Procmail for site wide usage

[Mark Williams <ma...@gmail.com>]

Hi All (Thanks for the advice and support I have received so far),

I have just installed spamassassin v3.0.4 in a test environment (which
is a mirror of the live environment) and am need of some advice,
which I can not see within the manuals/support documentation.

Firstly, this is my configuration:

Server: Linux (RH9.0), with spamassassin installed from
spamassassin.org web site using "make" etc.... (not RPM's). This
machine then runs POP3 for clients. MTA is sendmail

Client(s): Windows XP. All running Windows XP and MS Outlook 2000. All
users connct to POP3 Server (on Linux machine) and use PST files to
download their e-mail(s).

General: Setup is such that spamassassin is site wide (not per user) -
as per management request.

Issue/Advice needed

I am confident this is a Procmail issue, but instinct tells me the
spamassassin community will have the best advice for this scenario.

(Q) Given that this RH machine runs only POP3 (management will not
allow anything else) how do I set up my /etc/procmailrc file such that
all mail that is marked as SPAM is put into the users $HOME/mail/spam
file (they can then login using SSH and use Pine to look at SPAM if
they need to). I've had several "lame" attempts so far to no avail.
For the time being I have stripped my /etc/procmailrc file back to :

DROPPRIVS=yes

:0fw
| /usr/bin/spamc

Advice and patience much appreciated.

Thanks


Mark

Re[2]: Procmail for site wide usage

[Robert Menschel <Ro...@Menschel.net>]

Hello Mark,

Thursday, July 21, 2005, 9:49:04 AM, you wrote:

MW> ... The issue is how I get procmail to put SPAM mail in
MW> $HOME/mail/spam for each of the users.

Can't help with that question, since I know nothing about procmail,
but...

Why not use POP?  I see two options:

1) Don't reroute the spam. Set up the Outlook system to filter the
spam into a spam folder on the client machine. Those downloads should
not significantly delay real email, and your users will be able to
review and delete them at their convenience. Benefit: If any FPs sneak
through, they're already in the user's email client, and can easily be
moved back to the inbox.

2) Set up two email accounts per user, Bob@yourdomain.tld and
Bob.spam@yourdomain.tld -- normal email activity deals with the
primary email account. Every so often your user can do a Send/Receive
on "all accounts" or just the spam account to retrieve and review the
spam.

Bob Menschel

Re: Procmail for site wide usage

[jdow <jd...@earthlink.net>]

From: "Mark Williams" <ma...@gmail.com>

> See details:
>
> On 7/21/05, Kai Schaetzl <ma...@conactive.com> wrote:
> > Mark Williams wrote on Thu, 21 Jul 2005 15:45:30 +0100:
> >
> > > (Q) Given that this RH machine runs only POP3 (management will not
> > > allow anything else) how do I set up my /etc/procmailrc file such that
> > > all mail that is marked as SPAM is put into the users $HOME/mail/spam
> > > file (they can then login using SSH and use Pine to look at SPAM if
> > > they need to).
> >
> > I would really suggest to use MailScanner+Mailwatch for this and no
> > procmail. But am not sure if that would work for you. What do you mean
by
> > "only POP"?
>
> The machine in question is an SMTP server in its own right for sending
> mail out. However, it presents itself as a POP3 server to the Outlook
> users.
>
> Please don't get too hung up on the decisions that have been made -
> they are out of my control (hence my not going into depth on them). I
> only mentioned it to avoid people saying install this and install that
> or install IMAP etc - for various reasons they are not options -
> installing other software is not an option. The issue is how I get
> procmail to put SPAM mail in $HOME/mail/spam for each of the users.

I realize the decision is out of your hands. "Pop3" has some good
points for it in a Windows environment. Tools like NAV will scan the
email as it comes in. So there should be no way onto the Windows
machines without passing through the local scanning and POP3 server
so that the AV based scanning is effective.

Unfortunately there is no way I know of to use POP3 only as a basis
for Outlook Express email. Everything that I can think of is rather
ugly for the users.

