On Sun, 7 Apr 2013, Bob Proulx wrote:
Thomas Cameron wrote:
I believe that would match ... and redirect the e-mail to /dev/null. Am I right?
I would'nt comment on the exact procmail syntax. I have lots of procmail rules but wrote them long ago and my memory is getting rusty. I would comment on some general issues.
Also it is safer to store to a mail folder at least long enough to test your recipe. So just as a general paranoia instead of /dev/null I would at least start with a mail folder and then only after I have convinced myself that it is good to go only then convert it to a real /dev/null.
For me I don't tend to /dev/null things immediately. I tend to always keep at least a queue of them around so that I can look at them.
I have a quite detailed antispam policy, the first steps of which depend on our institute-wide policy (which I instigated), and the rest is based on procmail http://sax.iasf-milano.inaf.it/~lucio/Procmail/
Anyhow, our spamassassin runs on the server, after a graylisting (and since we have that most spam is blocked by graylisting), and quarantines very very suspect stuff (on a per-server basis, not per-user ... a crontab mails each user daily about the cumulative stuff for him/her in quarantine, but it is rather rare that there are false positives requesting an action. The quarantine occurs in one folder per day, and a crontab purges folder older than a week.
My .procmailrc (apart from diverting some very specific subjects to particular folders) does a further screening in several levels.
Originally (that was before the institute wide spamassassin was set up) the most spammy level plus the blacklists were diverted to different folders (named according to the reason, e.g. funny alphabets, blacklists, virus) in a subdirectory REJECTED. All these folders were softlinked to /dev/null. The reason to have different softlinks was that the procmail log allowed to count a statistics of the reasons.
Now the different folders are not linked anymore to /dev/null, but to a common folder. The (rather few) messages going there are inspected (daily when I am present), and if not false positive, I feed the entire folder to sa-learn on the institute server.
There are four further levels flagged by my procmail rules: suspect spam, spam, quarantine and ok. The first two levels correspond to a directory which contains date-named folders. I purge folders older than a week, but, unless I'm on holiday, I am rarely away for more than a week, and can check eventual false positives.
The quarantine directory contains a per-origin-address folders from messages which require a challenge-and-response from the sender. The rest (ok) is delivered normally.
So all variations on the theme ... keep it for a while and have the system get rid of them !
-- ------------------------------------------------------------------------ Lucio Chiappetti - INAF/IASF - via Bassini 15 - I-20133 Milano (Italy) For more info : http://www.iasf-milano.inaf.it/~lucio/personal.html ------------------------------------------------------------------------ Do not blame ME, I did NOT vote Berlusconi (1994). NOR Grillo (2013). Bis zu einem gewissen Grad bin ich entsetzt, dass zwei Clowns gewonnen haben (Peer Steinbrueck,SPD) ------------------------------------------------------------------------
