Wednesday, 13 May 2015

Block Email Spam using Procmail with Postfix

Procmail is a local MDA (Mail Delivery Agent). It delivers mail from the MTA's spool file to the local user's mailbox. Before delivering mail, Procmail filters mail based on the 'recipes' (rules) defined in '/etc/procmailrc' file or '~/.procmailrc' file defined in the user's home directory.

1) Install package
[root@meru ~]# yum install procmail

2) Configure 'postfix' to use 'procmail' as it's MDA (Mail Delivery Agent). Edit the file ' /etc/postfix/' and add the following line.
     mailbox_command = /usr/bin/procmail -a "$EXTENSION"

3) Check for errors in config file and restart 'postfix'
[root@meru ~]# postfix check
[root@meru ~]# systemctl restart postfix

4) Create the procmail config file '/etc/procmailrc' and add the following entries
#Recipe No 1
* ^From:

#Recipe No 2
* ^From:

#Recipe No 3
* ^Subject:.*Viagra

#Recipe No 4
* ^Subject:.*(free gift|lottery)

Recipe no 1, defines a rule to delete  all mail from ''.

Recipe no 2, defines a rule to delete  all mail from the domain ''.

Recipe no 3, defines a rule to delete  all mail which have the word 'viagra' in the subject.

Recipe no 4, defines a rule to delete  all mail which have the words 'free gift' or 'lottery' in the subject.

Recipes have the following format:
 :0 [flags] [ : [locallockfile] ] 
<zero or more conditions (one per line)> 
<exactly one action line> 

For basic recipes, you do not need any flags.

Using a : after the :0 is to use a lockfile. A lockfile is necessary to prevent problems if 2 or more instances of procmail are working at the same time (that may happen if 2 or more email arrive almost at the same moment). 

A condition starts with an asterisk, following an extended regexp, like this one:
* ^FROM:.*(|spamsenders)

The action can be only a mailbox name, or an external program. An action can be something as simple as
in that case, the mail that complies with the condition will be saved on the work inbox.

No comments:

Post a Comment