What I do here is run the POP3(S) as the only way into the Windows
machine. (The secure part could be blocked for your case. I use it
while on the road.) Then I run an IMAP server that (nominally) has
no way to get email in from the outside. (Really enforcing this
might take some work or creativity with procmail or fetchmail if
you use it.) The IMAP server is a repository only for spam and ham
training files. It is a means for yanking things into a trainable
format from Outlook Express. I setup a separate OE account for each
user that is the training repository. No incoming email is supposed
to come from the IMAP. Nor is it to be used for "folders". (This is
chiefly because I like the way folders work with OE better than the
IMAP implementation's folders.)

Now, I'm using the "dovecot" everything in one tool. So restricting
incoming email from the IMAP side is basically a setup issue with OE.
"Don't DO that!" For two people this is manageable. And as I note the
IMAP is solely used for training not for delivery or storage except
for ham and spam samples. Now, it might be possible to "fake it" and
run up a second dovecot with different parameters than the one used
for POP3. It could then be configured to access dummy inboxes for the
readdressed IMAP service. This would guarantee the delivery scan by
say NAV while allowing the practical training means. Bayes really does
need training. It's best trained per user. And when trained it is a
major assist to the SARE rules.

I'm not advocating this as your solution. I am merely reflecting on
what is working here. My situation is not yours. Although I would
approach the people who say NO IMAP and request a reason. You may be
able to satisfy that reason while still allowing IMAP as a means of
getting clean copies of messages for training purposes. Often the best
question is "what is your objective?" Get beneath the artificial
restrictions placed by management and find out what they really want
to accomplish. Then you design that solution, make sure it is bullet
proof, and present it as an option with two or three other less savory
solutions. (You can export individual .eml files from OE, for example.
They'd have to be exported to the spam scanning machine and then
learned individually. The export is somewhat ugly from a user's point
of view. But if IMAP doesn't work then that is the sort of thing you
may have to do - DEPENDING on what they really want to accomplish and
the tools they want to use.

{^_^}   Joanne

Re: Procmail for site wide usage

[Thomas Arend <ml...@arend-whv.de>]

Am Freitag, 22. Juli 2005 08:15 schrieb jdow:
> There generally is no specific procmail log file. It is generally in one
> of the mail log files in /var/log/<wherever>.

Yes. But you can create user user specific lof file with 
LOGFILE=$HOME/.procmail.log

Thomas

-- 
icq:133073900
http://www.t-arend.de

Re: Procmail for site wide usage

[jdow <jd...@earthlink.net>]

There generally is no specific procmail log file. It is generally in one
of the mail log files in /var/log/<wherever>.

{^_^}
----- Original Message ----- 
From: "Thomas Arend" <ml...@arend-whv.de>

Re: Procmail for site wide usage

[jdow <jd...@earthlink.net>]

Never mind - Earthlink had an email stick in its craw or else Fetchmail
did not like it at all.
{^_^}
----- Original Message ----- 
From: "jdow" <jd...@earthlink.net>
To: <us...@spamassassin.apache.org>
Sent: 2005 July, 21, Thursday 23:16
Subject: Re: Procmail for site wide usage


> You are developing a severe stutter.
> {o.o}
> ----- Original Message ----- 
> From: "Thomas Arend" <ml...@arend-whv.de>
> To: <us...@spamassassin.apache.org>
> Sent: 2005 July, 21, Thursday 20:40
> Subject: Re: Procmail for site wide usage
> 
> 

Re: Procmail for site wide usage

[jdow <jd...@earthlink.net>]

You are developing a severe stutter.
{o.o}
----- Original Message ----- 
From: "Thomas Arend" <ml...@arend-whv.de>
To: <us...@spamassassin.apache.org>
Sent: 2005 July, 21, Thursday 20:40
Subject: Re: Procmail for site wide usage

Re: Procmail for site wide usage

[Thomas Arend <ml...@arend-whv.de>]

