Stop Forwarding Spam

by Dan Wilder

Do you have entries in your /etc/aliases file that look like:


    totally_bogus_user: somebody_else@someplace.com

forwarding incoming e-mail to totally_bogus_user back out to somebody_else?

In this new spammy viral age, are you getting complaints from somebody_else about undesired e-mail you're forwarding?

Here's help. Even without setting up a user login for totally_bogus_user, you can filter these kinds of forwards. I describe here how to do it using Postfix and procmail. It can be done with other MTAs, such as Exim, Qmail or Sendmail, but the details are different.

Set up a local user account with minimal privileges. You can re-use this account for many different forwarding mail filters. The account here for these things belongs to a user named forwards. Give forwards some directories:


    /home/forwards/
    /home/forwards/Mail/
    /home/forwards/Mail/virus/

with the usual permissions.

Next, make the directory /etc/procmailrcs/ and set it to be owned and writable only to root, readable and searchable by anybody:


    ls -ld /etc/procmailrcs
    drwxr-xr-x 2 root root 4096 Mar 11 16:46 /etc/procmailrcs/

In that directory put a file named bogus that contains your favorite procmail recipe. For example:


# ------------- Begin /etc/procmailrcs/bogus -----------
# Useful definitions
VERBOSE=no
LOGFILE=$HOME/Mail/procmail-log
SPAMFILE=/dev/null
COMSAT=no

# Invoke YAVR, http://agriroot.aua.gr/~nikant/nkvir/
# which may sideline and save the mail in the
# /home/forwards/Mail/virus/
# directory
MAILDIR=$HOME/Mail
INCLUDERC=/home/share/filter/nkvir-rc

# Filter mail through SpamAssassin's spamc client
# using spamd on host "alligator" as the spamd server
:0fw
| spamc -d alligator

# If the mail now has a header that says
# X-Spam-Status: Yes, spamfile it.  If the
# pattern here matches, procmail stops and does
# not go on to forward the mail.
:0
* ^X-Spam-Status: Yes
$SPAMFILE

# If it survived all that, forward the mail
:0
!somebody_else@someplace.com
# ------------- End of /etc/procmailrcs/bogus -----------

This file should be owned by forwards:


    ls -ld /etc/procmailrcs/forwards
    -rw-r--r-- 1 forwards  forwards   812 Mar 11 09:35 bogus

Now, an /etc/aliases entry such as:


    totally_bogus_user: "|usr/bin/procmail -m /etc/procmailrcs/bogus"

lets you forward e-mail without forwarding so many of the viruses or spam.

Don't forget to rebuild the aliases database:


    postalias /etc/aliases

after changing /etc/aliases.

You can set up as many forwarding recipes as you like, all using the same forwards user but having different entries in /etc/aliases and different files in /etc/procmailrcs. Be sure to set up one that directs the mail to your attention, as the headers in the outgoing mail forwarded by this method include:


    Return-Path: <forwards@yourdomain.com>

which may cause some mail to be directed to the forwards user. The /etc/aliases entry would look like:


    forwards: "|usr/bin/procmail -m /etc/procmailrcs/forwards"

and /etc/procmailrcs/forwards will be similar to /etc/procmailrcs/bogus. Replace somebody_else@someplace.com with your e-mail address.

Resources

Postfix

Procmail

YAVR

Dan Wilder is technical manager at Specialized Systems Consultants, Inc.

Load Disqus comments