Here at JoeDog Industries we forward our mail to Gmail. Google de-spams them and places them snuggly into our mailboxes. When we send mail, Google masquerades as us, Your JoeDog. To play this game, they want secure authentication. It logs into our sendmail server which relays our precious messages.
Since our server was configured so that only authenticated users could relay and since Google was de-spamming our messages, Your JoeDog was all, “Why should we even bother with the bloated pig known as spam assassin?” So we shut it down and removed it from the system. Done and done, amirite?
Life was good! We were running a mail server on the public internets without paying a heavy price in terms of administration or computing costs.
Now Your JoeDog studied economics and one thing he learned was this: There’s so such thing as a free lunch. Well sum bitch if that ain’t true. A couple weeks ago, Gmail decided it would start bouncing obvious spam. Guess what happened?
They bounced the message and our mailer sent it back. So they bounced it again and we promptly sent it back. While this was going on, Amazon was all “Why are these fsckers crushing our infrastructure?” So they throttled our asses at the firewall. So then the mail queue started backing up.
At that point Your JoeDog was all, “UGH! We have to run spam assassin again.” The idea was this: We’ll catch spam before it gets to Google then they won’t bounce it back.”
Seems like a good idea, right? WRONG!
Google is better at this shit than Your Spam Assassin. Even though we caught a bunch of stuff, they found plenty more to bounce at us. With Amazon throttling us and Google bouncing us, JoeDog Industries became The United States of Suck.
The solution to this cluster bump turned out to be pretty simple. We’ll learn about that after the jump!
Hi there! Still with us? Good.
The easiest way to forward mail using sendmail is to place a .forward file in your home directory. In my case, /home/jeff/.forward contains one line: my gmail address.
The problem with that is this: the message is never scrutinized by spam assassin. In order to filter spam before forwarding the message, you need to do one of two things: use global spam filtering with something like spamass-milter or forward your messages with procmail instead of .forward.
That second option seems easier, how do you do that? Remove .forward and place a .procmailrc file in your home directory. The contents of your .procmailrc should look something like this:
:0fw: spamassassin.lock * < 256000 | spamassassin
:0: spamassassin.filelock2 * ^X-Spam-Level: ************ /dev/null
# Forward mail with a score less than 12 to my gmail address :0 ! [email protected] # NOTE: Not my actual address.
But as noted above, Gmail was still bouncing things back. They use a more refined spam detection which flags more things as spam. They bounce messages back to us and we forward them back to them. Your JoeDog was DOS’ing himself.
Stop hitting yourself! Stop hitting yourself.
You’ll know you’re in that recursion loop when you see something like this in your messages:
mime8to7: recursion level 21 exceeded
To fix that, we needed to eat bounced messages. You can do that by adding this to your .procmailrc file:
:0 * ^FROM_MAILER /dev/null
FROM_MAILER is a procmail macro that detects bounced messages. If it’s bounced, then we just send it to /dev/null. Yeah, sure, we could send it to a mbox file but these messages are more than 99% spam and that file would quickly become too large to manage. Place these three lines BEFORE the forward directive at the bottom of the file.