Installing & Using Mailfilter
by YouCanToo (David Moore)
What is Mailfilter?
Mailfilter is a program that filters your incoming e-mail to help remove spam. Mailfilter is a very flexible utility for UNIX (-like) operating systems to get rid of unwanted email messages, before having to go through the trouble of downloading them to the local computer. It offers support for one or many POP3 accounts, and is especially useful for dialup connections via modem, ISDN, etc.
Who needs Mailfilter?
You do. With Mailfilter you can define your own filters (rules) to determine which emails should be delivered and which are considered waste. Rules are regular expressions, so you can make use of familiar options from other mail delivery programs, such as e.g. procmail. If you do not get your mail from a POP3-Server, you don't need Mailfilter.
How do I install Mailfilter?
Open the Synaptic package manager, do a search for mailfilter, mark it for installation, and click apply to install it.
How do I configure Mailfilter?
There are a couple of files that will need to be created in your home directory.
1. The first file is the mailfilter log file. To create the mailfilter log file open a console window and type in the following command:
[dwmoar@laptop
~]$ touch mailfilterlog <press return/enter>
An alternative to using the command line is to use your favorite text editor and create a blank file. Save the file to your home directory.
Now we need to change permission of the newly created file. Type in:
[dwmoar@laptop
~]$ chmod 744 mailfilterlog <press return/enter>
An alternative to using the command line is to open Dolphin and locate your newly made file. Right click on the mailfilterlog file and choose properties --> Permissions --> Advanced Permissions. Make sure the following are marked.
Read Write Execute
User X X X
Group X X
Others X X
2. Now we need the .mailfilterrc file. Here is a basic copy of the .mailfilterrc file to use. NOTE: This file has the "TEST" flag set to true (on). The "TEST" allows you to test your filters without deleting your email should a filter be misbehaving. Think of it as a safety net while trying out your filters.
This file needs to be placed in your home directory. Save this file as ".mailfilterrc." NOTE the dot before mailfilterrc. This is a hidden file and is required for mailfilter to operate. Once you have saved this file, you will need to edit it.
In your favorite text editor, open the .mailfilterrc file.
For our example, We are using nano in a console window.
[dwmoar@laptop ~]$ nano .mailfilterrc
The minimum editing needed to get Mailfilter to operate is the information for the email server, username and password. Find the following lines in your .mailfilterrc file
SERVER
= "Your email server" <-- usually starts with
pop.domainname or mail.domainname
USER = "Your email username"
PASS = "Your email password"
PROTOCOL = "pop3"
PORT = 110
Warning! DO NOT change the order of the entries. If you do, Mailfilter will not run.
Once you have changed the above to reflect your information, save the .mailfilterrc file. At this point, Mailfilter has enough information to run. Let’s give it a spin. Open a console window and type in the following. Don't worry … we are in a testing mode and this WILL NOT change or remove any of your emails.
[youcantoo@laptop
~]$ mailfilter <press return/enter>
You should see something like this:
[youcantoo@laptop
~]$ mailfilter
mailfilter: 0.8.2 querying <my email address> on Sun May
29 23:29:50 2011.
mailfilter: Examining 7 message(s).
mailfilter: Pass: Dianne <forgivn@xxxnet.net>: Re: changed
to motorcycle fixed yet, Sun, 29 May 2011 22:47:23 -0500 [Score:
0].
mailfilter: Pass: Dianne <forgivn@xxxnet.net>: Re: a cute
little game to play, Sun, 29 May 2011 22:53:32 -0500 [Score: 0].
mailfilter: Pass: diannek <forgivn@xxxnet.net>: [Recipies
~VIA~ the Web!] New Recipe Submitted!, Sun, 29 May 2011 21:37:48
-0700 [Score: 0].
mailfilter: Pass: "Kitchen Krafts"
<newsletter@kitxxxkrafts.com>: Savings celebration for
Memorial Day!, Mon, 30 May 2011 00:10:00 -0400 [Score: 0].
mailfilter: Pass: diannek <forgivn@fxxxnet.net>: [Recipies
~VIA~ the Web!] New Recipe Submitted!, Sun, 29 May 2011 21:49:02
-0700 [Score: 0].
mailfilter: Pass: Dianne <forgivn@xxxnet.net>: Hotmail
thinks you are suspicious :), Sun, 29 May 2011 23:55:08 -0500
[Score: 0].
mailfilter: Deny: Conley Erin <erconleyin@gmail.com>:
=?GB2312?B?uaTStbrN0MXPoruvsr+52NPavtmw7KGwxNq12NbQ0KHG8w==?=
=?GB2312?B?0rXJz8rQyNrXytPr0MLI/bDludLFxrGovNvKtc7xstnX97jfvLbR0A==?=
=?GB2312?B?zNaw4KGwtcTNqNaqIDYuMjSjqMTPvqmjqSA3LjExo6ixsb6po6nVxcu8?=
=?GB2312?B?1LQ=?= , Mon, 30 May 2011 14:30:29 +0800
[Maxsize_Deny exceeded].
[youcantoo@laptop ~]$
If you see something like this, congratulations, mailfilter is working properly.
