How does the procmail setup in the CS department work? Why can I not forward email or execute programs during delivery via my .procmailrc?

The CS department install of procmail which filters your mail upon delivery is specially configured for our environment. It is set up as usual via your ~/.procmailrc file, but with two caveats:

  1. You may not run a program from your .procmailrc. This is to protect our mailserver (and thus your mailbox), not only from deliberately malicious actions but also from accidental misconfigurations which would swamp the server. Since our mail server does not allow user logins for the same reasons, this is an extension of existing policy.
  2. You may not forward mail to another user via the '!' mechanism in a procmail recipe. This is to protect the mail server from the high load and eventual meltdown that can be caused by a mail loop.

With these restrictions in mind, the main use of procmail during message delivery at CS is to filter your mail in real-time into different folders based on headers (such as the score it received from our spam-analysis system, the sender, a mailing-list-specific header, or the subject).

Since we have disabled execute and forward functionality in procmail during delivery, we suggest using the example in the procmail(1) man page for a template in creating your own post-processing scripts. The version of procmail in /lusr/bin which you can run manually does not suffer these limitations.

(Search for the third occurrence of the string 'cron' in this man page to find the example script.)

Two changes you will need to make to that script are to change the $ORGMAIL variable to point to the actual location of the folder, and to provide a separate procmail recipe file to the executed version of procmail in the script (the line formail -s procmail < .newmail && will need to be changed to formail -s procmail /path/to/your/recipefile < .newmail && ).

These scripts can be run periodically via the cron(1) command to do the actions automatically, or you can run them before you read mail to do something like filter out the messages or text you don't like.

PLEASE NOTE: To avoid clobbering mail folders make sure all recipes start with :0:, not just :0. The procmailrc(1) and procmail(1) manpages have more details."