email, you want to make sure it's plain text. You could use a script like this:
     :0 c
     * ^Content-Type: text/plain;
     | lpr 
Notice we put a 'c' at the first line. This causes procmail to print a copy of it. Without the 'c', it would print the mail and delete it. The email will be printed on whatever printer is the default printer for the server. Note that this is not necessarily the same as the default printer on your Windows PC. You can change the printer by modifying the line that contains the `lpr' command. For instance, you could change it to
      | lpr -Pthe_really_expensive_color_printer 
to get nice expensive glossy prints all of your emails. To find out what printers are set up on the server, examine the /etc/printcap file by typing
      less /etc/printcap 
or type the following command line:
      cat /etc/printcap  | grep ^[0-9A-Za-z] | cut -d: -f1
or ask your network person.

If someone sends you an MS-Word document, an image, or uses HTML format to send mail, you have to convert the email to a printable format first. One way of doing this is with a program called "a2ps". This is left as an exercise for the reader. Just make sure you test your script first.

Forwarding your email

If you want all of your email to be forwarded somewhere else, create a   .forward file in your home directory containing your new address on a single line. For example:
     joeschmoe@newaddress.com 

To selectively forward your mail, use the '!' option in procmail. For example,
     :0
     * ^X-Rcpt-To:.*\<webmaster@your.domain\>
     ! bofh@some.other.domain 

Problems

  1. On some older systems, you need to add the following line to your   .forward file before procmail will work:
         |/absolute/path/to/procmail 

  2. Administrators should check to make sure that the permissions on each user's home directory are set to 700, or at least 711, otherwise procmail will not work. Many Linux distributions don't do this.


January 19, 2003