My procmail .conf and .qmail-user are below
cd ~vpopmail/domains/wheely-bin.co.uk cat .qmail-welby | /usr/local/bin/procmail -m -t ./welby/Maildir/procmailrc
cat ~vpopmail/domains/wheely-bin/welby/Maildir/procmailrc
VERBOSE=off LOGABSTRACT=yes LOGFILE=./welby/proc.log COMSAT=no DIR="./welby/Maildir/" SPAM=${DIR}.SPAM/ ### Spam? ok, send to the Spam Folder... sorted :0 * ^Subject:.:SPAM: { LOG ="SPAM" :0 ${DIR}.SPAM/ } :0 * ^X-Spam-Status: YES { LOG="SPAM-2" :0 ${DIR}.SPAM/ } #No message id? its most likely junk, lets bin it :0 * !^Message-Id { LOG = "No ID " :0 /dev/null } # no to header ... ummm AYE bin it :0 * !^To: { LOG = "No To: " :0 /dev/null } # Unfortuantly i'm not brilliant at kanji, or infact any far east style language: :0 * [Bb][Ii][Gg]5 { LOG = "Big5 " :0 /dev/null } #### # I don't deal with .br, .ar or .fr, lets send them to null, or france ... wait a min! :0 * ^(From|Received).*.(com|net).(br|ar|fr) { LOG = "BR/AR/FR " :0 /dev/null } #### forgeing IP addresses HA (except for morons using IMS, # a Microsoft product which breaks an otherwise valid spam-signature # test). :0 * ^Received:.*((|[)(([0-9][0-9][0-9][0-9]+|[03-9][0-9][0-9]|2[6-9][0-9]|25[6-9]|0[0-9]).[0-9]+.[0-9]+.[0-9]+| [0-9]+.([0-9][0-9][0-9][0-9]+|[03-9][0-9][0-9]|2[6-9][0-9]|25[6-9]|0[0-9]).[0-9]+.[0-9]+| [0-9]+.[0-9]+.([0-9][0-9][0-9][0-9]+|[03-9][0-9][0-9]|2[6-9][0-9]|25[6-9]|0[0-9]).[0-9]+| [0-9]+.[0-9]+.[0-9]+.([0-9][0-9][0-9][0-9]+|[03-9][0-9][0-9]|2[6-9][0-9]|25[6-9]|0[0-9]))()|]) * !^Received:.*Internet Mail Service { LOG="ip " :0 ${SPAM} } #### More bogus IP addresses :0 * ^Received: .*[(0)+.(0)+.(0)+.(0)+].* { LOG="ip0 " :0 ${SPAM} } ## Invalid message-id format - apparantly can cause problems with people sending with arcahich #versions of exchange, so lets spam it rather than bin it :0 * !^Message-Id:[ ]* { LOG="id " :0 ${SPAM} } #### fscked urls, so obvisoly spam :0 B * http://[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9] { LOG="url as 10 digits " :0 $HOME/spam } #### had lots of spam from this lot ... buh bye :0 B * -500^0 * 500^0 (england|india|japan|china|france|belgium|arabia).com { LOG = "$country.com " :0 /dev/null } #### $insert french national anthem :0 * ^(From|Received).*wanadoo.fr { LOG="wanado fr " :0 ${SPAM} } # i HATE ecards... bintime! :0 * ^Subject: .*you have an E-Card from { LOG="e-card " :0 /dev/null } # the next few rules are from someones site, checks for forged headers from hotmail yahoo etc # hotmail-specific :0 * ^(From|Return-Path):[email protected] { :0 * ^From: ".+" * ^X-OriginalArrivalTime: * ^X-Originating-IP: [[0-9]+.[0-9]+.[0-9]+.[0-9]+] * ^Received: from hotmail.com (/... * $ ^Message-ID: { } :0 Efhw | formail -A "X-Spammers: fake hotmail" } # yahoo-specific #:0 #* ^(From|Return-Path):[email protected][a-z]+ #{ # :0 # * ^Message-ID: < ([0-9.]+.qmail|[0-9]+.[0-9A-Z]+)@/[a-z0-9-]+. yahoo.[a-z.]+ # * $ ^Received: from .+by $MATCH # { } # :0 Efhw # | formail -A "X-Spammers: fake yahoo" #} # netscape-specific :0 * ^(From|Return-Path):[email protected] { :0 * ^X-Mailer: Atlas * ^Received: from +netscape.*MAILIN * ^Return-Path: </[a-z0-9_.-][email protected][a-z.]+ * $ ^From:.*$MATCH * $ ^Received: from $MATCH.*by [a-z0-9.-]+.aol.com * ^Message-ID: <[a-z0-9]+.[a-z0-9]+.[a-z0-9][email protected][a-z.]+ { } :0 Efhw | formail -A "X-Spammers: fake netscape" } #yet again, from the 'net, 419'ers :0 B * -500^0 * 499^2 [DM][R].[ ][A-Z]* * 499^0 (LAGOS|NIGERIA|AFRICA) * 150^2 [Pp][Rr][Oo][Pp][Oo][Ss][Aa][Ll] * 150^2 [M]illion [D]ollars * 200^2 [U]nited [S]tates * 100^2 strictly private * 200^2 unclaimed * 200^2 offshore * 100^2 funds * 200^2 [P]rince * 200^2 Minist(er|ry) * 200^2 confidential * 100^2 confidence * 100^2 trustworthy * 50^2 personal * 50^2 recommend * 50^2 invoiced { LOG = "419 " :0 /dev/null } # "419" is the section of the Nigerian penal code that covers these # scammers. ## Bounces... For Bounces :0 * ^X-Loop: You have toomany shoes ${DIR}/ #allow everything else :0: * ${DIR}/