# # User configuration file for procmail # # # SET VARIABLES # Internal Variables SHELL=/bin/sh #Shell used to run procmail. Be sure this points to #your system's copy of sh. DO NOT substitute a #different shell unless you really know Unix LINEBUF=4096 #Needed to keep Procmail from choking on long #"recipes", or instructions on what to do with #particular kinds of email. PATH=$HOME/bin:$HOME/mail/bin:/bin:/usr/bin:/usr/local/bin #Path for your programs -- this is probably best #left alone. VERBOSE=off #Change this to "on" when you try a new recipe #so that Procmail will log literally every step #it takes. DO NOT LEAVE IT ON, though, because #it creates huge logfiles. # Default Program & file locations MAILDIR=${HOME}/Mail #you'd better make sure this directory exists #ORGMAIL=/var/spool/mail/phd #DEFAULT=${ORGMAIL} LOGFILE=${MAILDIR}/procmail.log #Logs message disposition. Recommended -- otherwise #errors are emailed to you. :/ SENDMAIL=/usr/sbin/sendmail #useful for autoreply recipes. FORMAIL=/usr/bin/formail #useful for autoreply recipes. MYEMAIL=${HOME}/mail/misc/.myemail #Tells Procmail where your MYEMAIL #file is located, a text file containing all the #email addresses you use. ADMINFOLDER=${MAILDIR}/admin #for bounced mail, mail from root, #postmaster, abuse, etc. BLOCKFOLDER=${MAILDIR}/block #for suspicious mail, but possibly not spam BULKFOLDER=${MAILDIR}/bulk #for bulk mail which appears legitimate, such #as mail from mailing lists or mail sent using #Bcc: SPAMFOLDER=${MAILDIR}/spam #change this to SPAMFOLDER=/dev/null #to delete spam entirely. VIRUSFOLDER=/dev/null #Set this variable to /dev/null to delete #all viruses. You don't want to take chances with a virus, #and the false positive rate on the virus filters is near zero. # BEGIN RECIPES # Create a backup cache of 2000 most recent messages in case of mistakes :0 c backup :0 ic | cd backup && rm -f dummy `ls -t msg.* | sed -e 1,2000d` # Regenerate "From" lines to make sure they are valid :0 fhw | ${FORMAIL} -I "From " -a "From " # *CLOSED (only subscribers can write)* MAILING LISTS # No need to filter them for spam :0 * ^(From|To|Cc|Reply-To): .*((mlug@unixcenter\.ru)|@altlinux\.ru) lists/mlug :0 * ^List-Id: Moscow Linux User Group lists/mlug :0 * ^(To|Cc|Reply-To|Resent-To|X-BeenThere): .*(-list@(python\.org|cwi\.nl)) lists/python :0 * ^Sender: .*@python\.org lists/python :0 * ^List-Id: .*<(python-.*|core-workflow)\.python\.org> lists/python :0 * ^Newsgroups: .*comp\.lang\.python lists/python :0 * ^From: sitelist-bounces@lists\.sourceforge\.net * ^To: .*-owner@lists\.sourceforge\.net * ^Subject: Uncaught bounce notification ${SPAMFOLDER} :0 * ^From: .*-bounces@lists\.sourceforge\.net * ^To: .*-owner@lists\.sourceforge\.net * ^Subject: Auto-discard notification ${SPAMFOLDER} :0 * ^List-Id: .+ lists/python :0 * ^To: "(\[sqlobject:(bugs|patches)\] )|(Ticket [0-9]+)" <[0-9]+@(bugs|patches)\.sqlobject\.p\.re\.sf\.net> * ^Reply-To: "?(\\?\[sqlobject:(bugs|patches)\\?\] )|(Ticket [0-9]+)"? <[0-9]+@(bugs|patches)\.sqlobject\.p\.re\.sf\.net> * ^Subject: (\[SQL-CVS\] )?\[sqlobject:(bugs|patches)\] (Re: )?\#[0-9]+ lists/python :0 * ^From: "SQLObject Git repository" * ^To: "SQLObject Git repository" * ^Reply-To: "SQLObject Git repository" * ^Subject: \[sqlobject:(fullhistory|sqlobject|scripts)\] lists/python :0 * ^From: .+ * ^To: sqlobject/sqlobject * ^List-ID: sqlobject/sqlobject lists/python :0 * ^List-Id: .* lists/python :0 * ^Sender: ppa-qps-devel-admin@lists\.sourceforge\.net lists/python :0 * ^List-Id: PyGreSQL Development lists/python :0 * ^List-Id: eGenix\.com User Mailinglist lists/python :0 * ^List-Id: "generateDS\.py users discussion list".* lists/python # Now filters # Klez :0 B * ^Content-Transfer-Encoding: base64 * name( ?)=.*\.(exe|bat|scr|pif) | ${FORMAIL} -A"X-Note: Klez" -A"X-Folder: Virus" >${VIRUSFOLDER} # Sobig.E :0 HB * ^Subject: Re: (Movie|Application)$ * ^Content-Transfer-Encoding: base64 * ^Content-Disposition: attachment; * filename=.your_details\.zip | ${FORMAIL} -A"X-Note: Sobig.E" -A"X-Folder: Virus" >${VIRUSFOLDER} # Sobig.F :0 H * ^Subject: .