Spam

If you’ve had your email address for a while like I have, then I’m sure you have run into the problem with SPAM. I hate SPAM, who actually likes it anyway? As long as you have that one idiot that falls for the scam in SPAM emails, there there will always be a problem with SPAM.

The only thing us mere mortals can do is filter it as best as possible and hope we didn’t delete your favorite cookie recipe from good ‘ole grandma. There are two types of SPAM filtering. The one thats done remotely on the mail server and the one thats done locally in your favorite email client. Personally, the more server side filtering, the better. I have found that an excellent SPAM fighting combination is using MimeDefang/SpamAssassin/Procmail on the host side to be awesome. That combination actually pretty much gets rid of the need to have email rules in my local email client.

These days, I hardly ever use a PC based email client. Most of my mail checking is done using OpenwebMail which allows me to check my email from any Internet accessible PC.

DISCLAIMER: I am by no means a Procmail guru. I just wanted to share with you all what I do to fight SPAM and be able to drink a beer here and there without having to waste my time sifting through yet another Viagra email.

At its most basic level, here is how it works for me:

1. ‘Joe Blow’ sends me an email
2. My mail server runs it through the kick ass combo of MimeDefang/SpamAssassin/Procmail
3. If it passed all the crazy SPAM tests, then the mail is finally received (NOTE: doesnt mean that I will respond 😉 )

On my host, MimeDefang/SpamAssassin will add by default a “X-Spam-Score” header to all email messages (I know this because I am the one who installed and configured it. Its one of the small perks of working at a hosting company and being a loser geek). If the X-Spam-Score is above 5, then it will rewrite the subject of the original email and add “*****SPAM*****” followed by the original subject. This is advantages in two ways, you can either filter all emails by the “X-Spam-Score” header or by the “*****SPAM*****” in the subject. I do both just to be safe.

At this point MimeDefang/SpamAssassin is done with the email message and is now sending it to Procmail. I then have Procmail check to see if “*****SPAM*****” is in the subject, if its not, then I fall back and rely on the “X-Spam-Score” header. It might be a little redundant but I hate SPAM. (Did I mention that I hate SPAM? By the way, I hate SPAM!)

Without giving you my .procmailrc file, here is pretty much the order in which I filter SPAM once SpamAssassin hands off the email message to Procmail:

1. I set all my stuff just how I like it, i.e. environment, path’s, and variables
2. Emergency stop rule for my .procmailrc. Comes in handy when you effen mess up a procmail recipe and mail no longer works
3. A white list recipe that accepts all mail from the mofo’s I have listed in that file even if its dumb SPAM… 🙁
4. A blacklist recipe that works the opposite of the white list recipe, blocks everyone on that list.
5. If the email does not have a “Message-Id” or a “To:” its gone. This test reliably kills half my SPAM in one shot
6. If X-Spam-Score is 5 or higher (MimeDefang/SpamAssassin’s doing)
7. I filter secret subjects that my blog is configured to send with. I didn’t want to filter using “From:” since the email comes from the user apache runs as. In my case its [email protected]
8. Last but not least, I run it through Procmails built in variable “TO_”.
9. If your mail has made it this far, then I will probably get the email and will most likely get paged on my cell phone. Again, doesnt mean I will actually respond!

It goes without saying that when testing your Procmail recipes, logging is your friend. It can save you countless hours of debugging. Been there done that and its not fun.

I would post my .procmailrc file but its customized specifically for my environment and host. If you want it and I know you, I will send it to you. Or you can spend some time Google’ing it!

If you dont have MimeDefang/SpamAssassin/Procmail at your mail host then I would certainly look for another hosting provider. But that is just me since I like to have the full power of a Linux shell at my disposal. Of course, once you have and use the combination I use, it will initially require tons of tweaking to get it “just right” but its well worth it. Oh yeah, shell access to your host and a little knowledge of the Linux command line definitely couldn’t hurt either.

jtnez
“I will use Google.com before asking STUPID questions!!!”
-Bart Simpson