Computer 101, Lesson 4
Advantages of blocking spam at the server instead of on your PC:
If Spam Assassin is installed on your site, and your administrator has installed a sample .procmailrc file, blocking spam is ridiculously easy.
cp /etc/spamassassin.procmailrc ./.procmailrc
# Sample .procmailrc for users :0: * ^X-Spam-Status: Yes spam
# required_hits 10
mkdir .spamassassin cd .spamassassin pico user_prefs
When using pico, remember that you are in a text-only terminal emulator, and mouse clicks do not work. Use the arrow keys to move around in the editor.
If Spam Assassin is installed on your site, and the sample .procmailrc file isn't there, just create a new file in your home directory on the server and copy those four lines into it.
Viewing the spam message folder
Spam messages identified by Spam Assassin aren't deleted. They're moved to a different folder. If you use Outlook Express, you need to make sure it is set to IMAP before this folder is visible.
If you click on the server, it should say "Show/Hide IMAP folders". Where it says "Show folders which contain:" type "Mail" (without the quotes). Outlook Express will then proceed to download the entire contents of your home directory on the server. If you are connecting over a dialup line, and have a lot of files on the server, this could take several hours. However, it only needs to be done once.
Outlook Express will then display the folders which it thinks contain mail. If you have received spam, it will be in the folder called "Mail/spam". It's a good idea to check this folder occasionally in case a real message gets misclassified as spam.
Blocking a list of senders
If you would rather block email from a specific list of senders, do this:
pico -w blocklist
firstname.lastname@example.org buy.com freemoney.com
chmod a+x blockspam
Blocking all mail from: email@example.com Blocking all mail from: buy.com Blocking all mail from: freemoney.com
You can also edit the .procmailrc file yourself to do more sophisticated things like sending an automatic response, printing every email from a specific sender, or augmenting Spam Assassin with your own blacklist. Be sure to test the .procmailrc file before using it. If you make a mistake, all your incoming email could be lost with no trace.
pico -w .procmailrc
PATH=/bin:/usr/bin:/usr/bin MAILDIR=$HOME/mail #you'd better make sure it exists LOGFILE=$MAILDIR/from #recommended
From firstname.lastname@example.org Wed Nov 20 00:33:09 2002 -0500 Received: from localhst354.com ([188.8.131.52]) by burplefluster.org (8.11.6/8.11.6) with SMTP id gAK5X5E23500 for <somebody@burplefluster>; Wed, 20 Nov 2002 00:33:06 -0500 Message-Id: <200211200533.gAK5X5E23500@burplefluster> From: "MR AKHA BELLO" <email@example.com> Reply-To: firstname.lastname@example.org Date: Sun, 1 Dec 2002 18:38:18 -0800 Subject: reply me!! X-Mailer: Microsoft Outlook Express 5.00.2919.6900 DM MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by burplefluster.org id gAK5X5E23500 X-Sanitizer: This message has been sanitized! X-Sanitizer-URL: http://mailtools.anomy.net/ X-Sanitizer-Rev: $Id: sanitizer.pl,v 1.35 2001/02/01 00:10:46 bre Exp $ Status: RO X-Status: X-Keywords: X-UID: 227 ATTN: Sir, REQUEST FOR URGENT TRANSFER OF USD20 MILLION INTO YOUR COMPANY OR PERSONAL ACCOUNT. I AM MR BELLO AKHA, AN ACCOUNTANT WITH THE NIGERIAN NATIONAL PETROLEUM COROPERATION (NNPC) I CAME TO KNOW OF YOU IN MY SEARCH FOR A RELIABLE AND REPUTABLE PERSON WHO CAN HANDLE ...
Suppose that, for some unfathomable reason, you elected to block all messages from Mr. Akha Bello or Bello Akha or whatever his name is. For example, you may be wildly rich and don't need to take advantage of his great offer.
From: "MR AKHA BELLO" <email@example.com>
Subject: reply me!!