*(Thank you!|Your application|That movie|Approved|Details|My details|Your details|Wicked screensaver)$ * ^X-MailScanner: Found to be clean$ | ${FORMAIL} -A"X-Note: Sobig.F" -A"X-Folder: Virus" >${VIRUSFOLDER} # MyDoom/Novarg :0 HB * <50000 * ^Subject: (test|hi|hello|Mail Delivery System|Mail Transaction Failed|Server Report|Status|Error|)$ * ^Content-type: application/octet-stream; * (file)?name="(document|readme|doc|text|file|data|test|message|body)\.(pif|scr|exe|cmd|bat|zip) | ${FORMAIL} -A"X-Note: MyDoom" -A"X-Folder: Virus" >${VIRUSFOLDER} # Netsky :0 * > 20000 * < 60000 * ^Subject:[ ]*(hi|hello|read it immediately|\ something for you|warning|information|stolen|fake|unknown) * B ?? ^(anything ok\?|what does it mean?|ok|\ i'm waiting|read the details\.|here is the document\.|\ read it immediately\!|my hero|\ here|is that true?|is that your name?|is that your account?|\ i wait for a reply\!|is that from you?|you are a bad writer|\ I have your password\!|something about you\!|\ kill the writer of this document\!|i hope it is not true\!|\ your name is wrong|i found this document about you|\ yes, really\?|that is bad|here it is|see you|\ greetings|stuff about you\?|something is going wrong!|\ information about you|about me|from the chatter|\ here, the serials|here, the introduction|here, the cheats|\ that's funny|do you\?|reply|take it easy|why\?|\ thats wrong|misc|you earn money|you feel the same|\ you try to steal|you are bad|something is going wrong|\ something is fool)$ * B ?? ^(Content-Disposition:[ ]*attachment;)?[ ]*(file)?name="?(document|msg|doc|talk|message|creditcard|\ details|attachment|me|stuff|posting|textfile|concert|\ information|note|bill|swimmingpool|product|\ topseller|ps|shower|aboutyou|nomoney| found|\ story|mails|website|friend|jokes|location|\ final|release|dinner|ranking|object|mail2|part2|\ disco|party|misc)\..*(zip|exe|scr|com|pif)"?$ | ${FORMAIL} -A"X-Note: Netsky" -A"X-Folder: Virus" >${VIRUSFOLDER} # Bagle.J :0 * ^Subject:(.*E-mail account disabling warning)|\ (.*E-mail account security warning)|\ (.*Email account utilization warning)|\ (.*Important notify about your e-mail account)|\ (.*Notify about using the e-mail account)|\ (.*Notify about your e-mail account utilization)|\ (.*Warning about your e-mail account) * B ?? ^Content-Type: application/octet-stream; * B ?? ^Content-Transfer-Encoding: base64 * B ?? ^Content-Disposition: attachment; | ${FORMAIL} -A"X-Note: Bagle.J" -A"X-Folder: Virus" >${VIRUSFOLDER} # From http://www.internetguru.com.au/igblog-102.html # Redirect common virus attachments inc. zipped versions :0 B * name=.*(document|readme|doc|text|file|data|test|message|body)\.(vbs\"|wsf\"|vbe\"|wsh\"|hta\"|scr\"|pif\"|exe\"|shs\"|bat\"|bas\"|cmd\"|zip\") { :0 | ${FORMAIL} -A"X-Note: executable attachment virus" -A"X-Folder: Virus" >>${VIRUSFOLDER} } # Some more common virus attachments inc. zipped versions :0 B * name=.*(Attach|Information|Readme|Document|Info|TextDocument|Textfile|MoreInfo|Message)\.(pif\"|zip\") { :0 | ${FORMAIL} -A"X-Note: executable attachment virus" -A"X-Folder: Virus" >>${VIRUSFOLDER} } # Redirect windows executables (note - haven't included exe and com :0 B * name=.*\.(vbs\"|wsf\"|vbe\"|wsh\"|hta\"|scr\"|pif\"|shs\"|bat\"|bas\"|scr\"|dll\") { :0 | ${FORMAIL} -A"X-Note: executable attachment virus" -A"X-Folder: Virus" >>${VIRUSFOLDER} } # This one finds them annoying Custom Logo spams that seem to get past most filters :0 B * .*out\.php\?email\=(sales|info)\@ { :0 | ${FORMAIL} -A"X-Note: Custom Logo spam" -A"X-Folder: Spam" >>${SPAMFOLDER} } # This catches about 99% of deliberate viagra mispellings ie v1@GRa, v1agr@ etc :0 H * ^Subject.*[Vv][1jl\|][aA\@][Gg][Rr][Aa\@] { :0 | ${FORMAIL} -A"X-Note: viagra spam" -A"X-Folder: Spam" >/dev/null } # Chineese/japaneese/korean spam :0 * ^Content-Type: text/(plain|html); *charset=("?)