Am Freitag, 22. Juli 2005 01:10 schrieb jdow:
> From: "Mark Williams" <ma...@gmail.com>
>
> On 7/21/05, Kai Schaetzl <ma...@conactive.com> wrote:
> > Mark Williams wrote on Thu, 21 Jul 2005 17:49:04 +0100:
> > > The issue is how I get
> > > procmail to put SPAM mail in $HOME/mail/spam for each of the users.
> >
> > That should be explained in the spamassassin install readme, I'm sure.
> > Apart from that:
>
> http://wiki.apache.org/spamassassin/FindPage?action=fullsearch&titlesearch=
>1&value=procmail
>
>  Tried this but it does not work. although spamassassin recognises the spam
> when I send spam in using GTUBE it doesn;t put in the desired folder - says
> the folder does not exist; that;s because it's not a folder - it's a file
> it needs to go to. Any ideas?
>

For me the proposal works fine.(See my other post)  Can you provide us with 
your /etc/procmailrc.

What did you find in the procmail log file?

Thomas 

[..]
-- 
icq:133073900
http://www.t-arend.de

Re: Procmail for site wide usage

[jdow <jd...@earthlink.net>]

From: "Mark Williams" <ma...@gmail.com>
On 7/21/05, Kai Schaetzl <ma...@conactive.com> wrote:
>
> Mark Williams wrote on Thu, 21 Jul 2005 17:49:04 +0100:
>
> > The issue is how I get
> > procmail to put SPAM mail in $HOME/mail/spam for each of the users.
>
> That should be explained in the spamassassin install readme, I'm sure.
> Apart from that:
>
>
http://wiki.apache.org/spamassassin/FindPage?action=fullsearch&titlesearch=1&value=procmail

 Tried this but it does not work. although spamassassin recognises the spam
when I send spam in using GTUBE it doesn;t put in the desired folder - says
the folder does not exist; that;s because it's not a folder - it's a file it
needs to go to. Any ideas?

<< First a basic assumption here - you say "folder". That is Windows-speak.
<< I am making the natural assumption....

<< Does a "$HOME/mail" directory exist? Are you sure it needs to be a
<< file that it needs to go to? If some of the system is in mbox format
<< (file) and some in mailbox format (direcotry) then you will tend to
<< get all tangled up. If your system is not usin mbox format you
<< may want to create the spam "folder".

<< Of course, with proper spam markup tools like Outlook Express and even
<< Outlook can sort into folders. I use a rule which gives markups like:
<< "Subject: *****SPAM***** 062.0 ** Your account #388Z7342"

<< The three digit number markup allows me to sort into a spam folder on
<< the "*****SPAM*****" part. Then once in that folder in Outlook Express
<< I can sort by subject. I look at the lower scoring spams and pretty
<< much ignore the higher scoring ones. This avoids having to have
<< procmail toss them into a folder and the mail program access via two
<< accounts. (POP3 does not understand folders at all.) You should not
<< have to log into Linux and use pine when you can sort in your usual
<< email program quite nicely and find any mismarked ham before discarding
<< the lot.

<< If their contention is that they want to look at all spam with a text
<< only browser then they are starting off on the wrong foot. There is
<< the presumption that all potentially damaging email will be caught
<< and filtered. This is provably a state you cannot ever achieve. Some
<< spam will always escape the filters unless you mark everything as
<< spam. It's a matter of statistical distributions.

<< Like I say, ask them what they really want to accomplish and why
<< they are placing constraings on proper design processes. "I am having
<< problems putting it all together securely, safely, and effectively. I
<< need to discuss it with you in a little more detail. I am sure you
<< have reasons for design constraints you have placed. I would like to
<< understand and discuss them and their ramifications with you," should
<< be a reasonable approach. Of course, be sure to be ready to discuss
<< some of the problems and false sense of security issues their
<< constraints might leave them with. And above all be polite and do not
<< confront. Ask advice and explain the problems you have with that
<< advice. Then map out some solutions, be prepared to discuss the problems
<< such as convenience and false sense of security for each of these
<< solutions. It will lead to a solution that will please both them and
<< you as being the best possible under the circumstances.

<< But first let's discover whether your system is really mbox or
<< mailbox format oriented. Procmail senses this and uses the appropriate
<< format. That's why I suspect you have a problem right at the batter's
<< box before you take your first swing.

