Once you know how to do it. And it works server wide! Future forum search fodder:

After MUCH headbanging, I have this working (like a charm).

All you have to do:

touch /etc/procmailrc
pico /etc/procmailrc to look like:

PATH="/usr/bin:$PATH:/usr/local/bin"
SHELL=/bin/sh
LOGFILE=/home/log/procmaillog
LOGABSTRACT=ALL
VERBOSE=OFF

#This stops a bunch of bad attachements from coming through.
#Attachments are defined in the "filename" variable. You could #add or subtract file types using the same concept as below.

:0 HB
*^Content-Disposition.*filename=".*\.(vbs|wsf|eml|shs|exe|nws|chm|pif|vbe|hta|scr|reg|bat)"
/dev/null

Then cp etc/procmailrc etc/.procmailrc
(this step added because on one raq I have it looked for /etc/procmailrc - the other didn't work until I added /etc/.procmailrc)

Then, touch /home/log/procmaillog

I read and read all kinds of tutorials, many with conflicting info.

It WAS NOT procmail.rc - that didn't work.
On my RaQ3, sendmail was already using procmail as the delivery agent. No need to hack sendmail.cf.
No need for .forward files in the /users/ directories.

I have tested and tested and so far, so good. The biggest thing is, no more of those d*mn virus attachments are coming through.

Now, can someone tell me how to rotate that log file so it doesn't get to big?

(edited to correct typing mistake)

Have fun,

many thanks for your work! I'll give this a try on my 3 soon.
Sean

Is it pico /etc/procmailrc or pico /etc/.procmailrc?

Also how do you
1) copy email to a folder (say /home/viruses)
2) reply to sender that msg possible virus

As for the rotate log, you could run a mv command in /etc/crontab

-- file rotate.sh ----
#!/bin/sh
LOG="/home/viruses/procmail.log"
mv $LOG $LOG".1"
--- end file ----

--- /etc/crontab -------
1 1 * * * root /home/viruses/rotate.sh

Just an update - the recipe for procmailrc above is only catching about 1/2 of what I want it to. I am working on improving the filtering, and when I get something that is really effective I'll post it.

If anyone else has some improvements to the recipe, please post!

Give this one a try.

http://www.spambouncer.org/

but it would not allow to send any .exe files, right?

Thsi procmail stuff is great, but a weird thing occurs.
When i send a scr file to myself using a outside account he moves it to /dev/null as he should, but still i'm receiving lots of other scr files from others wich for some weird reason are not removed.

How could this be?????

My procmail wich i constructed from this and other threads:

PATH="/usr/bin:$PATH:/usr/local/bin"
SHELL=/bin/sh
LOGFILE=/home/log/procmaillog
LOGABSTRACT=ALL
VERBOSE=OFF

#This stops a bunch of bad attachements from coming through.
#Attachments are defined in the "filename" variable. You could
#add or subtract file types using the same concept as below.

:0 HB
*^Content-Disposition.*filename=".*\.(vbs|wsf|eml|shs|exe|nws|chm|pif|vbe|hta|scr|reg|bat)"
/dev/null

# This is the WTC virus that is going around after the bombings

:O
* ^Subject: Fwd: Peace BeTween AmeriCa And IsLam
/dev/null

# Kill junk mail sent to bmaster, and Undisclosed.Recipients

:0:
* ^TO_(bmaster|Undisclosed.Recipients)@
/dev/null




Anyone any suggestions?

does anyone of you have a solution on how to let the user set up his own rule set?

to catch certain files upfront might be fine for some, but if i'm using certain keywords in general, i might sensor somebody's e-mail w/out wanting to. i'd rather want this to be the prob of the user...

still, like your initial idea of blocking certain file types through procmailrc

-zulu42