Ok i'm sharing our mailing lists on my imap server and i've set procmail to take those emails and put them in the shared folders.. however when procmail copies them to there their assigned permissions of 600 and i need 644

current procmail rule is:

[code:1:adda888fb4]
OBSDMISC="/var/mail/OpenBSD/.Misc/cur"

:0:
*^X-Loop: misc@openbsd.org
$OBSDMISC
[/code:1:adda888fb4]

would i be able to pipe this with the chmod command.. and if so how?

[code:1:cd3ee7a50f]
OBSDMISC="/var/mail/OpenBSD/.Misc/cur"

:0:
*^X-Loop: misc@openbsd.org
$OBSDMISC
[/code:1:cd3ee7a50f]

Try this instead:

[code:1:cd3ee7a50f]UMASK=033
OBSDMISC="/var/mail/OpenBSD/.Misc/cur"

:0:
*^X-Loop: misc@openbsd.org
$OBSDMISC
[/code:1:cd3ee7a50f]

hehe thanks.. i'll use that for now.. but i dont want every message going though procmail to have a umask of 033 especially the ones that end up going into the virus trap..

but i'm about to test

[code:1:da47e27a4f]
OBSDMISC="/var/mail/OpenBSD/.Misc/cur"

:0:
*^X-Loop: misc@openbsd.org
| UMASK=033
$OBSDMISC
[/code:1:da47e27a4f]

and see if that works..

hehe thanks.. i'll use that for now.. but i dont want every message going though procmail to have a umask of 033 especially the ones that end up going into the virus trap..

but i'm about to test

[code:1:841dfa4314]
OBSDMISC="/var/mail/OpenBSD/.Misc/cur"

:0:
*^X-Loop: misc@openbsd.org
| UMASK=033
$OBSDMISC
[/code:1:841dfa4314]

and see if that works..

I bet it sends your mail to stdout, which may surprise you. :-)

Try:

[code:1:841dfa4314]
OUMASK=$UMASK
UMASK=033
OBSDMISC="/var/mail/OpenBSD/.Misc/cur"

:0:
*^X-Loop: misc@openbsd.org
$OBSDMISC

UMASK=$OUMASK
[/code:1:841dfa4314]

hehe ya it did spit it back out...

but if you do:

[code:1:1f6f855fcb]
OUMASK=$UMASK
UMASK=033
OBSDMISC="/var/mail/OpenBSD/.Misc/cur"

:0:
*^X-Loop: misc@openbsd.org
$OBSDMISC

UMASK=$OUMASK
[/code:1:1f6f855fcb]

will that make the misc mailing list 033 and the rest of the filters 177 ?

since your declaring a umask of 033 outside of the rule doesnt that apply to all rules?

would something like:

[code:1:1f6f855fcb]
# Define Locations Of Mailing Lists
OBSDMISC="/var/mail/OpenBSD/.Misc/cur"
OBSDSRC="/var/mail/OpenBSD/.Source-changes/cur"

UMASK=033
OUMASK=177

:0:
*^X-Loop: misc@openbsd.org
$OBSDMISC

UMASK=$OUMASK
[/code:1:1f6f855fcb]

work

What we're doing is to save the original UMASK (by default 077) by assigning it to OUMASK, change it to what we need (033), use it, then finally assign it back to the temporarily saved-away value in OUMASK.

They let you (re-)assign that env var (and many others) whereever you like, and the value takes effect right there.

Ahhh i see now...... outstanding.... thanks... i'll test it out and see how it goes..

Have a question regarding procmail, postfix and OpenBSD.

One thing I wanted to do was use spamassassin on my mail gateway in conjunction with Spamassassin. Thus, I would have more ability to filter messages and overall control.

However, i've run into a snag on my OpenBSD box. For some reason, when I try and envoke procmail for postfix to use, it does not work. Normally, when you are using procmail with postfix (at least in my testing) when you tail the maillog, you see procmail being used. However, in this instance, I dont see that happening at all.

I've added mailbox_command = /usr/local/bin/procmail -m /etc/procmailrc

...I used similar settings to what Minion posted in his How-To...
I reloaded postfix, but procmail is not being called upon...

Im using:

OpenBSD 3.3
Postfix-2.0.16
Procmail-3.22

Anyone have any suggestions or what could be the problem?

The only other thing I thought about doing was altering the master.cf and using a content_filter to be used, but I was under the impression, that as long as you edited the main.cf and specified procmail for the mailbox_command, that would be it...

ANy ideas?

Tarballed

Where is your procmail actually located? Maybe it's in a different dir than the one you specified.

I should point out that if you're using my procmail setup for quarantining spam and approving it on, it needs some work. It works really well but it needs some additions.

Namely, it needs a means to strip out all users except local users from the headers for messages quarantined. Right now it stores the entire message, so if a number of recipients were specified when you approve the message it fires it off to those other recipients as well. As I recall, this is quite doable with procmail I just never got around to it :)

Thanks Minion. I was going to use a modified version of your particular setup. What I wanted to do was envoke procmail through postfix. When procmail is envoked, it calls upon spamc to scan the message.

