> which procmail
If your system has Procmail installed, this command will tell you where Procmail is located. Write this down - you will need it later.
NOTE: If your system gives you a response like "Unknown command: which" then try substituting 'which' with 'type', 'where', or 'whereis'.
If you still cannot find Procmail, then it is probably a good bet that your system does not have it installed. However, you're not completely out of luck - look at the FAQ I mentioned at the beginning of this document and see if your system has any of the programs that it talks about.
Next, you have to set up a resource file for Procmail. For the rest of this document, I will use the editor Pico. You may use whichever editor you feel comfortable with.
Make sure that you are in your home directory, and then start up your editor.
> cd
> pico .procmailrc
Enter the following in the .procmailrc file:
This line tells Procmail what to put in its log file. Set it to on when you are debugging.
VERBOSE=off
Replace 'mail' with your mail directory.
MAILDIR=$HOME/mail
This is where the logfile and rc files will be kept
PMDIR=$HOME/.procmail
LOGFILE=$PMDIR/log
INCLUDERC=$PMDIR/rc.ebomb
(yes, type the INCLUDERC line WITH the #)
Now that you've typed this in, save it and go back up to your home directory.
> cd
> mkdir .procmail
Now go into the directory that you just made, and start your editor up with a new file: rc.ebomb: IMPORTANT: Be sure that you turn off your editor's word wrapping during this part. You will need to have the second, third, and fourth lines of this next example all on one line. With Pico, use the -w flag. Consult your editor's manual page for instructions on turning off its word wrapping. Make sure that when you edit it, you leave NO SPACES in that line.
> cd .procmail
> pico -w rc.noebomb
# noebomb - email bomb blocker
:0
* ! ^((((Resent-)?(From|Sender)|X-Envelope-From):|From )(.*[^.%@a-z0-9])? (Post(ma?(st(e?r)?|n)|office)|Mail(er)?|daemon|mmdf|root|uucp|LISTSERV|owner|request|bounce |serv(ices?|er))([^.!:a-z0-9]|$)))
* ! ^From:.*(postmaster|Mailer|listproc|majordomo|listserv|cmeinel|johnb)
* ! ^TO(netstuff|computing|pcgames)
/dev/null
Lets see what these do. The first line tells Procmail that this is the beginning of a "recipe" file. A recipe it basically what it sounds like - it tells the program what it should look for in each email message, and if it finds what it is looking for, it performs an action on the message - forwarding it to someone; putting it in a certain folder; or in this case, deleting it.
The second, third, and fourth lines (the ones beginning with a *)are called CONDITIONS. The asterisk (*) tells Procmail that this is the beginning of a condition. The ! tells it to do the OPPOSITE of what it would normally do.
Condition 1:
* ! ^((((Resent-)?(From|Sender)|X-Envelope-From):|From )(.*[^.%@a-z0-9])? (Post(ma?(st(e?r)?|n)|office)|Mail(er)?|daemon|mmdf|root|uucp|LISTSERV|owner|request|bounce |serv(ices?|er))([^.!:a-z0-9]|$)))
Don't freak out over this, it is simpler than it seems at first glance. This condition tells Procmail to look at the header of a message, and see if it is from one of the administrative addresses like root or postmaster, and also check to see if it is from a mailer-daemon (the thing that sends you mail when you bounce a message). If a message IS from one of those addresses, the recipe will put the message into your inbox and not delete it.
* ! ^From:.*(listproc|majordomo|cmeinel|johnb)
This condition does some more checking of the From: line in the header. In this example, it checks for the words listproc, majordomo, cmeinel, and johnb. If it is from any of those people, it gets passed on to your Inbox. If not, it's a goner. This is where you would put the usernames of people who normally email you, and also the usernames of mailing-list servers, such as listproc and majordomo. When editing this line, remember to: only put the username in the condition, not a persons full email address, and remember to put a | between each name.
