Implementing procmail on a sendmail 8.8.8 and later gateway: (Note: This is still undergoing testing and refinement) $Id: procmail-on-gateway.txt,v 1.11 2006-01-20 07:40:49-08 jhardin Exp jhardin $ With help from Joshua Marshall Master copy at http://www.impsec.org/email-tools/procmail-on-gateway.txt 1. Add the following delivery agent: Mprocmail, P=/usr/bin/procmail, F=DFMmShun, S=11/31, R=21/31, T=DNS/RFC822/X-Unix, A=procmail -m $h $g $u [TAB]---^ 2. Add "procmail" to class P with this somewhere near the top of your sendmail.cf (near where the other classes are being set up): CPprocmail 3. Add the following to ruleset 0, between the "handle virtual users" and "short-circuit local delivery" stanzas: # pipe through procmail for processing R$*<@example.com>$* $#procmail $@/etc/procmail/filter.rc $:$1<@example.com.procmail.>$2 R$*<@example.com.>$* $#procmail $@/etc/procmail/filter.rc $:$1<@example.com.procmail.>$2 R$*<@$*.procmail.>$* $1<@$2.>$3 [TAB]-------------^ Vary the domain name and script name (/etc/procmail/filter.rc) for your needs. If you are relaying mail for multiple domains, use the following instead: R$*<@$=w>$* $#procmail $@/etc/procmail/filter.rc $:$1<@$2.procmail.>$3 R$*<@$=w.>$* $#procmail $@/etc/procmail/filter.rc $:$1<@$2.procmail.>$3 R$*<@$*.procmail.>$* $1<@$2.>$3 [TAB]-------------^ If you prefer to use sendmail .mc files, add this to your config.mc file: LOCAL_CONFIG CPprocmail LOCAL_RULE_0 R$*<@$=w>$* $#procmail $@/etc/procmail/filter.rc $:$1<@$2.procmail.>$3 R$*<@$=w.>$* $#procmail $@/etc/procmail/filter.rc $:$1<@$2.procmail.>$3 R$*<@$*.procmail.>$* $1<@$2.>$3 MAILER_DEFINITIONS Mprocmail, P=/usr/bin/procmail, F=DFMmShun, S=11/31, R=21/31, T=DNS/RFC822/X-Unix, A=procmail -m $h $g $u 4. Here is a sample filter.rc file - add your local configuration settings before using it: ################################################################ # # procmail rules to filter mail on a gateway # LOGFILE=/var/log/procmail.log NL=" " LOGABSTRACT=no # Configuration settings go here... # See the discussion of what to put in /etc/procmailrc at # http://www.impsec.org/email-tools/sanitizer-configuration.html # /etc/procmailrc is the "master procmail script" for local # delivery, this file is the "master procmail script" for relay. # The settings in one DO NOT affect the other. POISONED_EXECUTABLES=/etc/procmail/poisoned # etc... - you NEED to put configuration settings here. # DO NOT enable RECIPIENT notification on a relay unless: # 1) your mail relay inserts "for " into # the Received: header it adds to the message, and # 2) you are using version 1.150 or later of the Sanitizer # otherwise the recipient email address cannot be determined. # run the sanitizer INCLUDERC=/etc/procmail/local-rules.procmail INCLUDERC=/etc/procmail/html-trap.procmail # send the mail on to the next relay :0 ! -oi -f "$@" # ################################################################ 5. If the next hop is a Microsoft Exchange Server, make sure that you configure it so that it will accept mail addressed to its fully-qualified domain name in addition to the simple domain name. For example, if your domain is "example.com" and your Exchange Server is running on the computer named "exchange", configure it to accept mail addressed to "@exchange.example.com" as well as just "@example.com"