15.4. Mail Delivery Agents
Procmailas primary MDA. Both applications are considered LDAs and both move email from the MTA's spool file into the user's mailbox. However, Procmail provides a robust filtering system.
/etc/procmailrcor of a
~/.procmailrcfile (also called an rc file) in the user's home directory invokes Procmail whenever an MTA receives a new message.
rcfiles exist in the
/etcdirectory and no
.procmailrcfiles exist in any user's home directory. Therefore, to use Procmail, each user must construct a
.procmailrcfile with specific environment variables and rules.
rcfile. If a message matches a recipe, then the email is placed in a specified file, is deleted, or is otherwise processed.
rcfiles in the
/etc/procmailrcs/directory for default, system-wide, Procmail environmental variables and recipes. Procmail then searches for a
.procmailrcfile in the user's home directory. Many users also create additional
rcfiles for Procmail that are referred to within the
.procmailrcfile in their home directory.
15.4.1. Procmail Configuration
~/.procmailrcfile in the following format:
env-variableis the name of the variable and
valuedefines the variable.
DEFAULT— Sets the default mailbox where messages that do not match any recipes are placed.The default
DEFAULTvalue is the same as
INCLUDERC— Specifies additional
rcfiles containing more recipes for messages to be checked against. This breaks up the Procmail recipe lists into individual files that fulfill different roles, such as blocking spam and managing email lists, that can then be turned off or on by using comment characters in the user's
~/.procmailrcfile.For example, lines in a user's
~/.procmailrcfile may look like this:
MAILDIR=$HOME/Msgs INCLUDERC=$MAILDIR/lists.rc INCLUDERC=$MAILDIR/spam.rcTo turn off Procmail filtering of email lists but leaving spam control in place, comment out the first
INCLUDERCline with a hash sign (
#). Note that it uses paths relative to the current directory.
LOCKSLEEP— Sets the amount of time, in seconds, between attempts by Procmail to use a particular lockfile. The default is
LOCKTIMEOUT— Sets the amount of time, in seconds, that must pass after a lockfile was last modified before Procmail assumes that the lockfile is old and can be deleted. The default is
LOGFILE— The file to which any Procmail information or error messages are written.
MAILDIR— Sets the current working directory for Procmail. If set, all other Procmail paths are relative to this directory.
ORGMAIL— Specifies the original mailbox, or another place to put the messages if they cannot be placed in the default or recipe-required location.By default, a value of
SUSPEND— Sets the amount of time, in seconds, that Procmail pauses if a necessary resource, such as swap space, is not available.
SWITCHRC— Allows a user to specify an external file containing additional Procmail recipes, much like the
INCLUDERCoption, except that recipe checking is actually stopped on the referring configuration file and only the recipes on the
SWITCHRC-specified file are used.
VERBOSE— Causes Procmail to log more information. This option is useful for debugging.
LOGNAME, the login name;
HOME, the location of the home directory; and
SHELL, the default shell.
15.4.2. Procmail Recipes
:0 [flags] [: lockfile-name ] * [ condition_1_special-condition-character condition_1_regular_expression ] * [ condition_2_special-condition-character condition-2_regular_expression ] * [ condition_N_special-condition-character condition-N_regular_expression ] special-action-character action-to-perform
flagssection specifies that a lockfile is created for this message. If a lockfile is created, the name can be specified by replacing
*) can further control the condition.
action-to-performargument specifies the action taken when the message matches one of the conditions. There can only be one action per recipe. In many cases, the name of a mailbox is used here to direct matching messages into that file, effectively sorting the email. Special action characters may also be used before the action is specified. See Section 184.108.40.206, “Special Conditions and Actions” for more information.
220.127.116.11. Delivering vs. Non-Delivering Recipes
}, that are performed on messages which match the recipe's conditions. Nesting blocks can be nested inside one another, providing greater control for identifying and performing actions on messages.
A— Specifies that this recipe is only used if the previous recipe without an
aflag also matched this message.
a— Specifies that this recipe is only used if the previous recipe with an
aflag also matched this message and was successfully completed.
B— Parses the body of the message and looks for matching conditions.
b— Uses the body in any resulting action, such as writing the message to a file or forwarding it. This is the default behavior.
c— Generates a carbon copy of the email. This is useful with delivering recipes, since the required action can be performed on the message and a copy of the message can continue being processed in the
D— Makes the
egrepcomparison case-sensitive. By default, the comparison process is not case-sensitive.
E— While similar to the
Aflag, the conditions in the recipe are only compared to the message if the immediately preceding recipe without an
Eflag did not match. This is comparable to an else action.
e— The recipe is compared to the message only if the action specified in the immediately preceding recipe fails.
f— Uses the pipe as a filter.
H— Parses the header of the message and looks for matching conditions. This is the default behavior.
h— Uses the header in a resulting action. This is the default behavior.
w— Tells Procmail to wait for the specified filter or program to finish, and reports whether or not it was successful before considering the message filtered.
W— Is identical to
wexcept that "Program failure" messages are suppressed.
18.104.22.168. Specifying a Local Lockfile
:) after any flags on a recipe's first line. This creates a local lockfile based on the destination file name plus whatever has been set in the
LOCKEXTglobal environment variable.
22.214.171.124. Special Conditions and Actions
*) at the beginning of a recipe's condition line:
!— In the condition line, this character inverts the condition, causing a match to occur only if the condition does not match the message.
<— Checks if the message is under a specified number of bytes.
>— Checks if the message is over a specified number of bytes.
!— In the action line, this character tells Procmail to forward the message to the specified email addresses.
$— Refers to a variable set earlier in the
rcfile. This is often used to set a common mailbox that is referred to by various recipes.
|— Starts a specified program to process the message.
}— Constructs a nesting block, used to contain additional recipes to apply to matching messages.
126.96.36.199. Recipe Examples
LOCKEXTenvironment variable. No condition is specified, so every message matches this recipe and is placed in the single spool file called
new-mail.spool, located within the directory specified by the
MAILDIRenvironment variable. An MUA can then view messages in this file.
rcfiles to direct messages to a default location.
:0 * ^From: email@example.com /dev/null
firstname.lastname@example.org sent to the
/dev/nulldevice, deleting them.
/dev/nullfor permanent deletion. If a recipe inadvertently catches unintended messages, and those messages disappear, it becomes difficult to troubleshoot the rule.
:0: * ^(From|Cc|To).*tux-lug tuxlug
email@example.com list are placed in the
tuxlugmailbox automatically for the MUA. Note that the condition in this example matches the message if it has the mailing list's email address on the
188.8.131.52. Spam Filters
yum install spamassassin
/etc/mail/spamassassin/spamassassin-default.rccontains a simple Procmail rule that activates SpamAssassin for all incoming email. If an email is determined to be spam, it is tagged in the header as such and the title is prepended with the following pattern:
* ^X-Spam-Status: Yes
spamd) and the client application (spamc). Configuring SpamAssassin this way, however, requires
rootaccess to the host.
spamddaemon, type the following command:
systemctl start spamassassin
systemctl enable spamassassin.service
~/.procmailrcfile. For a system-wide configuration, place it in