mailfilterex - Mailfilter configuration file examples
For a description of the rcfile format and its keywords see the
mailfilterrc(5) man page or get a basic set of options from either the
INSTALL file or the doc/ directory of the Mailfilter distribution.
This man page contains several configuration examples and real-life use
cases for the Mailfilter program.
If not stated otherwise, the following examples assume you are using
extended Regular Expressions, compared to Mailfilter’s default, basic
type. General information on Regular Expressions can be found in the
regex(7) man page or in any good book on UNIX/POSIX. You could also use
slightly modified examples from procmail(1) if it is available on your
To create a very restrictive set of filter rules at least two keywords
should be used: ALLOW and DENY. DENY could match all messages coming
from an annoying public mail service, while ALLOW matches messages from
a good friend who also uses this annoying public mailer.
DENY = "^From:.*public-mail\.com"
ALLOW = "^From:.*friend@public-mail\.com"
These two lines are enough to block all but your friend’s e-mail from
the public-mail.com domain.
In general case-sensivity is controlled by the REG_CASE keyword. Having
Mailfilter treat expressions case-insensitive is almost always more
REG_CASE = "no"
DENY = "^Subject:.*win money"
In this example Mailfilter would delete all messages with subject lines
like ‘WIN MONEY’, ‘Win Money’ or any other mix of capital and non-
capital characters. REG_CASE makes filters ignore the case.
A more complex set up can be achieved by additionally using the
DENY_CASE = "^Subject:.*BUSINESS"
In this example only e-mails that have ‘BUSINESS’ in their subject
match the filter, even though in general Mailfilter ignores the case.
So in this example all messages with ‘business’ or ‘Business’ in their
subjects would not be affected by this filter.
Such an option is very useful if you are not interested in commercial
bulk mail that offers amazing business opportunities, but in all your
business partners who contact you by e-mail.
The keyword ALLOW can be used to override any spam filters. Similar to
the earlier example ALLOW defines a ‘friend’.
ALLOW = "^Subject:.*mailfilter"
Adding this rule to the rcfile would mean all messages that contain
anything about Mailfilter in their subject lines can pass the spam
filters. But even friends tend to send large e-mails sometimes to share
their joy about the latest joke that just made the round in their
office. In such cases a limit can be defined that affects particularly
MAXSIZE_ALLOW = 500000
Setting MAXSIZE_ALLOW to 500000 means no message can be larger than 500
kBytes. (Scanned ‘office-jokes’ are usually around that size.)
Negative Message Filters
In order to create a very restrictive spam protection it can be more
useful sometimes to define which e-mails should not be deleted
instantly and consequently get rid of messages that can not be matched
to this criterion - rather than vice versa. This can be achieved by
using negation. The typical use case is looking at the message tags
‘To:’ or ‘Cc:’ of an e-mail.
DENY <> "^(To|Cc):.*my-email@address\.com"
Having added such a filter to your personal rule set keeps away a lot
of spam that is not directly addressed to your e-mail account. Since
this is a very aggressive way of filtering, you are well advised to
keep your ‘friends list’ up to date. Also note that the above example,
using the logical OR operator, works only with extended Regular
Instead of setting up spam filters, it is also possible to define
scores which can be accumulated until a certain threshold is reached.
This is very useful to delete advertisements on mailing lists, for
instance. Highscore marks the threshold:
HIGHSCORE = 100
SCORE +100 = "^Subject:.*viagra"
SCORE +100 = "^Content-Type:.*html"
SCORE -100 = "^(To|From):.*my_mailing_list"
This simple example is useful to delete mails with a score greater than
100, i.e. if someone sends an HTML mail to my_mailing_list, the message
will reach score 0. However, should an HTML mail regarding Viagra
reach the list, then the message will classify as spam, because it
reached an overall score of 100.
The MAXSIZE_SCORE keyword can be used to add to the accumulated score
for an e-mail. The following will cause all emails not directly
addressed to the recipient and greater than 60000 bytes in size to be
deleted (a useful way of rejecting many common MS targeted worms and
trojans which can clog up your inbox).
HIGHSCORE = 100
MAXSIZE_SCORE +50 = 60000
SCORE +50 <> "^(To|Cc):.*my-email@address\.com"
This is a less aggressive way of dealing with e-mail sizes than the
using the MAXSIZE_DENY keyword. Note that this example (by using the
expression (To|Cc):.*my-email@address\.com) works only with extended
General Message Size Limits
It is always a good idea to define a very general size limit for e-
mails. Mailfilter uses the keyword MAXSIZE_DENY for that purpose.
MAXSIZE_DENY = 200000
Setting it to 200 kBytes can save you a couple of hours, depending on
how much mail you get everyday. Messages bigger than that get deleted
on the server, unless they match any of the ALLOW rules. To achieve
maximum efficiency it makes sense to use both MAXSIZE_DENY and
MAXSIZE_ALLOW. No one should block up your mail box, no ‘friends’, no
A rule of thumb is to be twice as tolerant towards friends than you are
towards anonymous people.
Dealing with Duplicates
Most people want to download a message only once, even though it might
have been sent to two or three of their accounts at the same time. The
DEL_DUPLICATES = "yes"
will take care of duplicates and makes sure that only one copy of a
message has to be delivered.
Normalisation of Message Subjects
Every now and then some clever sales person comes up with the brilliant
idea to wrap spam in funny little characters. If you get a message with
a subject line similar to this one ‘,L.E-G,A.L; ,C.A-B‘L‘E, .B-O‘X‘’,
then ordinary filters would fail to detect the junk.
NORMAL = "yes"
Adding this directive to the rcfile tells Mailfilter to ‘normalise’
subject strings, i.e. leave in only the alpha-numeric characters and
delete the rest. ‘,L.E-G,A.L; ,C.A-B‘L‘E, .B-O‘X‘’ would then become
‘LEGAL CABLE BOX’ which can easily be matched to a spam filter.
Note that Mailfilter first tries to match the original subject string,
before it checks on the normalised one.
Since Mailfilter deletes e-mails remotely, before they have to be
downloaded into the local machine, it is also important to know what is
going on while the program is being executed. The least you should do
is define a proper level of verbosity and a log file.
LOGFILE = "$HOME/logs/mailfilter-‘date +"%h%y"’"
VERBOSE = 3
Level three is the default verbosity level. Using it, Mailfilter
reports information on deleted messages, run-time errors and dates to
the screen and the log file.
You can use ‘command’ to embedd shell skripts into your path names. In
the above example it is used to store log files separately for each
month and year.
Extended Regular Expressions
For advanced applications, the basic Regular Expressions are typically
not sufficient. If you know the syntax and usage of the extended
expressions, it is almost always a good idea to set REG_TYPE
REG_TYPE = "extended"
Extended expressions are more flexible, but also more sensitive towards
syntax errors and the like. Examples in this man page all use extended
If you are new to Regular Expressions and new to Mailfilter, you might
want to experiment a bit, before you accidently delete messages for
real. For such cases Mailfilter provides two keywords. TEST can be used
to only simulate the deletion of messages and SHOW_HEADERS stores all
the e-mail headers that get examined by the program.
TEST = "yes"
SHOW_HEADERS = "$HOME/logs/mailfilter-headers.txt"
Use this setup if you are not yet comfortable with the concept of spam
filtering. It may help to understand Regular Expressions better and how
to use them.
mailfilter(1), mailfilterrc(5), procmailrc(5), procmailex(5), regex(7)
Copyright © 2000-2009 Andreas Bauer <email@example.com>
This is free software; see the source for copying conditions. There is
NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR