Email Filtering

CSE Home

About Us

Search

Contact Info

SpamBuster:   Lab-supported spam   filter & quarantine

Mail filtering can be useful for screening out (junk) mail you don't want to ever see, or for pre-sorting mail into folders before you read it. It can also be used to return a message to senders under certain circumstances; for instance, a message can be automatically returned to senders if you will not be reading your mail for an extended period of time.

If you want to filter your incoming mail, the method you use depends to some degree on how you read your mail. Certain mail programs have some built-in provisions for filtering (e.g., Outlook/Exchange, exmh, thunderbird). You should consult the manual or help facilities for your mail program for further information.

A method that works for any mail interface is to create a filtering program that the mail system will execute before delivering mail to your maildrop. This page primarily addresses this method.

For Exchange Users

For exmh Users

For Everybody Else

At the present time, two mail filtering programs -- procmail and slocal -- can be used to filter your incoming mail. In addition, a specialized filter program -- vacation -- can be used to notify senders of an extended absense from email contact. Read the man pages for these three programs to understand how to use them. Typically, you do not run these commands directly. Rather, you direct your mail server to run them on your behalf by putting a command in the .forward file in your home directory.

A command in .forward must start with a vertical bar ('|') character to distinguish itself from an address. When the command contains space characters, it, along with the vertical bar, must be enclosed in double-quote characters. Multiple addresses or commands are delimited by a comma or newline character.

Great care must be taken when you set up mail filtering in your .forward file. If it is not set up properly, you could lose your incoming mail or open security holes that would allow an intruder to use your account. In CSE, the mail system is configured to queue your mail rather than returning mail to its sender in the event of some local error, such as a full disk drive, or command syntax error in your .forward file. The mail will continue to accumulate in the queue until you or the system administrator corrects the problem. Mail sitting in the queue may have cached (bad) command from .forward. Only the system administrator can correct the cached command and release the mail; otherwise, they would be returned after 3 days. To prevent intrusions, some restrictions have been imposed on the use of commands that can be run from your .forward file.

The mail system, after stripping of the first vertical bar character of your filtering command, executes the remaining command string by passing it to a shell called smrsh. For security reasons, smrsh executes only a command from /etc/smrsh directory (no matter what executable path of your command is) and rejects commands containing any of the following characters:

` (single quote)   <   >   |   ;   &   $   (   )   \r   \n

For example, the following lines will fail:

"| exec slocal -user acctname"
"|IFS=' ' && exec /uns/bin/procmail #acctname"

"| slocal -user acctname"
"| procmail #acctname"
"| /uns/bin/procmail #acctname"
\acctname, "|usr/bsd/vacation acctname"

[Note: acctname represents your user name. The double quotes are required when placing these commands in your .forward file.]

Putting mail into your mailbox or folder

When using a mail filtering program either procmail or slocal to pre-sort mail into folders, the program must deposit mail into a folder for your access. When you access your mail remotely (most people do), it is recommended to have the mail filtering program run command /usr/bin/dmail to add mail into a folder rather than have it add the mail by itself.

For example, with procmail, you would use

* - | R "/usr/bin/dmail +MyArchive"

* - > R /homes/gws/janes/MyArchive

The dmail program automatically detects format of mail folder and would use the right format to add the mail. In addition, the program knows where the default collection of your folders are.

Two mail folder formats, MBOX and MBX, are primarily used in the department. The MBOX format or Berkeley mailbox format, is widely used and it is the default format of maildrop when no mail filtering program is used. The MBX format is improved over MBOX format. It is more efficient and is the recommended format for IMAP mail accesses especially for simultaneous access from multiple locations. The MBX format is not recognized by either procmail or slocal, and the format cannot be used reliably for mail folder to be accessed across NFS (most people do not have IMAP server accessing their mail folders across NFS.)

When your mail client does not have an IMAP path set or it is empty, your home directory is the location of your IMAP mail folders. This is often undesirable as the entire director would be scanned for all mail folders, and the mail client need to have an IMAP path set. When the IMAP path is set, it is not known by dmail, and the path need to be added into the folder name. For example, from the example above if your IMAP path is 'mail', your folder name would be '+mail/MyArchive'.

Testing!

We recommend that you first test your filtering commands before adding anything to your .forward file. You will need to do this testing on a Unix host that runs an environment similar to your mail server, but you may not have login access to your mail server. So please contact postmaster@cs, who will work with you to establish access to such a host, and help with the testing. Again, we highly recommend that you test your filtering commands in this fashion, because of the risk of disruption to your email flow by an errant filtering command. For example, you would run one of the following commands from the Unix shell:

/usr/libexec/smrsh -c 'slocal -user acctname'
/usr/libexec/smrsh -c "procmail #acctname"
/usr/bin/dmail +MyArchive

Important Notes

1. Your .forward file lives in your normal home directory. Your mail server will read it via NFS, if necessary. (If your home directory server happens to be down, your mail will be queued in the system area until your .forward file is available; filtering will then occur prior to final delivery. This is true even if you do not use mail filtering -- if your home directory server is down, your mail will be held for delivery until your home server is back up. Another reason for this is that your centrally-stored mail is also kept on your home server.)
2. The character `|' must appear at the beginning of the line in your .forward file, but it is stripped off before the rest of the line is passed to smrsh. Furthermore, the command string must be enclosed in double quote marks, which are also stripped off before passing the command to smrsh.
3. When running these programs from your .forward file, there is no need to explicitly specify the path. Either "|/uns/bin/procmail" or "|procmail" will run the same program.
4. For security reasons, only three commands -- procmail, slocal, and vacation -- can be run via your .forward file. Any others will fail to run.
5. The vacation program requires its database to be initialized. Run the command: vacation -i to initialize. This command should be used before you modify your .forward file. This initialization must be run on a Unix host that runs an environment similar to your mail server. Because you may not have login access to your host, please contact postmaster@cs, who will help you determine such a host.
6. In your mail filtering program setup, the dmail program should be used to add mail to your folder so that your mail folder would be maintained in a proper format.

Last updated: 3 November 2006

	Department of Computer Science & Engineering University of Washington Box 352350 Seattle, WA  98195-2350 (206) 543-1695 voice, (206) 543-2969 FAX [comments to postmaster@cs.washington.edu]