Then, all message would then be forwarded to my internal mail server. THEN, on my internal mail server, i'd like to setup procmail to grab all messages that were tagged as spam, and put them in a specific mailbox for review.

On my OpenBSD box:

[code:1:c8baafe2c0]blowfish# which procmail
/usr/local/bin/procmail
blowfish# procmail -v
procmail v3.22 2001/09/10[/code:1:c8baafe2c0]

In my main.cf:

[code:1:c8baafe2c0]mailbox_command = /usr/local/bin/procmail -m /etc/procmailrc
[/code:1:c8baafe2c0]

Still thought, shouldnt postfix call upon procmail, and this should be visible in the logs correct? Maybe I need to test just a very simple recipe with procmail, and go from there?

Thoughts?

you then add a line in your procmailrc for it to log and just watch the logfile.

if you setup a logfile there's a nice app called gubby which can enable you to watch where your messages go by tailing your logfile.

Ah. I see. Procmail when called via postfix the way you're doing it is a mailbox command... meaning it gets invoked right at the time the message is to be delivered to a *local user*, procmail is delivering that mail to the end-user, not postfix.

On your gateway you aren't delivering to the local user, you're passing to another host so procmail won't get called. There may well be a way to do that, perhaps bmw knows?

On your gateway you aren't delivering to the local user, you're passing to another host so procmail won't get called. There may well be a way to do that, perhaps bmw knows?

I wondered if that could be the problem, the fact that their are no local deliveries on the mail gateway. I was not sure though...I had a hunch though.

If that is the case, I could setup procmail on the mail server itself and have it sort email tagged as spam to a certain mailbox, correct?

I'll keep playing with it...sounded like a good idea. :)

soup4you2, gubby eh? Pretty nice little utility? I'll have to check it out.

Thanks guys...if you come up with any suggestions or ideas, im all ears (and eyes) :)

Tarballed

On your gateway you aren't delivering to the local user, you're passing to another host so procmail won't get called. There may well be a way to do that, perhaps bmw knows?
You could conceivably run procmail in a filter using the Postfix external filter API. Note that I haven't tried that myself, so I can't quote an exact incantation. Also, procmail is really designed to handle mail at the delivery point, as |MiNiOn| sez.

The hard part of the Postfix external filter thing is creating an SMTP listener. You could use a Perl script to do that, and have Perl launch procmail.

But I think that this makes little sense. See the next message for more ...

I could setup procmail on the mail server itself and have it sort email tagged as spam to a certain mailbox, correct?
Yeah, that makes the most sense. Running anti-spam procmail rules at the point of delivery gives you some other advantages like allowing per-user rule variations and per-user whitelisting, etc.

However, you don't really need procmail to run anti-spam stuff on your mail gateway. Isn't there a description on the Postfix site of how to run SpamAssassin as an external Postfix filter? I could be wrong on that, of course.

But anti-spam software should be runnable as an external Postfix filter in the same manner as anti-virus software is used. Generally though, this method requires work -- boo hiss. 'T'were I you, I'd just use procmail on the maildrop server and invoke anti-spam code from per-user procmail rules.

However, you don't really need procmail to run anti-spam stuff on your mail gateway.
Ha! I was right ...

http://www.wdg.us/index.cfm/rd/mta/spampd.htm

Runs SpamAssassin via an SMTP/LMTP proxy.

Thanks bmw....

Looks like, (and I could be wrong here) that I could setup spampd on the gateway and have it tag spam at the border.

Then, setup procmail as the LDA on the mail server itself and specify a recipe that would pass any email tagged as spam to a specifc account...that sound about right?

BTW, anyone used the spampd program, or know anything about it?

Thanks guys.

Tarballed

Just setup and tested spampd...

It definitely works, but im concerned about it's memory usage...

Check out this log file of a test message sent through:

