193
■ ■ ■
CHAPTER 30
Automating E-mail with
procmail
A
n autonomous mail processor, procmail allows you to process your e-mail based on
rules. This is much like setting up rules in your e-mail client for the handling of messages
based on, for example, the sender’s e-mail address or on specified strings in the subject
line. One of procmail’s advantages, compared to traditional e-mail clients, is that the rules
can be defined in such a way that when specific criteria are met, a script is called to per-
form a task.
Whatever you can do in a shell script, you can do with procmail. Once you have mas-
tered the art of writing procmail scripts, it is a very powerful skill to have in your arsenal.
I have used procmail for quite a few tasks. One processed customer feedback surveys and
generated reports for use in managing a technical support group. Another received e-mail
messages that contained system-setup parameters for numerous remote systems, such as
the patch level or the names of installed applications. Procmail would process these mes-
sages based on their subject lines and categorize the received information for later review.
It was a very convenient way of tracking system-configuration information.
The example I will demonstrate here is a simplified version of a procmail script I set up
to deal with the lack of direct access to my home system from work, and the lack of conve-
nient access to my work system from home. My home system periodically dialed my ISP
to gather e-mail. From time to time I would want to get a file from my home system or find
out a system setting on my work system while I was at home. I set up procmail to receive
specially formatted mail messages specifying files to retrieve or commands to be run on
the remote machine, and to have the results returned to me through e-mail.
To make this work I sent all my e-mail to procmail. The method depends on your
e-mail system. My systems used sendmail and my explanations in this chapter assume
this, but the concepts should apply to other mail systems as well.
I first created a .forward file in my home directory that would pipe all my mail to

procmail. This is the content of that file:
| /usr/bin/procmail
Not much to it, except that the path may vary on your machine. Sendmail has to be con-
figured to recognize and use the $HOME/.forward files, but that is a common configuration.
194
CHAPTER 30
■
AUTOMATING E-MAIL WITH PROCMAIL
On some systems, sendmail is configured to recognize the use of procmail by looking for
the existence of a .procmailrc file; this is the file that contains all of your procmail rules. In
this case sendmail then sends the mail to procmail automatically, without the need for a
.forward file.
The .procmailrc File
Now that we have arranged for mail to be sent to procmail, the mail-handling rules need
to be configured. The .procmailrc file lives in the user’s home directory and contains their
mail rules. The rules are applied in the order they appear in the file; if none of the rules
apply to a mail message or if the .procmailrc file is empty, the message will drop out of
procmail processing and end up in your inbox as usual.
This is the .procmailrc I used:
PATH=/bin:/usr/bin:/usr/local/bin
MAILDIR=$HOME/Mail
LOGFILE=$MAILDIR/procmail.log
VERBOSE=yes
LOGABSTRACT=yes
SUBJECT=`formail -xSubject:`
FROM=`formail -rt -xTo:`
#
# Grab mail messages and feed the body of the message to the pipe
#
:0 getthisfile.lock

* ^Subject:.*getthisfile
{
:0 b
| /usr/local/bin/getthisfile
}
Here is a more detailed explanation of the elements that make up this file. The first few
lines set up some path and mail-logging variables.
PATH=/bin:/usr/bin:/usr/local/bin
MAILDIR=$HOME/Mail
LOGFILE=$MAILDIR/procmail.log
The next two lines configure the amount of logging information that your log files will
receive:
VERBOSE=yes
LOGABSTRACT=yes
These values are useful to get logging set up and to ensure that the script is working, but
normally you’ll want to set these to no so that the log file doesn’t grow to take over your
hard disk.
CHAPTER 30
■
AUTOMATING E-MAIL WITH PROCMAIL
195
The last two lines in the first section are crucial, as they extract the subject and sender
lines from the incoming message and save them in environment variables:
SUBJECT=`formail -xSubject:`
FROM=`formail -xFrom:`
The variables can then be accessed from within the script. The values are pulled
out of the message headers using the formail utility, which is a filter designed especially
for e-mail.
Now we finally come to the body of the rules file.
:0 getthisfile.lock

