Provided by: mailfilter_0.6.2-1build1_i386 bug


       mailfilterex - Mailfilter configuration file examples


       $HOME/.mailfilterrc examples


       For  a  description  of  the  rcfile  format  and  its keywords see the
       mailfilterrc(5) man page or get a basic set of options from either  the
       INSTALL file or the doc/ directory of the Mailfilter distribution.

       This man page contains several configuration examples and real-life use
       cases for the Mailfilter program.


       If not stated otherwise, the following examples assume  you  are  using
       basic   Regular   Expressions,   the  default  of  Mailfilter.  General
       information on Regular Expressions can be found  in  the  regex(7)  man
       page  or  in  any  good book on Unix/Posix. You could also use slightly
       modified examples from procmail(1) if it is available on your system.

   Filtering Domains
       To create a very restrictive set of filter rules at least two  keywords
       should  be  used:  ALLOW and DENY. DENY could match all messages coming
       from an annoying public mail service, while ALLOW matches messages from
       a good friend who also uses this annoying public mailer.

              DENY = ^From:.*
              ALLOW = ^From:.*

       These  two  lines are enough to block all but your friend’s e-mail from
       the domain.

   Case Sensivity
       In general case-sensivity is controlled by the REG_CASE keyword. Having
       Mailfilter  treat  expressions  case-insensitive  is almost always more

              REG_CASE = no
              DENY = ^Subject:.*win money

       In this example Mailfilter would delete all messages with subject lines
       like  ‘WIN  MONEY’,  ‘Win  Money’  or any other mix of capital and non-
       capital characters. REG_CASE makes filters ignore the case.

       A more complex set  up  can  be  achieved  by  additionally  using  the
       DENY_CASE keyword.

              DENY_CASE = ^Subject:.*BUSINESS

       In  this  example  only  e-mails  that have ‘BUSINESS’ in their subject
       match the filter, even though in general Mailfilter ignores  the  case.
       So  in this example all messages with ‘business’ or ‘Business’ in their
       subjects would not be affected by this filter.

       Such an option is very useful if you are not interested  in  commercial
       bulk  mail  that offers amazing business opportunities, but in all your
       business partners who contact you by e-mail.

   Defining Friends
       The keyword ALLOW can be used to override any spam filters. Similar  to
       the earlier example ALLOW defines a ‘friend’.

              ALLOW = ^Subject:.*mailfilter

       Adding  this  rule  to  the rcfile would mean all messages that contain
       anything about Mailfilter in their subject  lines  can  pass  the  spam
       filters. But even friends tend to send large e-mails sometimes to share
       their joy about the latest joke that  just  made  the  round  in  their
       office.  In such cases a limit can be defined that affects particularly

              MAXSIZE_ALLOW = 500000

       Setting MAXSIZE_ALLOW to 500000 means no message can be larger than 500
       kBytes. (Scanned ‘office-jokes’ are usually around that size.)

   Negative Message Filters
       In  order  to  create a very restrictive spam protection it can be more
       useful  sometimes  to  define  which  e-mails  should  not  be  deleted
       instantly  and consequently get rid of messages that can not be matched
       to this criterion - rather than vice versa. This  can  be  achieved  by
       using  negation.  The  typical  use case is looking at the message tags
       ‘To:’ or ‘Cc:’ of an e-mail.

              DENY <> ^(To|Cc):.*my-email@address\.com

       Having added such a filter to your personal rule set keeps away  a  lot
       of  spam  that  is not directly addressed to your e-mail account. Since
       this is a very aggressive way of filtering, you  are  well  advised  to
       keep  your  ‘friends list’ up to date. Also note that the above example
       works only with extended Regular Expressions.

       Instead of setting up spam filters,  it  is  also  possible  to  define
       scores  which  can be accumulated until a certain threshold is reached.
       This is very useful to delete  advertisements  on  mailing  lists,  for
       instance.  Highscore marks the threshold:

              HIGHSCORE = 100
              SCORE +100 = ^Subject:.*viagra
              SCORE +100 = ^Content-Type:.*html
              SCORE -100 = ^(To|From):.*my_mailing_list

       This  simple example is useful to delete mails with a score equal to or
       greater  than  100,  i.e.  if   someone   sends   an   HTML   mail   to
       my_mailing_list,  the  message  will reach score 0.  However, should an
       HTML mail regarding Viagra  reach  the  list,  then  the  message  will
       classify as spam, because it reached an overall score of 100.