Condition 3:
X * ! ^TO(netnews|crypto-stuff|pcgames)
This final condition is where you would put the usernames of the mailing lists that you are subscribed to (if any). For example, I am subscribed to the netnews, crypto-stuff, and pcgames lists. When you get a message from most mailing lists, most of the time the list address will be in the To: or Cc: part of the header, rather than the From: part. This line will check for those usernames and pass them through to your Inbox if they match. Editing instructions are the same as the ones for Condition 2.
The final line, /dev/null, is essentially the trash can of your system. If a piece of email does not match any of the conditions, (i.e. it isn't from a mail administrator, it isn't from a listserver or someone you write to, and it's not a message from one of your usual mailing lists) Procmail dumps the message into /dev/null, never to be seen again.
Ok. Now you should have created two files: .procmailrc and rc.noebomb. We need one more before everything will work properly. Save rc.noebomb and exit your editor, and go to your home directory. Once there, start your editor up with the no word wrapping command.
> cd
> pico -w .forward
We now go to an excerpt from Nancy M.'s Mail Filtering FAQ:
Enter a modified version of the following in your ~/.forward:
"|IFS=' ' && exec /usr/local/bin/procmail -f- || exit 75 #nancym"
IMPORTANT NOTES
- Make sure you include all the quotes, both double (") and single (').
- The vertical bar (|) is a pipe.
- Replace /usr/local/bin with the correct path for procmail (see step 1).
- Replace `nancym' with your userid. You need to put your userid in your .forward so that it will be different than any other .forward file on your system.
- Do NOT use ~ or environment variables, like $HOME, in your .forward file. If procmail resides below your home directory write out the full path.
On many systems you need to make your .forward world readable and your home directory world searchable in order for the mail transport agent to "see" it. To do this type:
cd chmod 644 .forward chmod a+x .
If the .forward template above doesn't work the following alternatives might be helpful:
In a perfect world:
"|exec /usr/local/bin/procmail #nancym"
In an almost perfect world:
"|exec /usr/local/bin/procmail USER=nancym"
In another world:
"|IFS=' ';exec /usr/local/bin/procmail #nancym"
In a different world:
"|IFS=' ';exec /usr/local/bin/procmail USER=nancym"
In a smrsh world:
"|/usr/local/bin/procmail #nancym"
Now that you have all the necessary files made, it's time to test this filter. Go into your mailreader and create a new folder called Ebombtest. This procedure differs from program to program, so you may have to experiment a little. Then open up the rc.noebomb file and change /dev/null to Ebombtest. (You should have already changed Conditions 2 and 3 to what you want; if not, go do it now!) Finally, open up .procmailrc and remove the # from the last line.
You will need to leave this on for a bit to test it. Ask some of the people in Condition 2 to send you some test messages. If the messages make it through to your Inbox, then that condition is working fine. Send yourself some fake email under a different name and check to see if it ends up in the Ebombtest folder. Also, send yourself some fakemail from root@wherever.com to make sure that Condition 1 works. If you're on any mailing lists, those messages should be ending up in your Inbox as well.
If all of these test out fine, then congratulations! You now have a working defense against email bombs. For the moment, change the Ebombtest line in the rc.noebomb file back to /dev/null, and put the # in front of the INCLUDERC line in the .procmailrc file. If someone ever decides to emailbomb you, you only need to remove the #, and you will have greatly cut down on the amount of messages coming into your Inbox, giving you a little bit of breathing room to start unsubscribing to all those lists, or start tracking down those idiots who did it and get their asses kicked off their ISP's.
If you have any comments or questions about this, email Zach B.. Emailbombs WILL go to /dev/null, so don't bother!
Disclaimer: When you activate this program, it is inevitable that a small amount of wanted mail
MAY get put into /dev/null, due to the fact that it is nearly impossible to know the names of all
the people that may write to you. Therefore, I assume no responsibility for any email which may
get lost, and any damages which may come from those lost messages.