File: /usr/iports/etc/procmailrc
#LOGFILE=/var/log/procmail.log
LOGFILE=/dev/null
#VERBOSE=NO
#LOGABSTRACT=YES
VIRUS=DEL
SPAMD=ON
PSPAM=MARK
CSPAM=DEL
SUBJ_VIRUS='*VIRUSVERDACHT*:'
SUBJ_PSPAM='*SPAMVERDACHT*:'
SUBJ_CSPAM='*SPAMERKANNT*:'
CLEVEL='\*\*\*\*\*\*\*\*\*\*\*\*'
POSTFIX='batcomdllexepif|scr|vbs'
SIZE=2560000
TIMEOUT=300
CSPORT=1783
###########################################
## DO NOT CHANGE ANY LINES BELOW THIS!!! ##
## GENERALLY USE YOUR EASYTECC TOOL TO ##
## CHANGE ANY SPAM SETTINGS HERE !! ##
###########################################
# prevent [t]csh...
SHELL=/bin/sh
# we deliever to boxes in the form user@domain.tld and get called
# by ..../procmail -a user@domain.tld which sets $1 to email addr
# So change LOGNAME
#LOGNAME=$1
# das ist leider nur die halbe wahrheit oder auch der ganze fehler
# LOGNAME kommt mal als -a ($1) und manchmal auch als -d ($LOGNAME)
ARG=$1
:0
* ARG ?? ^.+@.+\..+$
{
LOGNAME=$ARG
}
:0 fW
| formail -I "X-KSD: <$LOGNAME>";
### start global
# get msgid for log
:0 W
{
MSGID=`formail -xMessage-Id: | sed -e 's/[< >]//g'`
TIMESTAMP=`date +"%b %e %H:%M:%S"`
HOSTNAME=`hostname -s`
LONGHOST=`hostname`
LOGTXT="$TIMESTAMP $HOSTNAME procmail[$$]: $MSGID:"
}
LOG="$LOGTXT recipient is $LOGNAME
"
# get deliver
DELIVER='/etc/deliverrc'
## start allowed senders
:0 W
{
RECEIVED=`formail -X "Received:" | tr "\n" " " | tr "\t" " " | sed -e "s/[ ]\{1,\}/ /g ; s/^ //g ; s/^[0-9]\{1,\}/&:/"`
# allowed ips
:0
* RECEIVED ?? ^Received: from .*\(.*\[\/[0-9.]+
{
SOURCEIP=$MATCH
LOG="$LOGTXT using $SOURCEIP for ip checks
"
:0 W
{
SOURCEIPREGEX=`echo "$SOURCEIP" | sed -e "s/\./\\\./g"`
}
# own ip
:0 W
{
MYIP=`resolveip -s $LONGHOST`
:0
* $ MYIP ?? ^$SOURCEIPREGEX$
{
LOG="$LOGTXT won't filter mail from myself
"
INCLUDERC=$DELIVER
}
}
# webserver
:0
* HOST ?? ^*.-mail\.
{
:0 W
{
WEBHOST=`echo "$HOST" | sed -e "s/-mail\./\./g"`
:0
* $ RECEIVED ?? ^Received[: ]*from[: ]$WEBHOST
* SOURCEIP ?? ^83\.138\.