       The  MAXSIZE_SCORE  keyword  can also be used to add to the accumulated
       score for an e-mail.  The following will cause all emails not  directly
       addressed  to  the recipient and greater than 60000 bytes in size to be
       deleted (a useful way of rejecting many common MS  targeted  worms  and
       trojans which can clog up your inbox).

              HIGHSCORE = 100
              MAXSIZE_SCORE +50 = 60000
              SCORE +50 <> ^(To|Cc):.*

       This  is  a  less  aggressive way of dealing with e-mail sizes than the
       using the MAXSIZE_DENY keyword.  Note that this example (by  using  the
       expression  (To|Cc):.*  works  only  with extended
       Regular Expressions.

   General Message Size Limits
       It is always a good idea to define a very general  size  limit  for  e-
       mails.  Mailfilter uses the keyword MAXSIZE_DENY for that purpose.

              MAXSIZE_DENY = 200000

       Setting  it  to 200 kBytes can save you a couple of hours, depending on
       how much mail you get everyday. Messages bigger than that  get  deleted
       on  the  server,  unless  they match any of the ALLOW rules. To achieve
       maximum  efficiency  it  makes  sense  to  use  both  MAXSIZE_DENY  and
       MAXSIZE_ALLOW.  No  one should block up your mail box, no ‘friends’, no

       A rule of thumb is to be twice as tolerant towards friends than you are
       towards anonymous people.

       Note  also  the  use of the MAXSIZE_SCORE keyword mentioned above, as a
       less aggressive way of dealing with message sizes.

   Dealing with Duplicates
       Most people want to download a message only once, even though it  might
       have  been sent to two or three of their accounts at the same time. The
       simple line

              DEL_DUPLICATES = yes

       will take care of duplicates and makes sure that only  one  copy  of  a
       message has to be delivered.

   Normalisation of Message Subjects
       Every now and then some clever sales person comes up with the brilliant
       idea to wrap spam in funny little characters. If you get a message with
       a  subject  line similar to this one ‘,L.E-G,A.L; ,C.A-B‘L‘E, .B-O‘X‘’,
       then ordinary filters would fail to detect the junk.

              NORMAL = yes

       Adding this directive to the rcfile  tells  Mailfilter  to  ‘normalise’
       subject  strings,  i.e.  leave in only the alpha-numeric characters and
       delete the rest.  ‘,L.E-G,A.L; ,C.A-B‘L‘E, .B-O‘X‘’ would  then  become
       ‘LEGAL CABLE BOX’ which can easily be matched to a spam filter.

       Note  that Mailfilter first tries to match the original subject string,
       before it checks on the normalised one.

   Control Mechanism
       Since Mailfilter deletes e-mails  remotely,  before  they  have  to  be
       downloaded into the local machine, it is also important to know what is
       going on while the program is being executed. The least you  should  do
       is define a proper level of verbosity and a log file.

              LOGFILE = /home/username/logs/mailfilter.log
              VERBOSE = 3

       Level three is the default verbosity level. Using it Mailfilter reports
       information on deleted messages,  run-time  errors  and  dates  to  the
       screen and the log file.

   Extended Regular Expressions
       For  some  applications  the  basic  Regular  Expressions  are not good
       enough. If you know the syntax and use of the extended  type,  use  the
       REG_TYPE keyword to switch modes in Mailfilter.

              REG_TYPE = extended

       Extended expressions are more flexible, but also more sensitive towards
       syntax errors and the like. Know what you are doing if  you  choose  to
       use them.


       If  you are new to Regular Expressions and new to Mailfilter, you might
       want to experiment a bit, before you  accidently  delete  messages  for
       real. For such cases Mailfilter provides two keywords. TEST can be used
       to only simulate the deletion of messages and SHOW_HEADERS displays all
       e-mail headers that get scanned by the program.

              TEST = yes
              SHOW_HEADERS = yes

       Use  this setup if you are not yet comfortable with the concept of spam
       filtering. It may help to understand Regular Expressions better and how
       to use them.


       mailfilter(1), mailfilterrc(5), procmailrc(5), procmailex(5), regex(7)


       Copyright © 2000-2004 Andreas Bauer <>

       This is free software; see the source for copying conditions.  There is
       NO warranty; not even for MERCHANTABILITY or FITNESS FOR  A  PARTICULAR