AFP548 Site News August 6, 2004 at 4:22 pm

Procmail on Panther Server

For those of us who either don’t want to use sieve, or haven’t been able to make it work properly–despite Mr. Rennich’s best efforts to help–setting up procmail filtering is not too difficult. This configuration assumes that, if you are using SpamAssassin scanning (and please do), you are doing so via amavisd and not procmail (the amavisd method is superior, for several reasons that are outside the scope of this post). It also assumes that you are reasonably competent on the command line. If you don’t know vi, learn it. Trust me, you will thank me for it someday.

Create a system-wide procmail recipe file

The file /etc/procmailrc should read:

#
# /etc/procmailrc - System-wide procmail recipes
#
SHELL=/bin/sh
#LOGFILE=/var/log/procmail.log  # for testing & troubleshooting
VERBOSE=no
USER=`echo $USER | /usr/bin/tr A-Z a-z` # force lowercase username
USERINBOX="/usr/bin/cyrus/bin/deliver -e -a $USER -m user/$USER"
INCLUDERC=/Users/$USER/.procmailrc  # allow users to create their own recipes
# if not told otherwise, deliver all messages to the user's inbox
:0w
| $USERINBOX


Be sure that procmail can read /etc/procmailrc

Execute the following commands:

sudo chown root:mail /etc/procmailrc
sudo chmod 640 /etc/procmailrc

Note that any .procmailrc files in user home directories will need to have the same permissions, with the exception that the users should be the owner of their respective .procmailrc files. Also, if you want to enable system-wide procmail logging, uncomment the LOGFILE line in /etc/procmailrc, and execute the following commands:

touch /var/log/procmail.log
sudo chown root:mail /var/log/procmail.log
sudo chmod 664 /var/log/procmail.log


Add procmail to postfix’s service list

Add the following lines to the end of /etc/postfix/master.cf:

procmail  unix  -       n       n       -       -       pipe
  flags=R user=cyrus argv=/usr/bin/procmail -t -m USER=${user}
  EXTENSION=${extension} /etc/procmailrc

Note that this step does not turn on procmail or modify postfix’s behavior, it simply makes procmail available to postfix.

Turn on procmail

Here’s where the rubber meets the road, and you change postfix’s behavior. Edit /etc/postfix/main.cf. Find the line that reads:

mailbox_transport = cyrus

Comment that line, and add two more, like so:

#mailbox_transport = cyrus
mailbox_transport = procmail
mailbox_command = /usr/bin/procmail -t -a "$EXTENSION"


Turn it on

Issue the following command:

sudo postfix reload

Now, send yourself an email and be sure it gets to you. Send a message through your server to an outside address and make sure it gets there. If things don’t seem to work, then enable procmail logging, as described above, and check the following logs for troubleshooting hints:

/var/log/procmail.log
/var/log/system.log
/var/log/mail.log

If everything boogers when you turn it on and you decide to take your toys and go back home, simply comment the two lines you added to /etc/procmail/main.cf (see above), uncomment the original mailbox_transport line, and issue another sudo postfix reload command.

If you (or your users) want to create individual procmail rules, then create a .procmailrc file in the appropriate user’s home directory and add recipes to it. For example, I create the following .procmailrc file in every user’s home directory:

# This is a sample .procmailrc file. It must be readable
# by the "mail" group in order to work properly.

# To filter incoming email, modify the rules below.
# Please be familiar with procmail first; google for "procmail recipes".
 
# The "USERINBOX" variable is a system-level procmail variable that
# designates your top-level mailbox (INBOX). As far as this system is
# concerned, your other mailboxes reside within your INBOX, even
# though they may not show up that way in your IMAP client.

# For example:
# Uncomment the three lines below if you want incoming messages
# that have been tagged as spam by SpamAssassin to be automatically 
# filed into your "Junk" mailbox. Note that the "Junk" mailbox must
# already exist; procmail cannot create Cyrus mailboxes on-the-fly.

#:0 H
#* X-Spam-Flag: YES
#| $USERINBOX/Junk


Finally, the usual caveats apply regarding Server Admin: NEVER AGAIN use Server Admin to modify your mailserver settings, or it will rip out your modifications by their roots. Maybe this will be fixed in Tiger, but that remains to be seen. For good measure, I always keep a backup copy of my customized /etc/postfix/main.cf and /etc/postfix/master.cf files on hand.

No Comments

  • Procmail is an alternative, to some degree, to using Amavis to do the scanning. Personally I HATE procmail, but since some people want/need to use it, I was happy that Jon wrote up some notes about deploying it.

    Having said that, I don’t know if Jon is still using it. He and I worked through the issues he was having with Sieve, so he may have bailed on procmail.


    Changing the world, one server at a time.

    Joel Rennich
    http://www.afp548.com

  • one reason to use procmail/spamassassin – if you wanted to allow your users
    to have indiviual user_prefs files. amavisd doesn’t allow this… however, you
    can define some sa per-recipient settings in amavisd.conf if you wanted to
    score spam differently for each user, i ditched procmail 🙂

Leave a reply

You must be logged in to post a comment.