This is the main rule for processing special-purpose mail messages. It is the beginning of
the rule, and it creates a lock file that exists while the message is being processed. The lock
file prevents the next applicable message in the mail queue from being processed until the
processing of the current message is complete. If our system receives lots of mail and the
script to process mail messages takes a while to finish, there could arise several instances
running simultaneously on different messages, all trying to access the same temporary
files at once. The presence of the lock file indicates that an instance of the script is already
running and another should not start.
The next line of the rule checks the Subject: header line for an occurrence of the string
getthisfile.
* ^Subject:.*getthisfile
If the string is matched, then the body of the rule will be applied. The body of the rule
follows the condition, in this case the subject matching getthisfile, and is enclosed in
braces. I’m not going to talk in detail about the syntax of the procmail rules, because the
procmail man page is very good; there is also a man page for procmailex that is dedicated
to examples of rules for the .procmailrc file.
Assuming that the subject line of the message contains getthisfile, the message itself
is sent to the script.
{
:0 b
| /usr/local/bin/getthisfile
}
The single b character in this expression stands for the body of the message. The mes-
sage body is piped to the getthisfile script, which does the actual mail processing. This
is the way you would generally send to the script the information contained in the mail
message. In our case, most of the header and the body of the mail don’t contain anything
of value, so the subject line is really all the information we need. If the body of the message
were required, the script would need to be ready to receive standard input from the pipe.
This would probably be done through a read loop. An example of this type of processing
can be found in Chapter 27.

196
CHAPTER 30
■
AUTOMATING E-MAIL WITH PROCMAIL
The e-mail account is now set up to receive and process the special messages. Any
mail sent to this account with a subject line of the following form will be processed by
the getthisfile script:
Subject: getthisfile {binary|command|help} {path/file|command}
Now let’s look at what the script really does. The following section shows the
script’s usage.
Usage Examples
Here are a few examples of subject lines and the actions they would cause to be
performed:
Subject: getthisfile help: Sends getthisfile usage information back to the sender.
Subject: getthisfile /etc/resolv.conf: Mails the /etc/resolv.conf file back to the
sender.
Subject: getthisfile command ls -l /tmp: Sends the output of ls -l /tmp back to the
sender.
Subject: getthisfile binary /usr/bin/diff: uuencodes the binary file /usr/bin/diff and
mails the text back to the sender for later decoding. uuencode is a utility that encodes a
binary file (executable, data, etc.) into simple ASCII. This way the file can be easily sent
through e-mail and decoded on the receiving side.
The Code
The gettthisfile script first sets up some variables containing information such as the
system name, the log file to write to, and the e-mail address where warnings should be
sent if somebody tries to use this tool without authorization. It then adds a couple of
entries to the log, such as the date and the mail subject.
#!/bin/sh
warn_mail=
me=`uname -n`

LOG=/home/username/scripts/filetoget.log
echo `date` >> $LOG
echo Subject: $SUBJECT >> $LOG
CHAPTER 30
■
AUTOMATING E-MAIL WITH PROCMAIL
197
Next it starts parsing the subject line to find out what is being requested.
filetoget=`echo $SUBJECT | awk '{print $3}'`
echo filetoget: $filetoget >> $LOG
whattodo=`echo $SUBJECT | awk '{print $2}'`
echo whattodo: $whattodo >> $LOG
command=`echo $SUBJECT | cut -d\ -f3-`
echo Command: $command >> $LOG
The variables should be self-explanatory. It is possible that some of them won’t be
defined at this point, but will be defined later. The values of these variables are also
entered into the log.
This next part of the script is important if you don’t want just anyone having access to
your system.
if [ "$FROM" != " user1@good_domain.com" -a \
"$FROM" != " user2@good_domain.com" ]
then
echo "Invalid user $FROM trying to get procmail info: \
$SUBJECT" >> $LOG
tail -10 $LOG | mail -s \
"$FROM attempting to get procmail info" $warn_mail
exit 0
fi
The script checks the address of the requester, where the requested information is
to be sent. If the requester is not one of the approved addresses, a warning is sent to the

e-mail address stored in the warn_mail variable to notify the script’s owner of the potential
intruder. The script then exits.
There is still potential for a breach, however, so don’t be lulled into a false sense of
security. If someone knew that this utility existed, they could craft a message that works as
a spoof pretending to be sent from one of the allowed addresses. The message would con-
tain a subject line that would cause the getthisfile script to be replaced with a file of the
intruder’s choosing. The output of the intruder’s commands would be sent back to the
real allowed e-mail addresses, but by the time they were noticed, it would likely be too late
and the intruder would have access (although only to the account that has the procmail
setup, which hopefully is not root). Careful setting of permissions and ownership of this
script and of the .procmailrc files would make intrusion a lot more difficult, but still not
impossible.
■
Caution
Although this isn’t the most secure method of transferring files or information, it does demon-
strate the use of procmail, which is the goal here.