{
LOG="$LOGTXT won't filter mail from webserver
"
INCLUDERC=$DELIVER
}
}
}
# relays
:0 W
{
RELAYS=`grep -E '^[^ *#].*RELAY$' /etc/mail/access | sed -e "s/[ ]*RELAY//g" | tr "\n\t" " " | tr -s " "`
:0
* $ RELAYS ?? ^$SOURCEIPREGEX$
{
LOG="$LOGTXT won't filter mail from relay
"
INCLUDERC=$DELIVER
}
}
}
:0 E
{
LOG="$LOGTXT failed to find ip in header
"
:0 W
{
RETURNPATH=`formail -xReturn-Path: | sed -e "s/[<>]//g"`
}
# mailer daemon
:0
* RECEIVED ?? ^Received: from localhost
* RETURNPATH ?? ^MAILER-DAEMON$
{
LOG="$LOGTXT won't filter mail from mailer daemon
"
INCLUDERC=$DELIVER
}
}
}
## end allowed senders
### end global
### start user
## start whitelist / blacklist independant from spamproc (cascading)
# get whitelist
:0 W
* ? test -s /home/$LOGNAME/.white.lst
{
WHITELIST=/home/$LOGNAME/.white.lst
}
:0 E
{
:0 W
* DOMAIN ?? ^$
{
# domain from LOGNAME
DOMAIN=`echo "$LOGNAME" | sed -e 's/.*@// ; s/>.*$//g'`
:0 W
* DOMAIN ?? ^$
{
# domain from recipients
DOMAIN=`formail -c -xTo: -xCC: | sed 's/,/\n/g ; s/ //g ; s/.*@//g ; s/>.*$//g' | tr -s '\n' | awk '{domains[$1]=$1} END {if (length(domains) == 1) for (domain in domains) print domain}'`
:0 W
* DOMAIN ?? ^$
{
# domain from passwd
DOMAIN=`grep -E "^$LOGNAME:.* - POP:.*" /etc/passwd | awk -F ':' '{print $5}' | sed -e 's/ .*//g'`
}
}
}
:0 W
* ! DOMAIN ?? ^$
* ? test -s /home/$DOMAIN/.white.lst
{
WHITELIST=/home/$DOMAIN/.white.lst
}
:0 WE
* ? test -s /home/spamdef/.white.lst
{
WHITELIST=/home/spamdef/.white.lst
}
}
# check whitelist
:0
* ! WHITELIST ?? ^$
{
LOG="$LOGTXT using whitelist $WHITELIST
"
# get from
:0 W
{
FROM=`formail -XFrom: | formail -r -xTo: | tr -d ' '`
LOCALPART=`echo $FROM | sed -e 's/\@[^\@]*$//'`
DOMAINPART=`echo $FROM | sed -e 's/^.*\@// ; s/\.[^\.]*$// ; s/\.*[^\.]*/(&)?/g'`
TLDPART=`echo $FROM | sed -e 's/^.*\.//'`
FROMREGEX="(($LOCALPART@)?$DOMAINPART)?.$TLDPART"
}
:0 W
* ? egrep -qixe "$FROMREGEX" $WHITELIST
{
LOG="$LOGTXT $FROM whitelisted in $WHITELIST
"
INCLUDERC=$DELIVER
}
}
:0 E
{
LOG="$LOGTXT no whitelist defined
"
}
# get blacklist
:0 W
* ? test -s /home/$LOGNAME/.black.lst
{
BLACKLIST=/home/$LOGNAME/.black.lst
}
:0 E
{
:0 W
* DOMAIN ?? ^$
{
# domain from LOGNAME
DOMAIN=`echo "$LOGNAME" | sed -e 's/.*@// ; s/>.*$//g'`
:0 W
* DOMAIN ?? ^$
{
# domain from recipients
DOMAIN=`formail -c -xTo: -xCC: | sed 's/,/\n/g ; s/ //g ; s/.*@//g ; s/>.*$//g' | tr -s '\n' | awk '{domains[$1]=$1} END {if (length(domains) == 1) for (domain in domains) print domain}'`
:0 W
* DOMAIN ?? ^$
{
# domain from passwd
DOMAIN=`grep -E "^$LOGNAME:.* - POP:.*" /etc/passwd | awk -F ':' '{print $5}' | sed -e 's/ .*//g'`
}
}
}
:0 W
* ! DOMAIN ?? ^$
* ? test -s /home/$DOMAIN/.black.lst
{
BLACKLIST=/home/$DOMAIN/.black.lst
}
:0 WE
* ? test -s /home/spamdef/.black.lst
{
BLACKLIST=/home/spamdef/.black.lst
}
}
# check blacklist
:0
* ! BLACKLIST ?? ^$
{
LOG="$LOGTXT using blacklist $BLACKLIST
"
# get from
:0 W
* FROM ?? ^$
{
FROM=`formail -XFrom: | formail -r -xTo: | tr -d ' '`
LOCALPART=`echo $FROM | sed -e 's/\@[^\@]*$//'`
DOMAINPART=`echo $FROM | sed -e 's/^.*\@// ; s/\.[^\.]*$// ; s/\.*[^\.]*/(&)?/g'`
TLDPART=`echo $FROM | sed -e 's/^.*\.//'`
FROMREGEX="(($LOCALPART@)?$DOMAINPART)?.$TLDPART"
}
:0 W
* ? egrep -qixe "$FROMREGEX" $BLACKLIST
{
LOG="$LOGTXT $FROM blacklisted in $BLACKLIST. message deleted.
"
:0
/dev/null
HOST
}
}
:0 E
{
LOG="$LOGTXT no blacklist defined.
