I've been getting an inordinate amount of email spam as of late -- on the order of 30 spams to 1 legitimate message. Spamassassin was doing a good job of tagging spam, but I needed more... I didn't even want it to hit my inbox in any shape, way, or form. I use domain forwarding to a single address for my email. That way, I can use "some.registration@domain.org" when I'm registering for something so I can see who's selling my email address ([Reuters.com] did that just recently, and it pissed me off. But, I digress.) The downside is that a spammer can send an email to "male.enhancement@my.domain", and it'd get through without bouncing. So, after poking around a bit, I found out about procmail. From the [procmail faq|http://zer0.org/procmail/mini-faq.html#description]: {{{ Procmail is a mail processing utility, which can help you filter your mail; sort incoming mail according to sender, Subject line, length of message, keywords in the message, etc; implement an ftp-by-mail server, and much more. }}} Procmail was easy enough to set up. Instead of forwarding email to gmail or whatnot, I forward it to a *nix pipe: {{{|/usr/bin/procmail ~/.procmailrc}}} The .procmailrc sets up some variables. The important part is the "INCLUDERC" directive, which is where the rules or "recipes" are stored. After a couple of hours of hacking, mine looks like this: {{{ FGREP=/usr/bin/fgrep FMAIL=/usr/bin/formail TO=`$FMAIL -x To:` :0E * ? echo $TO |$FGREP -i -f $HOME/.procmail/to.blacklist { LOG='to.blacklist: ' :0 /dev/null } :0fw: spamassassin.lock * < 256000 | /usr/bin/spamassassin :0 * ^X-Spam-Level:.\*\*\*\*\*\*\*\*\*\* /dev/null :0 * ^X-Spam-Flag: YES { :0: SPAM :0 |echo $TO >> $HOME/.procmail/to.spam } :0: * ^Subject:.*V.*I.*A.*G.*R.*A SPAM :0 * ^Subject:.*test123.* { :0 /dev/null :0 |echo $TO >> $HOME/.procmail/to.test } :0 { :0: INBOX :0 |echo $TO >> $HOME/.procmail/to.inbox } }}} The important bits are the "to.blacklist" and the piping to spamassassin. The "to.blacklist" is a set of email addresses I'll never use. Once spamassassin determines an email is spam, the "TO" gets appended to the "to.spam" file. I review it once in awhile and plop 'em into the blacklist, which is used in the first recipes. Basically, look in the "to.blacklist" file for a naughty TO address, like "accounting@my.domain". If there's a match, the spam is sent to /dev/null -- *nix's circular file. The amount of spam I've had to manually delete has decreased dramatically -- I've had no false positives, and only a handful of missed spam. Anyway, if anyone's interested, I'll post a dissection of the above recipe list.