Search code examples
regexpostfix-mtaspamprocmail

How to trash twoo.com incoming mail from Postfix and Procmail

These f* people have subscribed myself in their f* service I don't want. I first tried to unsubscribed following the link in the email. To unsubscribe I have to login... Don't want to do that even I knew psw.

So I decided to block them in server

/etc/postfix/body_checks

/^(.*) twoo.com/ DISCARD
/^(.*) twoomail.com/ DISCARD

/etc/postfix/header_checks

/^(.*) twoo.com/ DISCARD
/^(.*) twoomail.com/ DISCARD

That didn't work so I created /home/me/.procmailrc with these directives

:0HB:
* ^twoo.com
/dev/null

:0HB:
* ^twoomail.com
/dev/null

/etc/procmailrc contains a directive to use filters from /home/user/.procmailrc (it works)

Cannot realize why I still receive mail from them in /home/me/Maildir/Inbox

Solution

  • As already indicated in the comments, you need to make sure your regular expression matches exactly the text you want it to match.

    Postfix (optionally) uses PCRE for regular expressions, so you should be able to test at one of the many on-line regex helper sites out there; http://regex101.com/ is a popular one, but there are many more. (Here is a demo: https://regex101.com/r/gU7gD7/1)

    Procmail's regex syntax is somewhat different; if you can find a tool which offers egrep (aka ERE) regex syntax, that will be fairly close to what you can use with Procmail.

    In particular, /(.*) twoo.com/ requires there to be a space before twoo.com. Also, the dot needs to be escaped, and once you remove the space, all of ^(.*) is unnecessary. And of course, when a substring is optional, that's easy to specify within a single regular expression.

    /twoo(mail)?\.com/ DISCARD

    Similarly, the ^ anchor to require a match at beginning of line in Procmail will prevent a match anywhere else in a line. Just remove it.

    :0HB
* twoo(mail)?\.com
/dev/null

    As always, you should not use locking when writing to /dev/null -- why would you want to prevent two processes from discarding their data at the same time? See also http://www.iki.fi/era/procmail/mini-faq.html#locking

    However, this should be unnecessary if you can get the Postfix rules to work. Blocking at the MTA level is much superior to accepting a message and then deleting it.