PROCMAIL

最近郵件病毒肆虐,因此,我希望能從主機上直接過濾外來的郵件。procmail是不錯的選擇。
廣告、垃圾信件漫天飛,只要來第一封,就加入信件過濾規則中,就再也收不到了。

安裝procmail:

Ports的方式安裝procmail。

建立procmail的設定檔:

vi /usr/local/etc/procmailrc 
MAILDIR=/var/mail
VERBOSE=off
PATH=/bin:/sbin:/usr/bin:/usr/sbin/:/usr/local/bin:/usr/local/sbin
LOGFILE=/var/log/procmail.log

# procmail 會寄進來的郵件依下列規則逐一過濾,未符合底下規則的信件都放行。

# 過濾這樣的主旨(WORM_KLEZ.G):
:0b
* ^Subject:.*(Let's be friends)
/dev/null

# 根據 ip 地址來防止濫發郵件?
:0:
* ^Received:.*(s(n[0-9]|ky)\.seed\.net\.tw|\.is\.net\.tw|\.HINET-IP\.hinet\.net|\.ethome\.net\.tw) 
/dev/null

# 過濾附件中有下列副檔名的信件。
:0 B
* ^Content-Type:.*
* ^.*name=.*\.(hta|com|pif|vbs|vbe|js|jse|exe|bat|cmd|vxd|scr|shm|dll|SCR)
/dev/null

* ^.iframe src=3Dcid
/dev /null

# 這些寄件者的來信直接丟棄
:0 Hw
* ^.*[Ff]rom:.*MAILER-DAEMON|bgates@microsoft.com
/dev/null

#SirCam Virus
:0 Bh  
*I send you this file in order to have your advice
/dev/null

#Nimda Virus
:0 Bh
* ^Content-Type:.*audio/x-wav.*
* name="readme.exe"
/dev/null

:0 Bh
* ^Content-Type:.*audio/x-wav.*
* name="sample.exe"
/dev/null

:0 B
* ^Content-Type:.*multipart/mixed.*
* name="readme.exe"
/dev/null

:0 B
* ^Content-Type:.*multipart/mixed.*
* name="sample.exe"
/dev/null

請參考臺南縣教育網路中心的設定檔: ftp://ftp.tnc.edu.tw/pub/Sysop/MAIL/procmailrc
http://qef.h.kobe-u.ac.jp/special/spamlist.txt
修改完畢存檔後便可立即套用,無需重新啟動 sendmail 。

2002.04.30 我發現透過 webmail 收信也會中毒,病毒(WORM_KLEZ.G)透過網頁,瀏覽時就會強迫你下載,還來不及反應就中鏢了。

Sendmail + Procmail (IN FreeBSD 4.4-RELEASE):

cd /etc/mail
vi freebsd.mc		 
divert(-1)
divert(0)
VERSIONID(`$FreeBSD: src/etc/sendmail/freebsd.mc,v 1.10.2.11 2001/07/14 18:07:27
 gshapiro Exp $')
OSTYPE(freebsd4)
DOMAIN(generic)

FEATURE(access_db, `hash -o /etc/mail/access')
FEATURE(blacklist_recipients)
FEATURE(local_lmtp)
FEATURE(mailertable, `hash -o /etc/mail/mailertable')
FEATURE(relay_based_on_MX)
FEATURE(virtusertable, `hash -o /etc/mail/virtusertable')

define(`confCW_FILE', `-o /etc/mail/local-host-names')

define(`confMAX_MIME_HEADER_LENGTH', `256/128')
define(`confNO_RCPT_ACTION', `add-to-undisclosed')
define(`confPRIVACY_FLAGS', `authwarnings,noexpn,novrfy')
MAILER(local)
MAILER(smtp)
增加一行,改為: 
divert(-1)
divert(0)
VERSIONID(`$FreeBSD: src/etc/sendmail/freebsd.mc,v 1.10.2.11 2001/07/14 18:07:27
 gshapiro Exp $')
OSTYPE(freebsd4)
DOMAIN(generic)

FEATURE(access_db, `hash -o /etc/mail/access')
FEATURE(blacklist_recipients)
FEATURE(local_lmtp)
FEATURE(mailertable, `hash -o /etc/mail/mailertable')
FEATURE(relay_based_on_MX)
FEATURE(virtusertable, `hash -o /etc/mail/virtusertable')

define(`confCW_FILE', `-o /etc/mail/local-host-names')

define(`confMAX_MIME_HEADER_LENGTH', `256/128')
define(`confNO_RCPT_ACTION', `add-to-undisclosed')
define(`confPRIVACY_FLAGS', `authwarnings,noexpn,novrfy')
FEATURE(local_procmail)
MAILER(local)
MAILER(smtp)
建立一個有支援procmail的sendmail.cf檔:
make all install
新的sendmail.cf主要變更如下: 
Mlocal,         P=/usr/local/bin/procmail, F=lsDFMAw5:/|@qSPfhn9, S=EnvFromL/HdrFromL, R=EnvToL/HdrToL,
                T=DNS/RFC822/SMTP,
                A=procmail -Y -a $h -d $u

重新啟動sendmail:

killall sendmail
/usr/sbin/sendmail -bd -q30m

網路上的資源: