Stop Forwarding Spam

by Dan Wilder

Do you have entries in your /etc/aliases file that look like:


forwarding incoming e-mail to totally_bogus_user back out to somebody_else?

In this new spammy viral age, are you getting complaints from somebody_else about undesired e-mail you're forwarding?

Here's help. Even without setting up a user login for totally_bogus_user, you can filter these kinds of forwards. I describe here how to do it using Postfix and procmail. It can be done with other MTAs, such as Exim, Qmail or Sendmail, but the details are different.

Set up a local user account with minimal privileges. You can re-use this account for many different forwarding mail filters. The account here for these things belongs to a user named forwards. Give forwards some directories:


with the usual permissions.

Next, make the directory /etc/procmailrcs/ and set it to be owned and writable only to root, readable and searchable by anybody:

    ls -ld /etc/procmailrcs
    drwxr-xr-x 2 root root 4096 Mar 11 16:46 /etc/procmailrcs/

In that directory put a file named bogus that contains your favorite procmail recipe. For example:

# ------------- Begin /etc/procmailrcs/bogus -----------
# Useful definitions

# Invoke YAVR,
# which may sideline and save the mail in the
# /home/forwards/Mail/virus/
# directory

# Filter mail through SpamAssassin's spamc client
# using spamd on host "alligator" as the spamd server
| spamc -d alligator

# If the mail now has a header that says
# X-Spam-Status: Yes, spamfile it.  If the
# pattern here matches, procmail stops and does
# not go on to forward the mail.
* ^X-Spam-Status: Yes

# If it survived all that, forward the mail
# ------------- End of /etc/procmailrcs/bogus -----------

This file should be owned by forwards:

    ls -ld /etc/procmailrcs/forwards
    -rw-r--r-- 1 forwards  forwards   812 Mar 11 09:35 bogus

Now, an /etc/aliases entry such as:

    totally_bogus_user: "|usr/bin/procmail -m /etc/procmailrcs/bogus"

lets you forward e-mail without forwarding so many of the viruses or spam.

Don't forget to rebuild the aliases database:

    postalias /etc/aliases

after changing /etc/aliases.

You can set up as many forwarding recipes as you like, all using the same forwards user but having different entries in /etc/aliases and different files in /etc/procmailrcs. Be sure to set up one that directs the mail to your attention, as the headers in the outgoing mail forwarded by this method include:

    Return-Path: <>

which may cause some mail to be directed to the forwards user. The /etc/aliases entry would look like:

    forwards: "|usr/bin/procmail -m /etc/procmailrcs/forwards"

and /etc/procmailrcs/forwards will be similar to /etc/procmailrcs/bogus. Replace with your e-mail address.





Dan Wilder is technical manager at Specialized Systems Consultants, Inc.

Load Disqus comments