Stop Forwarding Spam
Do you have entries in your /etc/aliases file that look like:
totally_bogus_user: somebody_else@someplace.com
forwarding incoming e-mail to totally_bogus_user back out to somebody_else?
In this new spammy viral age, are you getting complaints from somebody_else about undesired e-mail you're forwarding?
Here's help. Even without setting up a user login for totally_bogus_user, you can filter these kinds of forwards. I describe here how to do it using Postfix and procmail. It can be done with other MTAs, such as Exim, Qmail or Sendmail, but the details are different.
Set up a local user account with minimal privileges. You can re-use this account for many different forwarding mail filters. The account here for these things belongs to a user named forwards. Give forwards some directories:
/home/forwards/ /home/forwards/Mail/ /home/forwards/Mail/virus/
with the usual permissions.
Next, make the directory /etc/procmailrcs/ and set it to be owned and writable only to root, readable and searchable by anybody:
ls -ld /etc/procmailrcs drwxr-xr-x 2 root root 4096 Mar 11 16:46 /etc/procmailrcs/
In that directory put a file named bogus that contains your favorite procmail recipe. For example:
# ------------- Begin /etc/procmailrcs/bogus ----------- # Useful definitions VERBOSE=no LOGFILE=$HOME/Mail/procmail-log SPAMFILE=/dev/null COMSAT=no # Invoke YAVR, http://agriroot.aua.gr/~nikant/nkvir/ # which may sideline and save the mail in the # /home/forwards/Mail/virus/ # directory MAILDIR=$HOME/Mail INCLUDERC=/home/share/filter/nkvir-rc # Filter mail through SpamAssassin's spamc client # using spamd on host "alligator" as the spamd server :0fw | spamc -d alligator # If the mail now has a header that says # X-Spam-Status: Yes, spamfile it. If the # pattern here matches, procmail stops and does # not go on to forward the mail. :0 * ^X-Spam-Status: Yes $SPAMFILE # If it survived all that, forward the mail :0 !somebody_else@someplace.com # ------------- End of /etc/procmailrcs/bogus -----------
This file should be owned by forwards:
ls -ld /etc/procmailrcs/forwards -rw-r--r-- 1 forwards forwards 812 Mar 11 09:35 bogus
Now, an /etc/aliases entry such as:
totally_bogus_user: "|usr/bin/procmail -m /etc/procmailrcs/bogus"
lets you forward e-mail without forwarding so many of the viruses or spam.
Don't forget to rebuild the aliases database:
postalias /etc/aliases
after changing /etc/aliases.
You can set up as many forwarding recipes as you like, all using the same forwards user but having different entries in /etc/aliases and different files in /etc/procmailrcs. Be sure to set up one that directs the mail to your attention, as the headers in the outgoing mail forwarded by this method include:
Return-Path: <forwards@yourdomain.com>
which may cause some mail to be directed to the forwards user. The /etc/aliases entry would look like:
forwards: "|usr/bin/procmail -m /etc/procmailrcs/forwards"
and /etc/procmailrcs/forwards will be similar to /etc/procmailrcs/bogus. Replace somebody_else@someplace.com with your e-mail address.
Dan Wilder is technical manager at Specialized Systems Consultants, Inc.