I'm trying to filter out the tidal wave of spam, now reaching 100 a day on one mailbox, by using bogofilter as part of a procmail filter. My mailserver is postfix, set to invoke procmail by having main.cf contain the line
mailbox_command /usr/bin/procmail
I set up /etc/procmailrc to contain the following:
-------------------------------------------------------------------- # Pass all mail through bogofilter
:0fw | bogofilter -u -e -p
# If bogofilter failed, return the mail to the queue. # The MTA will retry to deliver it later.
:0e { EXITCODE=75 HOST }
# File the mail to "spam-bogofilter" if it's spam.
:0: * ^X-Bogosity: Yes, tests=bogofilter spam-bogofilter --------------------------------------------------------------------
which according to the bogofilter manual should send all spam to "spam-bogofilter". But it doesn't. The messages get delivered to the user's mailbox without spam-bogofilter ever getting written. The messages themselves contain the X-Bogosity headers and are correctly classified as being spam or not, so it appears either the last rule isn't being reached or isn't operating correctly. I find the procmail syntax pretty impenetrable; can anyone help deduce what's going wrong?
-- GT
On 2004-04-22 14:08:05 +0100 Graham Trott gt@pobox.com wrote:
I'm trying to filter out the tidal wave of spam, now reaching 100 a day on one mailbox, by using bogofilter as part of a procmail filter.
Do you have a particular reason for picking procmail over more readable forms like mailfilter or exim filter? I find procmail config fairly awkward to hack too :-/
Can you put one of the example logging sections at the top of your file, and another for a different log dir immediately after the bogofilter? Then you should see whether the filter was reached at all. I think they're on the procmailex man page.
On Thursday 22 April 2004 14:18, MJ Ray wrote:
On 2004-04-22 14:08:05 +0100 Graham Trott gt@pobox.com wrote:
I'm trying to filter out the tidal wave of spam, now reaching 100 a day on one mailbox, by using bogofilter as part of a procmail filter.
Do you have a particular reason for picking procmail over more readable forms like mailfilter or exim filter? I find procmail config fairly awkward to hack too :-/
Can you put one of the example logging sections at the top of your file, and another for a different log dir immediately after the bogofilter? Then you should see whether the filter was reached at all. I think they're on the procmailex man page.
No particular reason except it was installed by default. I did try putting a simple "divert all" in but that wouldn't work either so I think it's time to bale out of procmail.
I'm now trying maildrop (because there's an example for that in the Bogofilter manual) but I'll go check mailfilter and see which is more promising.
TVM
-- GT
On 2004-04-22 14:34:31 +0100 Graham Trott gt@pobox.com wrote:
I'm now trying maildrop (because there's an example for that in the Bogofilter manual) but I'll go check mailfilter and see which is more promising.
It it maildrop which uses perl-like syntax? I may be going mad from overwork and have confused things.
On Thursday 22 April 2004 14:56, MJ Ray wrote:
On 2004-04-22 14:34:31 +0100 Graham Trott gt@pobox.com wrote:
I'm now trying maildrop (because there's an example for that in the Bogofilter manual) but I'll go check mailfilter and see which is more promising.
It it maildrop which uses perl-like syntax? I may be going mad from overwork and have confused things.
Yes, it's maildrop. Mailfilter is a complete spam filter solution but I can't tell if the rules it uses are as sophisticated as those in SpamAssassin or Bogofilter.
So far, since setting up maildrop no bugger has sent me a spam! Either that or they're going somewhere mysterious - I'll have to set up some logs.
-- GT
On 2004-04-22 14:34:31 +0100 Graham Trott gt@pobox.com wrote:
So far, since setting up maildrop no bugger has sent me a spam! Either that or they're going somewhere mysterious - I'll have to set up some logs.
-- GT
Correction to that; the filter does now work and has already removed a bunch of unwated posts. (FX: Sticks out tongue in general direction of Boca Raton and does a little war dance.)
-- GT
On Thu, Apr 22, 2004 at 02:08:05PM +0100, Graham Trott wrote:
I'm trying to filter out the tidal wave of spam, now reaching 100 a day on one mailbox, by using bogofilter as part of a procmail filter. My mailserver is postfix, set to invoke procmail by having main.cf contain the line
mailbox_command /usr/bin/procmail
I set up /etc/procmailrc to contain the following:
# Pass all mail through bogofilter
:0fw | bogofilter -u -e -p
# If bogofilter failed, return the mail to the queue. # The MTA will retry to deliver it later.
:0e { EXITCODE=75 HOST }
# File the mail to "spam-bogofilter" if it's spam.
:0:
- ^X-Bogosity: Yes, tests=bogofilter
spam-bogofilter
Do the spam mails actually have *exactly* the line:-
X-Bogosity: Yes, tests=bogofilter
in them? It's a standard RE match so unless the commas, spaces, etc. are exactly as specified you won't get a match. I think I'd reduce it to something like:-
* ^X-Bogosity: Yes
On Thursday 22 April 2004 15:07, Chris Green wrote:
Do the spam mails actually have *exactly* the line:-
X-Bogosity: Yes, tests=bogofilterin them? It's a standard RE match so unless the commas, spaces, etc. are exactly as specified you won't get a match. I think I'd reduce it to something like:-
* ^X-Bogosity: Yes
The lines do start with that string, though there's more on the line. I copy-pasted to be sure I had it right, but still nothing. I also tried exactly as you suggest, with no result.
-- GT
On Thu, Apr 22, 2004 at 03:13:44PM +0100, Graham Trott wrote:
On Thursday 22 April 2004 15:07, Chris Green wrote:
Do the spam mails actually have *exactly* the line:-
X-Bogosity: Yes, tests=bogofilterin them? It's a standard RE match so unless the commas, spaces, etc. are exactly as specified you won't get a match. I think I'd reduce it to something like:-
* ^X-Bogosity: YesThe lines do start with that string, though there's more on the line. I copy-pasted to be sure I had it right, but still nothing. I also tried exactly as you suggest, with no result.
In that case I haven't got any bright suggestions really, lines like that work OK in my .procmailrc file.
One thing that might be worth doing is to enable procmail logging and see if that tells you anything useful. Put a line like:-
LOGFILE=$HOME/pm.log
In your .procmailrc file and then watch the pm.log file.
-
Chris Green -
Graham Trott -
MJ Ray