(big5|gb2312|iso-2022-jp|ks_c_5601-1987|shift_jis)("?) | ${FORMAIL} -A"X-Note: chineese/japaneese/korean charset" -A"X-Folder: Spam" >/dev/null :0 * ^X-RBL-Warning: .*(china|korea) does not seem to care about spam | ${FORMAIL} -A"X-Note: chineese/korean source" -A"X-Folder: Spam" >>${SPAMFOLDER} # SpamAssassin (spamassassin.org) :0fw * < 10240000 | spamc -U /tmp/spamassassin.sock -s 10240000 # Mail with a score of 14 or higher is certainly spam :0: * ^X-Spam-Level: \*\*\*\*\*\*\*\*\*\*\*\*\*\* | ${FORMAIL} -A"X-Note: certainly spam" -A"X-Folder: Spam" >/dev/null :0: * ^X-Spam-Status: Yes * > 20000 | ${FORMAIL} -A"X-Note: oversized spam" -A"X-Folder: Spam" >/dev/null :0 HB: * ^X-Spam-Status: Yes * http://www\.gstinc\.com/ | ${FORMAIL} -A"X-Note: gstinc spam" -A"X-Folder: Spam" >/dev/null :0 HB: * ^X-Spam-Status: Yes * (www\.)?sonidom\.ru | ${FORMAIL} -A"X-Note: sonidom spam" -A"X-Folder: Spam" >/dev/null :0 HB: * ^X-Spam-Status: Yes * (www\.)?pos-tel\.ru | ${FORMAIL} -A"X-Note: pos-tel spam" -A"X-Folder: Spam" >/dev/null :0 HB: * ^X-Spam-Status: Yes * @besttraining\.ru | ${FORMAIL} -A"X-Note: besttraining spam" -A"X-Folder: Spam" >/dev/null :0: * ^X-Spam-Status: Yes ${SPAMFOLDER} # MAILING LISTS # Filter out mail from all mailing lists you are on. Just duplicate the recipe # for each mailing list you are on, and put the correct address for the list in # the condition statement. (The "* ^TO" part.) If you read mail on shell, you # may find it easier to deliver this mail to separate folders, especially for # busy lists. I do. :) # Block all messages that are too big :0 * > 1000000 | ${FORMAIL} -A"X-Note: the message is too big" -A"X-Folder: Block" >>${BLOCKFOLDER} # unfiltered mail marked by exim (using RBL/ORBS/etc) :0 * ^X-RBL-Warning: * ^(To|Cc):.*phd ${BLOCKFOLDER} :0 * ^X-RBL-Warning: ${SPAMFOLDER} # Sort out mail that really is to you from mail Bcc'd to you, or mail # which doesn't have any of your email addresses on the To: or Cc: line. # For this to work properly, you must create a text file named .myemail # in your home directory and enter all email addresses that belong to # you in it, one per line, just as you do with your .nobounce file. # # This does =wonders= in keeping spam from appearing in your personal # mail. :) # # Substitute your shell account email address, custom domain, and any other email # address you may have for the entries below. :0: * ? test -f ${MYEMAIL} && \ (${FORMAIL} -zxTo: -zxCc: |\ fgrep -i -f ${MYEMAIL}) | ${FORMAIL} -A"X-Folder: Default" >>${DEFAULT} # Deliver email which passed spam filtering, but which wasn't sent to # a recognizable personal email address of yours, to your "bulk mail" # folder, for reading on a less-urgent basis. :0: | ${FORMAIL} -A"X-Folder: Bulk" >>${BULKFOLDER} # Vacation - modified version of procmail example from "man procmailex" # Drop duplicates #:0 Wh: msgid.lock #| ${FORMAIL} -D 65536 msgid.cache # #:0 Whc: vacation.lock #* !^From: .*phd #* !^FROM_MAILER #* !^FROM_DAEMON #* !^X-Loop: phd@phdru.name #* !^X-Loop: phd@iskra.aviel.ru #* !^From: "AviTicket" #* !^From: .* #* !^From: .*report_card@sbrf.ru #| ${FORMAIL} -rD 65536 vacation.cache # #:0 ehc # if the name was not in the cache - reply #| (egrep -v '^From phd|^Return-Path: phd' | \ # ${FORMAIL} -r -A"Precedence: junk" \ # -A"X-Loop: phd@phdru.name" -A"X-Loop: phd@iskra.aviel.ru" \ # -A"Content-Type: text/plain; charset=koi8-r"; \ # echo "Hello!"; echo "";\ # echo " I am on vacation. This is an auto-generated reply. Your message has been"; \ # echo "delivered to my mailbox. Thanks a lot. I will read it after 0th of ."; \ # echo ""; \ # echo "Здравствуйте."; echo ""; \ # echo " Я уехал в отпуск. Это автоматический ответ. Ваше сообщение было доставлено."; \ # echo "в мой почтовый ящик. Большое спасибо. Я прочту его, когда вернусь 0 ."; \ # echo ""; cat $HOME/.signature) | $SENDMAIL -oi -t