[code:1:030ce871ae]Sep 22 14:57:55 blowfish postfix/smtpd[15113]: connect from unknown[192.168.1.92]
Sep 22 14:58:06 blowfish postfix/smtpd[15113]: 7E0551B093A: client=unknown[192.168.1.92]
Sep 22 14:58:14 blowfish postfix/cleanup[12409]: 7E0551B093A: message-id=<20030922215806.7E0551B093A@blowfish.courtesymo rtgage.com>
Sep 22 14:58:14 blowfish postfix/qmgr[204]: 7E0551B093A: from=<tarballed@yahoo.com>, size=405, nrcpt=1 (queue active)
Sep 22 14:58:14 blowfish postfix/smtpd[16095]: connect from localhost.courtesymortgage.com[127.0.0.1]
Sep 22 14:58:14 blowfish postfix/smtpd[16095]: D42461B093B: client=localhost.courtesymortgage.com[127.0.0.1]
Sep 22 14:58:15 blowfish spampd[17727]: processing message <20030922215806.7E0551B093A@blowfish.courtesymortg age.com> for <jwilliams@courtesymortgage.com>
Sep 22 14:58:15 blowfish spampd[17727]: clean message <20030922215806.7E0551B093A@blowfish.courtesymortg age.com> (4.30/5.00) for <jwilliams@courtesymortgage.com> in 0.08 seconds, 405 bytes.
Sep 22 14:58:15 blowfish postfix/cleanup[12409]: D42461B093B: message-id=<20030922215806.7E0551B093A@blowfish.courtesymo rtgage.com>
Sep 22 14:58:15 blowfish postfix/smtp[10667]: 7E0551B093A: to=<jwilliams@courtesymortgage.com>, relay=localhost.courtesymortgage.com[127.0.0.1], delay=9, status=sent (250 Ok: queued as D42461B093B)
Sep 22 14:58:15 blowfish postfix/smtpd[16095]: disconnect from localhost.courtesymortgage.com[127.0.0.1]
Sep 22 14:58:15 blowfish postfix/qmgr[204]: D42461B093B: from=<tarballed@yahoo.com>, size=644, nrcpt=1 (queue active)
Sep 22 14:58:15 blowfish postfix/smtp[10667]: D42461B093B: to=<jwilliams@courtesymortgage.com>, relay=192.168.1.165[192.168.1.165], delay=1, status=sent (250 Ok: queued as C3B07AB543)
[/code:1:030ce871ae]

Where as when I was running spamd, it was scanned in about 0.01 with the same type of message.

Also, taken from the page:

You may want to specify the --children option if you have an especially beefy or weak server box because spampd is a memory-hungry program.

With that in mind, im wondering if I should just run spamd on the server and then setup my procmail filtering on the internal mail server....

ANy thoughts on this?

Thanks guys.

Tarballed

Perl solutions have a tendency to assume infinite resources. Both spampd and spamd are built on Perl, so are likely to have similar issues.

Are you sure that SpamAssassin is configured the same way in your test above as it was in your earlier tests? Eg: are you using Bayesian analysis now, that you weren't running earlier?

I've always had a dislike of the Postfix filter architecture. Postfix itself is a model of clean efficiency. But the filter API is too crude, and causes all mail to take two full trips through Postfix. That slows all mail processing down. Then, hooking up a Perl-based SMTP implementation into the filter means gobbling up great hunks of RAM.

But for small mail volumes, this is all academic. Does the extra processing time really hamper your mail system? Benchmark it: see how much mail your fully configured system will handle per minute. If it handles more than you normally get, you're done. Hoist a PBR and celebrate. :-)

Just a quick question on procmail.

Im trying to setup a recipe that will do the following.

Any email that has: [SPAM] in it (which SA will do if it meets requirements on the mail gateway) will be sent to a specific account.

Playing around with some recipes and stuff, I cant get procmail to deliver it to where I want...

So far, I have this in my recipe:
(Note: in postfix, main.cf, I have mailbox_command=/usr/bin/procmail -m /etc/procmailrc

In procmailrc:

[code:1:c58e7e1b1b]# tell procmail we use Maildir style
MAILDIR="$HOME/Maildir/"
SPAM="/home/spamcop/Maildir/new"

:0 H:
* ^Subject:.*(SPAM)
$SPAM
[/code:1:c58e7e1b1b]

But it keeps on delivering...im sure my recipe is missing something.

Anyone wanna take a shot at it?

Thanks.

Any email that has: [SPAM] in it
[code:1:1193de6ff7]* ^Subject:.*(SPAM)[/code:1:1193de6ff7]

Well I hope this isn't just your formatting, however your req't involves square brackets, but your implementation has round brackets. :-)

Ya...i tried putting the square brackets in as well, but to know of avail.

Any ideas? I've tried changing the recipe some, but still no luck. :(

Ahh...getting closer...but ran into another problem...hehe

[code:1:db8d850e0d]# tell procmail we use Maildir style
MAILDIR="$HOME/Maildir/"
SPAM="/home/spamcop/Maildir/"

:0 H:
* ^Subject:.*[SPAM]
$SPAM
[/code:1:db8d850e0d]

But, when I send it:

[code:1:db8d850e0d]Sep 26 16:21:27 corpmail postfix/local[3486]: 41F61AB543: to=<jwilliams@courtesymortgage.com>, relay=local, delay=2, status=bounced (can't create user output file. Command output: procmail: Lock failure on "/home/spamcop/Maildir/.lock" procmail: Unable to treat as directory "/home/spamcop/Maildir" procmail: Error while writing to "/home/spamcop/Maildir" )
[/code:1:db8d850e0d]

So closer to the recipe...

Ya...i tried putting the square brackets in as well, but to know of avail.

Any ideas? I've tried changing the recipe some, but still no luck. :(
Are you used to regular expressions, as in grep, sed and friends? Square brackets are magic and need to be escaped: [code:1:acbfdea6e9]^subject:.*\[SPAM\][/code:1:acbfdea6e9] should work for ya.

Other magic characters are period, question-mark, asterisk and round-brackets (and maybe a couple I forgot).

That works too...

Now I need to figure out why I get the error in my log, about the .lock file and why it cant create the output..