The global /etc/procmail.rc file and the user $HOME/.procmailrc have the same structure. A Procmail rule follows the format:
:0 [flags]:LockFile * zero or more conditions, one condition per line one action
An optional lock file :lockFile can be specified. To use the normal lock file, use: (colon) only; for example:
:0:
Flags are used to inspect part of the email or to execute actions. Table 16-3 lists the main flags.
Table 16-3. The main flags used in Procmail rules
Flag | Description |
|---|---|
b | Uses the body in the action. |
h | Uses the header in the action. |
c | Sends a copy of the email. |
f | Uses the pipe as a filter. |
w | Waits until the program is finish executing before proceeding. |
B | Parses the body of the image. |
H | Parses the headers of the message. |
By default, both the header and the body are used in the action, and the headers are processed. :0 bhH is equivalent to :0.
All conditions must match in order to execute the action. To match condition 1 OR condition 2, use a pipe (|) as in:
* From: friend1*domain.com|From: friend2@domain.com
Normal conditions are regular expressions. Procmail shares its syntax with the tool egrep and recognizes the special characters listed in Table 16-4.
Table 16-4. Regular expression characters recognized by Procmail
Character | Description |
|---|---|
^ | Start of the line. If not specified, the pattern is matched anywhere in the stream. |
$ | End of the line. |
y | Any character. To match the dot character, use |
| Zero or one occurrence of |
| Zero or more occurrences of |
| One or more occurrences of |
| Any character between |
| Any character not between |
|
|
Procmail also provides the special expressions ^TO_:. TO_address matches address in any of the destination headers (e.g., To, Cc, etc.).
Other special conditions are listed in Table 16-5.
Table 16-5. Other special conditions
Condition | Description |
|---|---|
! | Inverts a condition. |
? | Uses the return code of an external program. See ClamAV with Procmail. |
| Matches if the length of the email is greater than |
| Matches if the length of the email is less than |
| Matches the variable |
You can use Procmail blacklist email addresses. This example discards all emails from john@blacklist.com:
:0
* ^From: john@blacklist.com
/dev/null/dev/null is a special device on Unix-like operating systems (e.g., Linux, FreeBSD) that discards all data sent to it. Redirecting a file or an email to /dev/null deletes the file or email.
If procmailrc contains more than one rule, Procmail exits after the first match. Put the whitelists at the top the file. This example accepts a couple of domain names and excludes the others:
:0 h * ^From:john@domain.com${DEFAULT} :0 h * ^From:jane@domain.com${DEFAULT} :0 * ^From: .*@domain.com/dev/null
Alternatively, the email addresses can be stored in an external file blacklist.txt. To extract the From field of the email, use formail, an external command-line tool:
:0 h * ? formail -x"From:" | egrep -i blacklist.txt /dev/null
To send a copy to the original recipe and to important@domain.com, use the c (copy) flag:
:0 c * ^Subject:[IMPORTANT]!important@domain.com
If you receive all emails from an alias name, move emails to unused aliases to a file:
:0 h * !^TO_webmaster@domain.com * !^TO_user@domain.com * !^TO_postmaster@user.com Spam.mails