Stop Forwarding Spam
April 8th, 2004 by Dan Wilder in
Do you have entries in your /etc/aliases file that look like:
totally_bogus_user: somebody_else@someplace.com
forwarding incoming e-mail to totally_bogus_user back out to somebody_else?
In this new spammy viral age, are you getting complaints from somebody_else about undesired e-mail you're forwarding?
Here's help. Even without setting up a user login for totally_bogus_user, you can filter these kinds of forwards. I describe here how to do it using Postfix and procmail. It can be done with other MTAs, such as Exim, Qmail or Sendmail, but the details are different.
Set up a local user account with minimal privileges. You can re-use this account for many different forwarding mail filters. The account here for these things belongs to a user named forwards. Give forwards some directories:
/home/forwards/
/home/forwards/Mail/
/home/forwards/Mail/virus/
with the usual permissions.
Next, make the directory /etc/procmailrcs/ and set it to be owned and writable only to root, readable and searchable by anybody:
ls -ld /etc/procmailrcs
drwxr-xr-x 2 root root 4096 Mar 11 16:46 /etc/procmailrcs/
In that directory put a file named bogus that contains your favorite procmail recipe. For example:
# ------------- Begin /etc/procmailrcs/bogus ----------- # Useful definitions VERBOSE=no LOGFILE=$HOME/Mail/procmail-log SPAMFILE=/dev/null COMSAT=no # Invoke YAVR, http://agriroot.aua.gr/~nikant/nkvir/ # which may sideline and save the mail in the # /home/forwards/Mail/virus/ # directory MAILDIR=$HOME/Mail INCLUDERC=/home/share/filter/nkvir-rc # Filter mail through SpamAssassin's spamc client # using spamd on host "alligator" as the spamd server :0fw | spamc -d alligator # If the mail now has a header that says # X-Spam-Status: Yes, spamfile it. If the # pattern here matches, procmail stops and does # not go on to forward the mail. :0 * ^X-Spam-Status: Yes $SPAMFILE # If it survived all that, forward the mail :0 !somebody_else@someplace.com # ------------- End of /etc/procmailrcs/bogus -----------
This file should be owned by forwards:
ls -ld /etc/procmailrcs/forwards
-rw-r--r-- 1 forwards forwards 812 Mar 11 09:35 bogus
Now, an /etc/aliases entry such as:
totally_bogus_user: "|usr/bin/procmail -m /etc/procmailrcs/bogus"
lets you forward e-mail without forwarding so many of the viruses or spam.
Don't forget to rebuild the aliases database:
postalias /etc/aliases
after changing /etc/aliases.
You can set up as many forwarding recipes as you like, all using the same forwards user but having different entries in /etc/aliases and different files in /etc/procmailrcs. Be sure to set up one that directs the mail to your attention, as the headers in the outgoing mail forwarded by this method include:
Return-Path: <forwards@yourdomain.com>
which may cause some mail to be directed to the forwards user. The /etc/aliases entry would look like:
forwards: "|usr/bin/procmail -m /etc/procmailrcs/forwards"
and /etc/procmailrcs/forwards will be similar to /etc/procmailrcs/bogus. Replace somebody_else@someplace.com with your e-mail address.
Special Magazine Offer -- 2 Free Trial Issues!
Receive 2 free trial issues of Linux Journal as well as instant online access to current and past issues. There's NO RISK and NO OBLIGATION to buy. CLICK HERE for offer
Linux Journal: delivering readers the advice and inspiration they need to get the most out of their Linux systems since 1994.
Sorry, offer available in the US only. International orders, click here.
Delicious
Digg
Reddit
Newsvine
TechnoratiSubscribe now!
The Latest
Featured Videos
Email is one of the least private and least secure forms of communication, although few people realize this. MixMaster is one way to allow secure, anonymous communication even over the very public medium of email. This tutorial will get you started with MixMaster quickly and easily.
In case you were wondering about the fun side of Linux World Expo, we thought we'd give you a peek at our shenanigans. We at Linux Journal love what we do so much, that we can't help but have a ball wherever we go.
Recently Popular
From the Magazine
September 2008, #173
Feeling a bit like a Thermian? Never give up, never surrender! Someday, you could go from underdog to top dog. Just take a look at a few of the underdogs we highlight in this issue: Mutt, djbdns, Nginix, Gentoo, Xara and the program voted mostly likely to fail just a few years back—Firefox. If Firefox is not radical enough for you, check out Chef Marcel's column for some more alternatives. Having trouble mapping your program data to your relational database? If so, Rueven Lerner shows you some tricks in his At The Forge column.
Need to run GUI applications on your server in the next state? In his Paranoid Penguin column, Mick Bauer shows you how to do it securely. Kyle Rankin keeps hacking and slashing and shows you a few split screen secrets you may not be familiar with. Finally, we all know what happens next February, but only Doc knows what happens afterward.
Actually, make it easier on yourself
On August 1st, 2007 Anonymous (not verified) says:
Why make a different procmail file for every forwarded address? Just do this in /etc/aliases:
totally_bogus_user: "|procmail -m /etc/procmailforwards bogus@foo.com"some_other_user: "|procmail -m /etc/procmailforwards some_other_user@example.com"Then, in /etc/procmailforwards, after your spam check, just do this:
:0# forward to the intended recipient
! $1
The
$1is a parameter to procmail, and it will function for either recipient.Re: Stop Forwarding Spam
On April 13th, 2004 Anonymous says:
You really shouldn't need to create a user account for this. Just have root own the files in /etc/procmailrcs.
We have a generic procmailrc that we use whenever setting up an alias.
# Add this to /etc/aliases:
# user: "|procmail -m /etc/procmailrcs/user"
# INCLUDERC needed to run global system rc file - do not delete
INCLUDERC=/etc/procmailrc
# Uncomment recipe and replace user@remotehost with forwarding address
#:0
#! user@remotehost