"
}
## end whitelist / blacklist
## start get config
:0 W
* ? test -s /home/$LOGNAME/.spamproc
{
SPAMPATH=$LOGNAME
}
:0 E
{
:0 W
* DOMAIN ?? ^$
{
# domain from LOGNAME
DOMAIN=`echo "$LOGNAME" | sed -e 's/.*@// ; s/>.*$//g'`
:0 W
* DOMAIN ?? ^$
{
# domain from recipients
DOMAIN=`formail -c -xTo: -xCC: | sed 's/,/\n/g ; s/ //g ; s/.*@//g ; s/>.*$//g' | tr -s '\n' | awk '{domains[$1]=$1} END {if (length(domains) == 1) for (domain in domains) print domain}'`
:0 W
* DOMAIN ?? ^$
{
# domain from passwd
DOMAIN=`grep -E "^$LOGNAME:.* - POP:.*" /etc/passwd | awk -F ':' '{print $5}' | sed -e 's/ .*//g'`
}
}
}
:0 W
* ! DOMAIN ?? ^$
* ? test -s /home/$DOMAIN/.spamproc
{
SPAMPATH=$DOMAIN
}
}
:0 W
* ! SPAMPATH ?? ^$
{
LOG="$LOGTXT using config for $SPAMPATH
"
CONFIG=`head -20 /home/$SPAMPATH/.spamproc | sed -e "/^ *$/d ; /^#/d ; s/'$//g"`
}
:0 E
{
LOG="$LOGTXT using global config.
"
SPAMPATH="spamdef"
}
## end get config
## start virus extension
:0
* CONFIG ?? ^VIRUS=\/.*
{
VIRUS=$MATCH
}
:0 W
* ! VIRUS ?? ^OFF$
{
:0
* CONFIG ?? ^POSTFIX='\/.+
{
POSTFIX=$MATCH
}
:0
* CONFIG ?? ^SUBJ_VIRUS='\/.+
{
SUBJ_VIRUS=$MATCH
}
:0 WHB
* ! POSTFIX ?? ^$
* $ ^.*name=\"?.*\.($POSTFIX)\"?$
{
LOG="$MATCH
"
SUBJ_=`formail -xSubject: | expand | sed -e 's/^[ ]*//g ; s/[ ]*$//g'`
:0 fW
| formail -i "Subject: $SUBJ_VIRUS $SUBJ_";
:0
* VIRUS ?? ^DEL$
{
LOG="$LOGTXT forbidden extension ($POSTFIX) found. message deleted.
"
:0
/dev/null
HOST
}
:0 E
* VIRUS ^MARK$
{
JUNK="YES"
LOG="$LOGTXT forbidden extension ($POSTFIX) found
"
}
}
}
## end virus extension
## start clamav+spamasassin
:0
{
CLAMCONF=`cat /etc/sysconfig/clamav-milter`
:0
* CLAMCONF ?? ^MILTER_ON=\/.*
{
CLAMAV=$MATCH
}
}
:0
* CLAMAV ?? ^YES$
* ? test -s /etc/sysconfig/clamav-whitelist
{
VIRUSWHITELIST=/etc/sysconfig/clamav-whitelist
# get from
:0 W
* FROM ?? ^$
{
FROM=`formail -XFrom: | formail -r -xTo: | tr -d ' '`
LOCALPART=`echo $FROM | sed -e 's/\@[^\@]*$//'`
DOMAINPART=`echo $FROM | sed -e 's/^.*\@// ; s/\.[^\.]*$// ; s/\.*[^\.]*/(&)?/g'`
TLDPART=`echo $FROM | sed -e 's/^.*\.//'`
FROMREGEX="(($LOCALPART@)?$DOMAINPART)?.$TLDPART"
}
# virus whitelist
:0 W
* ? egrep -qixe "$FROMREGEX" $VIRUSWHITELIST
{
LOG="$LOGTXT $FROM whitelisted in $VIRUSWHITELIST
"
CLAMAV="WHITELISTED"
}
}
:0 E
{
LOG="$LOGTXT no virus whitelist defined
"
}
# cshost
:0 W
* ? test -s /etc/cshost
{
CSHOST=`cat -e /etc/cshost | sed -e 's/\$$//g'`
}
:0 E
{
CONFIG=""
SPAMD="OFF"
CLAMAV="NO"
}
# get config
:0
* CONFIG ?? ^SPAMD=\/.*
{
SPAMD=$MATCH
}
:0 W
* ! SPAMD ?? ^OFF$
{
:0
* CONFIG ?? ^PSPAM=\/.*
