LINUX GAZETTE


[ Prev ][ Table of Contents ][ Front Page ][ Talkback ][ FAQ ][ Next ]

"Linux Gazette...making Linux just a little more fun!"


Mailfilter - a program to protect you from spam

By Matthias Arndt


1. What is mailfilter?

Mailfilter is a very usable tool. It helps you to keep spam away from your mailbox. Contrary to the filtering with procmail, mailfilter filters the mail online. This means that mailfilter deletes unwanted spam directly from your POP3 account before fetchmail (or your favourite POP3 client) even sees it. This is different from procmail, which zaps the spam after it's been downloaded and is about to be put into your mailbox. (Examples of using procmail are in a recent Linux Gazette article, http://linuxgazette.net/issue62/okopnik.html.)

The benefit from that is that you won't download the spam anymore. This saves bandwidth and makes you a lot happier especially if you have a slow Internet link.

Mailfilter is a very good tool, easy to install and easy to maintain. You can add it to your .fetchmailrc as well, thus automating the procedure of deleting unwanted spam before downloading.

2. Installing mailfilter

Installing mailfilter is very easy. Just download mailfilter as source (.tar.gz file) from http://mailfilter.sourceforge.net/ and follow the following steps.

  1. unpack the archive to a temporary place
  2. change to the temporary directory where you unpacked the source tree
  3. type ./configure
  4. make
  5. as root (use su if needed): make install
Read the fine manual supplied in the source package to gain more information.

To run mailfilter, just type mailfilter on the prompt. Watch out! Mailfilter needs a valid configuration file to work properly.

3. The mailfilter configuration file

3.1 Creation of the file

You can download a sample copy of this file from mailfilter.sourceforge.net, - but we will create this file from scratch here.

Each user who wants to use mailfilter, needs a configuration file. this file is called .mailfilterrc. It has to be located in the home directory of the user.

Follow these steps to create the file and make it (at least a little bit) secure.

  1. go to your favourite shell prompt, make sure you are not root (in a terminal window or on the console)
  2. type cd to go to the root of your home directory
  3. type touch .mailfilterrc
  4. type chmod 600 .mailfilterrc to prevent somebody else (than root) to read it
  5. now launch your favourite editor to edit .mailfilterrc
We need to chmod the file because mailfilter stores the passwords of your POP3 account(s) as plain text!

Now we need to add some content to the configuration file. Mailfilter will refuse to work if the configuration file is missing.

3.2 comments in the mailfilter configuration file

Lines beginning with a # are comments and thus ignored by mailfilter. Empty lines are ignored as well.

3.3 adding basic info to the mailfilter configuration file

The most important part of the configuration file contains information of your mail account. Just add the following lines to the mailfilterrc file. You may specify more than one account.

Currently, mailfilter only supports POP3 accounts.

It is important not to change the order of the lines.

Make sure that the keywords are capitalized, Server instead of SERVER will not be recognized by mailfilter.

Another important option is to specify a logfile using the following line.

Mailfilter will refuse to work if you do not specify a logfile. If you do not want to keep logs, use /dev/null as the logfile entry.

Now, you'll have a very basic configuration file. Mailfilter now will run but it won't do anything useful on the mail.

3.4 adding filter rules to the configuration file

This is the trickier part of the mailfilter configuration. We will now add commands to actually do something useful with our mail.

This is done by adding special command lines to the configuration file. Mailfilter uses regular expressions for the filtering.

3.4.1 specify if mailfilter should be case-sensitive when filtering

To do this, add the following line to your configuration file.

Or use yes but ignoring case makes filtering much easier.

3.4.2 specify if mailfilter should normalize text

This allows mailfilter to accept ``,L.E-G,A.L; ,C.A-B`L`E, +.B-O`X` ;D`E`S,C;R,A.MB;L,E.R-]'' as ``LEGAL CABLE BOX DESCRAMBLER''.

Be careful! mailfilter will not try to interpret ``v i a g r a'' as viagra so blanks are not normalized.

3.4.3 adding support to kill unwanted mail by subject

This is easy. Add the following line to your configuration file.

Substitute some text with the text you want to filter.

3.4.4 adding support to kill spam from specified senders

This will become handy if you receive spam from the same address. Use the following syntax:

Replace [email protected] with the email address of the spammer.

You may kill spam from entire domains as well. Use this syntax to achieve that:

Replace domain with the name of the spamming domain.

As you can see, the way to tell mailfilter what to do follows an easy to use scheme. You may block mail by CC, BCC, TO as well.

3.4.5 allowing specific senders

This feature allows mailfilter to ignore mail sent by a specific person even if one of the other filters would apply.

Any mail from the specified email address would be kept.

You may apply this to specific subjects as well. If a spammer starts talking about mailfilter, for example.


4. How to automate spam filtering by using fetchmail?

Fetchmail has a feature to call filter programs before fetching the mail. Add the following to your .fetchmailrc to call mailfilter every time you download your mail.

preconnect mailfilter
Replace mailfilter in the line above with the complete path and the name of the mailfilter binary. /usr/local/bin/mailfilter for example.

Be careful! If mailfilter fails (config file damaged, password wrong, etc.), fetchmail will not connect. So test your mailfilter configuration standalone each time you add a new directive.

5. Conclusion

Mailfilter is a very good tool. I wasn't able to force fetchmail to filter in the body of a mail. But at least, it allows working spam protection if the addresses of the spammers are valid.

This works very good and I can only emphasize: give mailfilter a try, especially if your Internet link is slow and you receive a lot of spam.

Matthias Arndt

I'm a Linux enthusiast from northern Germany. I like plain old fifties rock'n'roll music, writing stories and publishing in the Linux Gazette, of course. Currently I'm studying computer science in conjunction with economics.


Copyright © 2001, Matthias Arndt.
Copying license http://www.linuxgazette.net/copying.html
Published in Issue 67 of Linux Gazette, June 2001

[ Prev ][ Table of Contents ][ Front Page ][ Talkback ][ FAQ ][ Next ]