{^_^}

Re: Procmail for site wide usage

[Mark Williams <ma...@gmail.com>]

On 7/21/05, Kai Schaetzl <ma...@conactive.com> wrote: 
> 
> Mark Williams wrote on Thu, 21 Jul 2005 17:49:04 +0100:
> 
> > The issue is how I get
> > procmail to put SPAM mail in $HOME/mail/spam for each of the users.
> 
> That should be explained in the spamassassin install readme, I'm sure.
> Apart from that:
> 
> http://wiki.apache.org/spamassassin/FindPage?action=fullsearch&titlesearch=1&value=procmail

 Tried this but it does not work. although spamassassin recognises the spam 
when I send spam in using GTUBE it doesn;t put in the desired folder - says 
the folder does not exist; that;s because it's not a folder - it's a file it 
needs to go to. Any ideas?

Kai
> 
> --
> Kai Schätzl, Berlin, Germany
> Get your web at Conactive Internet Services: http://www.conactive.com
> IE-Center: http://ie5.de & http://msie.winware.org
> 
> 
> 
> 


-- 




Mark Williams

Contact Info:
(e) mark.williams@35solutions.com
(b) 01823 674135
(im) markaw
(aim) mawmarkaw
(w) http://35solutions.com
(skype) markaw
(SMS) send 35solutions to 83248

3 5 Solutions Ltd
Registered Office: Redland House, 157 Redland Road, Redland, Bristol, BS6 
6YE
Registered in England no. 05065529

CONFIDENTIALITY NOTICE
This electronic message contains information from 3 5 Solutions Ltd, which 
may be privileged and confidential. The information is intended to be for 
the use of the individual(s) or entity named above. If you are not the 
intended recipient, be aware that any disclosure, copying, distribution or 
use of the contents of this information is prohibited. If you have received 
this electronic message in error, please accept our apologies and notify us 
by telephone or e-mail (to the number or address above) immediately.

Re: Procmail for site wide usage

[Kai Schaetzl <ma...@conactive.com>]

Mark Williams wrote on Thu, 21 Jul 2005 17:49:04 +0100:

> The issue is how I get 
> procmail to put SPAM mail in $HOME/mail/spam for each of the users.

That should be explained in the spamassassin install readme, I'm sure. 
Apart from that:
http://wiki.apache.org/spamassassin/FindPage?action=fullsearch&titlesearch=1&value=procmail

Kai

-- 
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com
IE-Center: http://ie5.de & http://msie.winware.org

Re: Procmail for site wide usage

[Thomas Arend <ml...@arend-whv.de>]

Am Donnerstag, 21. Juli 2005 18:49 schrieb Mark Williams:
[ .. ]

>
> Please don't get too hung up on the decisions that have been made -
> they are out of my control (hence my not going into depth on them). I
> only mentioned it to avoid people saying install this and install that
> or install IMAP etc - for various reasons they are not options -
> installing other software is not an option. The issue is how I get
> procmail to put SPAM mail in $HOME/mail/spam for each of the users.
>

Hello,

try the following example. Its from my .procmail but schould work 
in /etc/procmail.

Regards

Thomas

LOGFILE=$HOME/.procmail.log
VERBOSE=ON
HEUTE=`date +%F`

COUNT=`read COUNT <$HOME/.procmail/count ; COUNT=$((COUNT+1)) ; echo $COUNT 
>$HOME/.procmail/count ; echo $COUNT`

:0 c: count.lock
* ^X-Spam-Status: Yes
| cat >$HOME/spam/`printf %8.8d $COUNT`

:0 c: count.lock
* ^X-Spam-Status: No
| cat >$HOME/ham/`printf %8.8d $COUNT`


[..]

-- 
icq:133073900
http://www.t-arend.de

Re: Procmail for site wide usage

[Mark Williams <ma...@gmail.com>]

See details:

On 7/21/05, Kai Schaetzl <ma...@conactive.com> wrote:
> Mark Williams wrote on Thu, 21 Jul 2005 15:45:30 +0100:
> 
> > (Q) Given that this RH machine runs only POP3 (management will not
> > allow anything else) how do I set up my /etc/procmailrc file such that
> > all mail that is marked as SPAM is put into the users $HOME/mail/spam
> > file (they can then login using SSH and use Pine to look at SPAM if
> > they need to).
> 
> I would really suggest to use MailScanner+Mailwatch for this and no
> procmail. But am not sure if that would work for you. What do you mean by
> "only POP"?

The machine in question is an SMTP server in its own right for sending
mail out. However, it presents itself as a POP3 server to the Outlook
users.

Please don't get too hung up on the decisions that have been made -
they are out of my control (hence my not going into depth on them). I
only mentioned it to avoid people saying install this and install that
or install IMAP etc - for various reasons they are not options -
installing other software is not an option. The issue is how I get
procmail to put SPAM mail in $HOME/mail/spam for each of the users.


> Does the machine get the mail from another machine with
> fetchmail? Or does it get it via SMTP as "normal"? If so, use MailScanner.
> Telling an Outlook user to ssh into a machine and use Pine is like, well,
> I can't find a good comparison ;-)

Like I said - these decisions are out of my control - I am just trying
to deal with the fallout.

T's in advance
> 
> Kai
> 
> --
> Kai Schätzl, Berlin, Germany
> Get your web at Conactive Internet Services: http://www.conactive.com
> IE-Center: http://ie5.de & http://msie.winware.org
> 
> 
> 
> 


-- 




Mark Williams

Contact Info:
(e)  mark.williams@35solutions.com
(b)  01823 674135
(im) markaw
(aim) mawmarkaw
(w) http://35solutions.com
(skype) markaw
(SMS) send 35solutions to 83248

3 5 Solutions Ltd
Registered Office: Redland House, 157 Redland Road, Redland, Bristol, BS6 6YE
Registered in England no. 05065529

CONFIDENTIALITY NOTICE
This electronic message contains information from 3 5 Solutions Ltd,
which may be privileged and confidential. The information is intended
to be for the use of the individual(s) or entity named above. If you
are not the intended recipient, be aware that any disclosure, copying,
distribution or use of the contents of this information is prohibited.
If you have received this electronic message in error, please accept
our apologies and notify us by telephone or e-mail (to the number or
address above) immediately.

Re: Procmail for site wide usage

[Kai Schaetzl <ma...@conactive.com>]

Mark Williams wrote on Thu, 21 Jul 2005 15:45:30 +0100:

> (Q) Given that this RH machine runs only POP3 (management will not 
> allow anything else) how do I set up my /etc/procmailrc file such that 
> all mail that is marked as SPAM is put into the users $HOME/mail/spam 
> file (they can then login using SSH and use Pine to look at SPAM if 
> they need to).

I would really suggest to use MailScanner+Mailwatch for this and no 
procmail. But am not sure if that would work for you. What do you mean by 
"only POP"? Does the machine get the mail from another machine with 
fetchmail? Or does it get it via SMTP as "no.apache.org>
Delivered-To: mailing list users@spamassassin.apache.org
Received: (qmail 54760 invoked by uid 99); 21 Jul 2005 16:33:37 -0000
Received: from asf.osuosl.org (HELO asf.osuosl.org) (140.211.166.49)
    by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 21 Jul 2005 09:33:37 -0700
X-ASF-Spam-Status: No, hits=-0.0 required=10.0
	tests=SPF_HELO_PASS,SPF_PASS
X-Spam-Check-By: apache.org
Received-SPF: pass (asf.osuosl.org: domain of maillists@conactive.com designates 212.202.99.227 as permitted sender)
Received: from [212.202.99.227] (HELO bolero.conactive.com) (212.202.99.227)
    by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 21 Jul 2005 09:33:31 -0700
Received: from virtual-access.org by bolero.conactive.com ; Thu, 21 Jul 2005 18:33:31 +0200
Date: Thu, 21 Jul 2005 18:31:28 +0200
To: users@spamassassin.apache.org
Subject: Re: Spamassassin requiring 30-40 MB per process and ghost load
X-Mailer: Virtual Access Open Source http://www.virtual-access.org/
Message-Id: <VA...@virtual-access.org>
Mimermal"? If so, use MailScanner. 
Telling an Outlook user to ssh into a machine and use Pine is like, well, 
I can't find a good comparison ;-)

Kai

-- 
Kai Sch�tzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com
IE-Center: http://ie5.de & http://msie.winware.org




-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
In-Reply-To: <5F...@EXCHANGEA.main.oecd.org>
References: <5F...@EXCHANGEA.main.oecd.org>
From: "Kai Schaetzl" <ma...@conactive.com>
Reply-To: users@spamassassin.apache.org
X-Rcpt-To: <us...@spamassassin.apache.org>
X-Virus-Checked: Checked by ClamAV on apache.org
X-Spam-Rating: minotaur.apache.org 1.6.2 0/1000/N

 wrote on Thu, 21 Jul 2005 10:33:07 +0200:

> I�m using SpamAssassin 3.0.4 with �spamd� / spamc and each process uses about 
> 20 MB + 14MB shared

You wanted to say 40, did you? Looks like a normal size to me. You won't be able 
to get it much lower. It depends on the amount of rules you use and the size of 
those files. F.i. if you use bigevil (which is not encessary with SA 3), that 
alone takes 40 MB or so. If you don't need so many pre-forked children you can 
reduce this I think with -m.

Kai

-- 
Kai Sch�tzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com
IE-Center: http://ie5.de & http://msie.winware.org

Re: Procmail for site wide usage

[jdow <jd...@earthlink.net>]

From: "Loren Wilton" <lw...@earthlink.net>

> > Outlook and Outlook Express will filter on words in the subject, so a
> > subject tag will work easily (Tools->Message Rules).  I'm not familiar
> > enough to know whether you can filter on an arbitrary header, though.
>
> You can with Outlook using various supremely inobvious but readily
available
> methods; you can't in OE.

You can filter on subject, to, cc, and from tags. You can't on any other
tags. Annoying, isn't it?
{^_^}

Re: Procmail for site wide usage

[Loren Wilton <lw...@earthlink.net>]

> Outlook and Outlook Express will filter on words in the subject, so a
> subject tag will work easily (Tools->Message Rules).  I'm not familiar
> enough to know whether you can filter on an arbitrary header, though.

You can with Outlook using various supremely inobvious but readily available
methods; you can't in OE.

        Loren

Re: Procmail for site wide usage

[Kelson <ke...@speed.net>]

Chris Barnes wrote:
> This is really the key - from a SA standpoint, the best you can do is 
> mark the message as spam and let the MUA (Outlook) deal with putting 
> things into the proper folders on the user's machine (in the .pst file).
> 
> I don't know OL well enough, but I suspect that there is likely a 
> registry hack you can do or a rule you can create that the users can 
> import that will look at the headers and put the message into the proper 
> folders.

No need for registry hacks, depending on how you flag the message. both 
Outlook and Outlook Express will filter on words in the subject, so a 
subject tag will work easily (Tools->Message Rules).  I'm not familiar 
enough to know whether you can filter on an arbitrary header, though.

-- 
Kelson Vibber
SpeedGate Communications <www.speed.net>

Re: Procmail for site wide usage

[Chris Barnes <ch...@tamu.edu>]

Mark Williams <ma...@gmail.com> wrote:
> (Q) Given that this RH machine runs only POP3 (management will not
> allow anything else)

This is really the key - from a SA standpoint, the best you can do is 
mark the message as spam and let the MUA (Outlook) deal with putting 
things into the proper folders on the user's machine (in the .pst file).

I don't know OL well enough, but I suspect that there is likely a 
registry hack you can do or a rule you can create that the users can 
import that will look at the headers and put the message into the proper 
folders.

-- 

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Chris Barnes                           AOL IM: CNBarnes
chris-barnes@tamu.edu                Yahoo IM: chrisnbarnes

Re: Procmail for site wide usage

[".rp" <pr...@moveupdate.com>]

> (Q) Given that this RH machine runs only POP3 (management will not
> allow anything else) how do I set up my /etc/procmailrc file such that
> all mail that is marked as SPAM is put into the users $HOME/mail/spam
> file (they can then login using SSH and use Pine to look at SPAM if

$LOGNAME is the procmail variable that use can use to do this.