{
PSPAM=$MATCH
}
:0
* CONFIG ?? ^SUBJ_PSPAM='\/.*
{
SUBJ_PSPAM=$MATCH
}
:0
* CONFIG ?? ^CSPAM=\/.*
{
CSPAM=$MATCH
}
:0
* CONFIG ?? ^SUBJ_CSPAM='\/.*
{
SUBJ_CSPAM=$MATCH
}
:0
* CONFIG ?? ^CLEVEL='\/.*
{
CLEVEL=$MATCH
}
}
# spamd and clamav disabled
:0
* SPAMD ?? ^OFF$
{
LOG="$LOGTXT spam test disabled
"
:0
* CLAMAV ?? ^YES$
{
LOG="$LOGTXT virus test disabled implicitly
"
}
}
:0 WE
{
VS=`hostname | sed -e 's/\..*$//g'`
:0 fW
* < $SIZE
| /usr/sbin/spamc -u "$SPAMPATH@$VS" -t 20 -d $CSHOST -s $SIZE -p $CSPORT
#virus
:0 W
* ^X-Spam-Virus: Yes
* CLAMAV ?? ^YES$
{
VIRNAME=`formail -xX-Spam-Virus: | sed -e 's/ Yes (//g ; s/)//g'`
LOG="$LOGTXT virus '$VIRNAME' found
"
:0
* CLAMCONF ?? ^NOXHEADER=\/.*
{
NOXHEADER=$MATCH
}
:0 fW
* NOXHEADER ?? ^YES$
| formail -I X-Spam-Virus:;
:0
* CLAMCONF ?? ^TEMPLATE=\/.*
{
TEMPLATE=$MATCH
}
:0 W
* TEMPLATE ?? ^YES$
{
CLAMTEMPLATE=`cat /etc/sysconfig/clamav-template`
SUBJ_=`formail -xSubject: | expand | sed -e 's/^[ ]*//g ; s/[ ]*$//g'`
VIRSUBJ=`echo "$CLAMTEMPLATE" | grep -e "^Subject:" | sed -e "s/^Subject: //g ; s/%s/$SUBJ_/g"`
VIRFROM=`formail -XFrom: | formail -r -xTo: | tr -d ' '`
VIRTO=`echo "$LOGNAME" | sed -e 's/^[ ]*//g ; s/[ ]*<[ ]*//g ; s/[ ]*>[ ]*//g'`
VIRBODY=`echo "$CLAMTEMPLATE" | grep -v "^Subject:.*$" | sed -e "/^[ ]*$/d ; s/%f/$VIRFROM/g ; s/%t/$VIRTO/g ; s/%v/$VIRNAME/g"`
:0
* CLAMCONF ?? ^FROM=\/.*
{
VIRSENDER=$MATCH
}
:0 fW
* ! VIRSENDER ?? ^$
| formail -i "From: $VIRSENDER";
:0 fW
* ! $VIRSUBJ ?? ^$
| formail -i "Subject: $VIRSUBJ"
:0 fW : $MSGID.lock
| formail -I "Content-Type: text/plain";
:0 fbW
| echo "$VIRBODY";
}
JUNK="YES"
INCLUDERC=$DELIVER
}
#spam
:0 W
* ^X-Spam-Status: Yes
{
SUBJ_=`formail -xSubject: | expand | sed -e 's/^[ ]*//g ; s/[ ]*$//g'`
#sure spam
:0
* $ ^X-Spam-Level: $CLEVEL
{
:0
* CSPAM ?? ^DEL$
{
LOG="$LOGTXT spam found. message deleted.
"
:0
/dev/null
HOST
}
:0 E
* CSPAM ?? ^MARK$
{
LOG="$LOGTXT spam message marked in subject
"
:0 fW
| formail -i "Subject: $SUBJ_CSPAM $SUBJ_";
}
:0 E
* CSPAM ?? ^HEADER$
{
LOG="$LOGTXT spam message marked in header
"
:0 fW
| formail -A "X-Spam-Info: $SUBJ_CSPAM";
}
}
#probably spam
:0 E
{
:0 W
* PSPAM ?? ^MARK$
{
LOG="$LOGTXT probably spam message marked in subject
"
:0 fW
| formail -i "Subject: $SUBJ_PSPAM $SUBJ_";
}
:0 E
* PSPAM ?? ^HEADER$
{
LOG="$LOGTXT probably spam message marked in header
"
:0 fW
| formail -A "X-Spam-Info: $SUBJ_PSPAM";
}
}
JUNK="YES"
INCLUDERC=$DELIVER
}
}
INCLUDERC=$DELIVER
# we should never reach here
# fixing (F)rom
:0
* ^^rom[ ]
{
:0 fhW
| sed -e '1s/^/F/'
}