procmail recipies

Posted on 2014-09-04
Last Modified: 2014-09-17
is it possible to detect a missing TO 'field' in an email header?
Question by:camstutz
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
LVL 62

Accepted Solution

gheist earned 500 total points
ID: 40305698
| sed '/^$/q' | grep ^To:\  
(there are two spaces at the end)

Cut headers and look for To:(space) header

btw RFC says From: and Date: are required, and between lines that relayed mail (like all from internet) should have Received: hheader inside

Author Comment

ID: 40307080
Hello gheist,

I appreciate your help. I am newer to procmail, so I am going to be testing this. My main goal is that we get a lot of blank emails that goes in waves. A quick Google search shows we are not a lone. These emails are literally missing the body, and have no from or to lines in the body It has a delivered-to and return-path field. They also have a non-standard header (in the since that it is missing a lot of the delivery path information and other normally seen fields.

I was hoping to catch something these with a procmail recipe that would look for the absence of these blank emails.

Author Comment

ID: 40307104
I re-read my initial post... I'm sorry, I wrote it inappropriately... I was meaning missing the to field completely.
Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

LVL 62

Expert Comment

ID: 40309333
You need to set up some greylisting. That forces spammer to use queueing mail server instead of blind script.
Hope this helps

Author Comment

ID: 40327683
Sorry for the Delay,

Unfortunately, Greylisting isn't an option for me. I was hoping it do it directly in procmail
LVL 62

Expert Comment

ID: 40327700
Well I have shown you filter for procmail to check for To: header in message body. That answers your question.
Greylisting keeps most of spam out of mailboxes without much load on mailserver (like 2 commands per message with my filter)

Author Comment

ID: 40328126
Thanks gheist... I do appreciate the greylisting info though, just my superiors do not like the option at this point.
My last question before I award points, is on that sed recipe, do I use the * to start the line?

 * | sed '/^$/q' | grep ^To:\  

If there is an article about this I would be willing to read it.

LVL 62

Expert Comment

ID: 40328190
LVL 62

Expert Comment

ID: 40328803
I just added some commands that reads to first blank line
then other that checks for to: header
some command tutorials on grep / sed /awk and regular expressions are easy to find on internet....

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Easy CSR creation in Exchange 2007,2010 and 2013
As tax season makes its return, so does the increase in cyber crime and tax refund phishing that comes with it
In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.
Suggested Courses

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question