[rt-users] Procmail???/

J.D. Falk jdfalk at mail-abuse.org
Wed Mar 21 16:01:54 EST 2001

On 03/19/01, Split infinity Tech Support <jason at splitinfinity.net> wrote: 

> I will readily admit that I have not researched this at all yet so if it's
> covered in an FAQ, just point me there please :-)
> I want to set up some procmail recipes to filter out spam and viruses from
> my RT queus, has anyone done this before and if so do you have any
> pointers?

	Yep, I'm using procmail extensively.  Here's how I'm doing it
	(Jesse, feel free to add this to contrib if you want.)

	In the sendmail aliases file (note that you may need to place
	the | inside the quotes, depending on your configuration):

queuename:	| "/usr/local/bin/procmail -a queuename -d rt"

	Procmail's -a flag lets us specify the contents of the $1
	variable; -d lets you specify the user procmail will become
	before attempting delivery.

	Then, in ~rt/.procmailrc we have a bunch of log file config
	and then the all-important line:


	I suppose I could put it all into RT's .procmailrc, but I
	wanted to keep it in a seperate directory for my own sanity.

	The standard.rc file archives every message that comes in
	using the following recipe:

YRMON=`date +%Y-%m`

:0 rc
| gzip --to-stdout --fast >> $MAILDIR/$YRMON.gz

	Then it does various filtering; if I want a filter to only
	apply to one queue, I'd do something like:

* ? test $QUEUE = "queuename"
* ^From:.*example at example.com

	Next, I'll filter through stripmime (though we don't need to
	do that for the queues that've been moved to RT2.)  I've set
	stripmime's $outputprog to "/bin/cat" so that it works as a
	filter, and further processing can occur afterwards:

:0 f
* !^From:.*@mail\-abuse\.org
| /local/maps/tickets/bin/stripmime | head -c 50000

	The `head` is so that messages are kept to a sane length,
	but we don't want to do that before stripmime pulls out any

	I don't like RT1's autoresponder; quite simply, it's way too
	prone to participating in mail loops (RT2 seems better.)  So,
	we talked Jesse into creating rt-mailgate's extended syntax 
	somewhere around version 1.0.4, which allows complicated 
	procmail-based autoresponder recipes such as:

	# pipe to rt-mailgate & grab ticket ID; we need error handling here
	TICKETID=`cat | /local/maps/rt/bin/rt-mailgate --extended-syntax \
	            --queue $QUEUE --action correspond --ticketid`

	# grab the subject
	SUBJECT=`head -20 | /usr/local/bin/formail -XSubject:`

	# autorespond if appropriate
	:0 h
	  # ever responded on this ticket before? (clear cache periodically)
	* !? grep -sq $TICKETID $CACHEDIR/.ticketid.cache
	  # is there a message file available?
	* ? test -r $AREPDIR/$QUEUE
	  # has the message ever looped through anything before?
	* !^X-Loop:
	  # is it from a daemon or similar?
	* !^From.*(daemon|listserv|majordomo|mailman|auto)
	  # check precedence
	* !^Precedence:.*(junk|list|bulk|noreply|bofh)
	  # is it from us?
	* !^X-RT-Loop-Prevention: MAPS
	  # is it from Alan Brown or tomcat at www.base.com.br?
	* !^From.*(alan at manawatu\.gen\.nz|tomcat at www\.base\.com\.br)
	| ( /usr/local/bin/formail -rt -I"From: $QUEUE at mail-abuse.org" \
	        -I"Subject: [MAPS #$TICKETID] ($QUEUE) $SUBJECT" \
		-A"X-Request-ID: $TICKETID" \
		-A"X-RT-Loop-Prevention: MAPS" \
		-I"Precedence: junk" ; \
	    cat $AREPDIR/$QUEUE ) \
	  | /usr/sbin/sendmail -oi -t \
	  && echo $TICKETID >> $CACHEDIR/.ticketid.cache

	# didn't autorespond?  dump it.
	:0 E

	And at the end is a recipe that'll send any remaining messages
	to me, in case something slipped through the cracks.

J.D. Falk                   "The Internet isn't just a publishing medium or a
Product Manager                     medium for commerce, it's a social medium."
Mail Abuse Prevention System LLC                       -- Howard Rheingold

More information about the rt-users mailing list