This document will lay out how the actual system works and give you some examples of more advanced blocking. First, let's take a look at the flow of email.
Typically, when someone sends you an email message, it travels like this:
user -> server -> server -> youProcmail basically acts as another link in the chain:
user -> server -> server -> procmail -> youThere are several ways to filter mail through procmail, although the syntax is not pretty. So instead of writing out lengthy procmail rules to filter spam, I wrote a Perl program to take care of that for procmail:
user -> server -> server -> procmail -> spamfilter -> youThe spamfilter will return a 0 or 1 to procmail indicating whether or not to let the mail pass. It's pretty simple, really. The hardest part is setting it up.
The spamfilter is a relatively simple program. Much of the code was grabbed from snippets on the web, taken apart and put back together again to provide an easy way to dynamically block email.
The most basic rule of the filter is this:
If mail is not sent directly to you, it's probably spam.
This is a last resort rule meaning that once all of the other block and pass rules have been exhausted, it ultimately considers the mail spam and returns a 1 to procmail. Block and pass rules are configured in the block.conf file.
When procmail passes the email message to the filter, all of the fields are broken down into a hash. The block.conf file provides a means to block/pass email based on those particular fields.
The syntax of block.conf is simple:
field, action, patternAny field that appears in an email message can be used in the block.conf file. There are, however, a few special fields that are interpolated by the program:
from domain (domain)
to domain (todomain)
from email (femail)
to email (temail)
All other fields can be accessed by their name, so long as they appear in the message proceded by a colon. For example:
Subject:
cc:You can even add special fields to the email message (for example using formail) and then use those in your block.conf.
Currently, there are only two actions: BLOCK and PASS. In the future, I may find a use for more actions, but for now, these two do the trick.
When it comes down to it, the spamfilter is nothing more than a glorified regular expression. So, if you want to get fancy about writting your block patterns, then go at it. Anything that you can put in /$pattern/ig is fair game. This means that you can use an regular expressions in your block/pass filters.
But if you don't feel like learning regex, or don't care, you can still do this:
domain,block,doubleclick.netIt even makes julian fries!
Important: the order of your block.conf determines which email messages are block and which are passed. So, if you have a block.conf like this:
domain,block,here.com
temail,pass,username@yourdomain.org...and someone from here.com attempts to send you an email directly, you will not receive it; It will be blocked by the spam filter.
However, if your rule reads like this:
temail,pass,username@yourdomain.org
domain,block,here.com...you will receive any email messages from here.com that are addressed directly to you. Those that are not addressed to you will be blocked.
Additionally, there are a couple of rules built into the block.conf for default spam handling:
subject,block,adv: (blocks "valid" advertisements)temail,block,unlisted-recipients (blocks mass mailings)