:0: * ^From *MR AKHA BELLO nigeriamail :0 * ^Subject: reply me /dev/null :0 * ^Subject:*reply me /dev/null :0: * ^Subject: test testmail
:0 * ^Subject..reply me /dev/null
The first entry will cause any email from Mr. Bello to be sent to a special mail folder named "nigeriamail". Because it's going to a file, we put an extra ':' at the end, which creates a lock file in case a second message comes from the same location while procmail is writing.
The next two entries will cause any email with the subject "reply me" to be sent to a special device on the computer called "/dev/null", which means it is deleted.
The last entry will put any email with the subject "test" to a special folder called "testmail". This is good for testing your script.
You can also block email based on words that appear in the message body. However, spammers often obfuscate certain words to get around spam filters. A common trick is to use a '!' or 'ì' instead of an 'i'. This entry will classify as spam any message that contains the word "Vi*gra" in its body (where the * in this case is an 'a'), even if the second letter has been obfuscated.
# Obfuscated v-agra in body :0 B * V.agra spam
I also use the following to block any message that has an obfuscated "remove me" HTML tag, as these are invariably spam messages:
# Obfuscated remove me in body :0 B * *\-\->ove Me spam # Obfuscated remove me in body :0 B * *\-\-\>ove Me\\ spam # Obfuscated remove me in body :0 B * ove Me\\ spam
While on the subject, messages whose Subject line starts with "ISO-8859-1" are also usually spam. Some of these lines may be overkill, but they work well at filtering them out:
# Spam :0 * ^Subject: =?ISO\-8859\-1 spam # Spam :0 * ^Subject: ..ISO.8859.1 spam # Spam :0 * ^Subject: =?iso\-8859\-1 spam # Spam :0 * ^Subject: \[ISO\-8859\-1\] spam # Spam :0 * ^Subject: \[iso\-8859\-1\] spam
Suppose, however, that someone is harassing you by email and you want the computer to automatically send a preformatted reply. For example, suppose the person's header is:
From: Napoleon Bonaparte <firstname.lastname@example.org>
:0 * ^From.*Napoleon * !^X-Loop: email@example.com | (formail -r ; cat $HOME/rejectmail.txt) | $SENDMAIL -oi -t
Then you would create a file in your home directory called rejectmail.txt that might say something like this:
Dear Napoleon, Please stop sending me all these emails. I've written a procmail script to reply to them automatically. I'm going to Vienna. You can come anytime to take your little brat kid off my hands. What a rotten kid. Sincerely yours, Marie-Louise P.S. If you are not Napoleon, please disregard this message.
Of course, you have to check the "Reply-To" header before doing this. If their Reply-to header is different than their "From" header, your witty and acerbic reply may go nowhere.
Here is the message that I use:
The mail filter at this site has identified your mail as coming from a source known to send spam and/or harassing electronic mail. Accordingly, your message has been deleted unread. If you feel that you have received this message in error, please contact the intended recipient by some other means so that the filter can be corrected.
Whatever you do, don't set procmail to forward a reply without including the "X-loop" option shown in the previous example. (Extra credit question: Why, what could happen?)
You can also setup procmail to automatically print every email as it comes in. Before you print an email, you want to make sure it's plain text. You could use a script like this:
:0 c * ^Content-Type: text/plain; | lpr
| lpr -Pthe_really_expensive_color_printer
cat /etc/printcap | grep ^[0-9A-Za-z] | cut -d: -f1
If someone sends you an MS-Word document, an image, or uses HTML format to send mail, you have to convert the email to a printable format first. One way of doing this is with a program called "a2ps". This is left as an exercise for the reader. Just make sure you test your script first.
If you want all of your email to be forwarded somewhere else, create a .forward file in your home directory containing your new address on a single line. For example:
To selectively forward your mail, use the '!' option in procmail. For example,
:0 * ^X-Rcpt-To:.*\<firstname.lastname@example.org\> ! email@example.com