Implementing procmail on a sendmail 8.8.8 and later gateway:
(Note: This is still undergoing testing and refinement)
$Id: procmail-on-gateway.txt,v 1.11 2006-01-20 07:40:49-08 jhardin Exp jhardin $
<jhardin@impsec.org>
With help from Joshua Marshall <marshallj@switch.aust.com>
Master copy at http://www.impsec.org/email-tools/procmail-on-gateway.txt


1. Add the following delivery agent:

Mprocmail,      P=/usr/bin/procmail, F=DFMmShun, S=11/31, R=21/31, T=DNS/RFC822/X-Unix,
                A=procmail -m $h $g $u

   [TAB]---^



2. Add "procmail" to class P with this somewhere near the top
of your sendmail.cf (near where the other classes are being set up):

  CPprocmail



3. Add the following to ruleset 0, between the "handle virtual
users" and "short-circuit local delivery" stanzas:

# pipe through procmail for processing
R$*<@example.com>$*     $#procmail $@/etc/procmail/filter.rc $:$1<@example.com.procmail.>$2
R$*<@example.com.>$*    $#procmail $@/etc/procmail/filter.rc $:$1<@example.com.procmail.>$2
R$*<@$*.procmail.>$*    $1<@$2.>$3

   [TAB]-------------^

Vary the domain name and script name (/etc/procmail/filter.rc) for your needs.

If you are relaying mail for multiple domains, use the following instead:

R$*<@$=w>$*             $#procmail $@/etc/procmail/filter.rc $:$1<@$2.procmail.>$3
R$*<@$=w.>$*            $#procmail $@/etc/procmail/filter.rc $:$1<@$2.procmail.>$3
R$*<@$*.procmail.>$*    $1<@$2.>$3

   [TAB]-------------^



If you prefer to use sendmail .mc files, add this to your config.mc file:

LOCAL_CONFIG
CPprocmail

LOCAL_RULE_0
R$*<@$=w>$*             $#procmail $@/etc/procmail/filter.rc $:$1<@$2.procmail.>$3
R$*<@$=w.>$*            $#procmail $@/etc/procmail/filter.rc $:$1<@$2.procmail.>$3
R$*<@$*.procmail.>$*    $1<@$2.>$3

MAILER_DEFINITIONS
Mprocmail,      P=/usr/bin/procmail, F=DFMmShun, S=11/31, R=21/31, T=DNS/RFC822/X-Unix,
                A=procmail -m $h $g $u



4. Here is a sample filter.rc file - add your local configuration
   settings before using it:

################################################################
#
# procmail rules to filter mail on a gateway
#

LOGFILE=/var/log/procmail.log
NL="
"
LOGABSTRACT=no

# Configuration settings go here...
# See the discussion of what to put in /etc/procmailrc at
# http://www.impsec.org/email-tools/sanitizer-configuration.html
# /etc/procmailrc is the "master procmail script" for local
# delivery, this file is the "master procmail script" for relay.
# The settings in one DO NOT affect the other.

POISONED_EXECUTABLES=/etc/procmail/poisoned

# etc... - you NEED to put configuration settings here.

# DO NOT enable RECIPIENT notification on a relay unless:
#  1) your mail relay inserts "for <recip@your.dom.ain>" into
#     the Received: header it adds to the message, and
#  2) you are using version 1.150 or later of the Sanitizer
# otherwise the recipient email address cannot be determined.

# run the sanitizer
INCLUDERC=/etc/procmail/local-rules.procmail
INCLUDERC=/etc/procmail/html-trap.procmail

# send the mail on to the next relay
:0
! -oi -f "$@"

#
################################################################



5. If the next hop is a Microsoft Exchange Server, make sure that you
configure it so that it will accept mail addressed to its
fully-qualified domain name in addition to the simple domain name.
For example, if your domain is "example.com" and your Exchange Server is
running on the computer named "exchange", configure it to accept mail
addressed to "@exchange.example.com" as well as just "@example.com"