If you see any errors, then you have made a mistake, so go back and recheck your work. The above information should have been recorded also in your mailfilterlog file in your home directory. As you can see in the example above, all the emails I received were approved and passed with the exception of the last one. The reason is that it exceeded the maximum message size as specified in the .mailfilterrc file. By default that size is set at MAXSIZE_DENY = 1000000. That includes attached files to the email also!
For more details of the TAGS used by default in Mailfilter open a console window and type in "man mailfilterex"
Adding filters
Adding a spam filter to Mailfilter is actually very easy. Basically, there are two actions that can be taken: ALLOW or DENY.
A word of caution!
When you match any filter using DENY that email will
be deleted from
the server.
There is NO way to
recover these deleted emails. It is important to always use the
TEST flag when trying out new filters. All ALLOW/DENY entries
are logged, but it only logs a minimum amount of information.
The format is simple.
Example:
Keyword = "expression" The expression could include any of the following, or combination of them.
- Content-Type:
- Subject
- Body
- From
- To
- Cc
ALLOW = ^From:.@pclinuxos.com
The above filter would allow any email coming from pclinuxos.com
DENY=^Subject:.*(Monthly|Unlimited|Increase).*Income
This filter will DENY all email(s) that contains the words Monthly, Unlimited, Increase or combination of those words that also has Income in the phrase.
You can combine the "expressions" to create more complex filters such as
DENY=^(From|Cc|To):.*(Market(ing)*|Income).*@(yahoo|hotmail|juno|excite|aol)
This filter will DENY all email(s) with the words Market, Marketing, and Income or combination of them from the domains of yahoo, hotmail, juno, excite and aol. You can find a list of working third party filters here.
Run Mailfilter using cron
Cron. It's the way to run tasks on a schedule in Unix-like systems. Say, for example, I wanted to run mailfilter once every minute of every day. Well, we think of it this way:
Syntax:
minute
hour day month day_of_week command_here
A quick explanation what it all means:
The
first field specifies the minute (0 to 59).
The
second field specifies the hour (0 to 23).
The
third field specifies the day of the month (1 to 31).
The
fourth field specifies the month of the year (1 to 12).
The
fifth field specifies the day of the week (0 to 6 for Sunday to
Saturday).
The
sixth field specifies the command to be executed.
So, for a quick example, if I wanted something to run every night at 3 AM, I would use the following (an asterisk is the same as saying "anything").
0
3 * * * mailfilter
Or, lets say I wanted every weekday (days 1-5) every hour at half past the hour:
30
* * * 1-5 mailfilter
Or, every 10 minutes (which is what I use):
10,20,30,40,50
* * * * mailfilter
How do I set it up a cron job on my system?
For those that are console window impaired, there is a GUI program in the package manager to handle cron. It is a GUI program, called VCRON. It is in the PCLinuxOS repository, so you can install it via Synaptic. You can also use Gnome Schedule, which is also very good at setting up cron jobs.[a]
1. Open a console window.
2. As the root user, change directories to "/var/lib/spool/cron."
[root@workbox
dwmoar]# cd /var/lib/spool/cron <press return/enter>
[root@workbox cron]#
3. Now enter the command "touch yourusername."
[root@workbox
cron]# touch <yourusername> <press return/enter>
[root@workbox cron]#
This will create a file called yourusername.
4. Now we want to add our information to this newly created file. For this, were are going to use the text editor called nano. Still being the root user enter the command "nano yourusername." This will open the file, and you should be greeted with a blank screen. Assuming that we are going to run mailfilter every 10 minutes, we would enter the following line:
10,20,30,40,50
* * * * mailfilter
5. Now, we want to save our file and close nano. Press the "CTRL + X. you should see the following at the bottom of the screen:
Save
modified buffer (ANSWERING "No" WILL DESTROY CHANGES) ?
6. You have 3 choices "Y" "N" or "C". Press "y." It does not matter if it is upper or lower case.
7. You will now see something like this.
File
Name to Write: dwmoar
<----this
should be your username
8. At this point, press return. The nano window will close and you will be returned to the command prompt. Now mailfilter will run automatically every 10 minutes.
Be sure that you check the "TEST" flag in your .mailfilterrc file. If it is set to "yes," the Mailfilter program will only simulate filtering of your email. If you are sure that your filters are working properly, then change this flag to read "Test = off"
FAQ's
I think I accidentally deleted an important email with Mailfilter. Can I get it back somehow?
Once Mailfilter has deleted an email, all you get to see of it is where it came from, what it was about and when it was sent. Have a look in your logfile (mailfilterlog) and ask the author to send it again. If that's not an option for you, you may want to ask your ISP to recover this message for you, though I doubt this would be a very successful undertaking.
If I make changes to the Mailfilter rcfile, does it affect immediately?
If you are changing Mailfilter's settings while it's active, nothing special will happen. All changes you make in the rcfile will be considered next time you run Mailfilter.
Sometimes a few (spam-) messages slip through. How come?
This is not a bug in Mailfilter. Consider this a feature of every POP email server. Once you start checking for spam or downloading messages, the server locks your mailbox. If new messages arrive during the locked state, they will be queued and provided for further processing after the lock has been removed. So Mailfilter does not see incoming messages while it checks for spam and sometimes it happens that a message or two arrive just in time to be too late for filtering, but in time for download. That's life.