UC San Diego SearchMenu

Filtering Spam with Procmail (UNIX/ Linux) — Advanced

Set up mail filters to decrease junk mail (also known as spam) in your inbox. This advanced form of filtering allows you to spam "score" and create rules to prevent specific e-mail messages from being marked as spam.

In the right place? See also basic instructions.

UNIX and Linux users with access to Procmail software can use a Procmail "recipe" to set up mail filters to decrease spam.

Note: Knowledge of Procmail and its recipes is required, and a basic .procmailrc file must be set up before using these instructions. Full support for Procmail is not offered at this time, but the ACT Help Desk will attempt to answer any questions.

Getting started:

To filter spam into a separate folder, use the X-Spam-Flag header. This basic filter directs all mail with the X-Spam-Flag of YES into a folder called Spam:

# Catch SPAM
:0:
* ^X-Spam-Flag: YES
Spam

This allows you to set aside potential spam to review later. However, it forces you to use the UCSD spam filter's default setting and doesn't have a way to filter mail you know isn't spam out of the Spam folder.

Determine your preferred spam score:

UCSD's spam filtering system uses an algorithm to determine the likelihood that a given piece of mail is "spam," based on a variety of criteria. It assigns each message a score, representing the probability that the message in question is spam. A message will be tagged as spam if it receives a score of 5.0 or above.

The score is represented in the mail message graphically in the X-Spam-Level header by the number of asterisks (*). Choosing a lower value will result in a greater volume of spam directed to your spam folder, but it will also increase the likelihood of a legitimate mail message being sorted as spam.

To determine the level at which you feel comfortable filtering, examine the assigned score on a variety of messages in your Inbox. To view this, tell your mail reader to "show headers."

To change the tolerance level, you must create a recipe with the appropriate number of asterisks. Each asterisk must be prefaced with a backslash.

Examples:

  • A setting of "6 or higher:"
    * ^X-Spam-Level: Level ******
  • The whole recipe for a setting of "6 or higher:"
    # Catch SPAM
    :0:
    * ^X-Spam-Flag: YES
    * ^X-Spam-Level: ******
    Spam

Prevent certain mail from being tagged as spam:

To prevent a specific e-mail from being tagged as spam, it must be caught before the spam filter can redirect it into the spam folder. To do this, add additional stipulations to your spam recipe, requiring that a message from particular addresses or with particular subject lines before it can be added to spam. The simplest way to do this is with an exclusion recipe, using the exclamation point (!) to mean "not."

Example:

  • A pattern to exclude mail to the sysadmin-l mailing list, which tags its Subject lines with [sysadmin-l]:
    * !^Subject: .*[sysadmin-l]

You can filter on any portion of a header. In the From line, this could be an e-mail address or any visible name or word in the line. In general, put .* in front of the pattern you wish to match. You don't need a * to indicate the end of a pattern — this is built into Procmail.

Examples:

  • A pattern to exclude mail from the Green River Optical Society mailing list:
    * !^From: .*Green River Optical Society
  • A pattern to exclude mail from the Economics Life mailing list:
    * !^From: .*@econlife.com

You can stack any number of these exclusions on top of your X-Spam-Flag filter line, such as:

:0: * !^Subject: .*[sysadmin-l]
* !^From: .*Free Will Astrology
* !^From: .*@econlife.com
* ^X-Spam-Flag: YES
Spam

If you're also using the X-Spam-Level to specify a particular level, your entire recipe might be:

:0: * !^Subject: .*[sysadmin-l]
* !^From: .*Green River Optical Society
* !^From: .*@alanis.com
* ^X-Spam-Level: ******
* ^X-Spam-Flag: YES
Spam

Pay attention to filtered spam:

From now on, incoming e-mail which appears to be "spam" will be automatically moved to the new folder you created.

It's possible for legitimate e-mail to be accidentally marked as spam. Periodically check this folder to ensure that this has not occurred before deleting its contents.