aja-lists at tni.org
2009-Dec-30 19:21 UTC
[Dovecot] A Dovecot Sieve spam filter question.
Hi, I'd like to make a filtering threshold for users to let them deal with spamassassin spam-level starred < 8 themselves, but spam-level starred higher than 8 should be discarded how can one do that with the "anyof" option ? the following doesn't work with a test email with "gtube", which scores > 999 : # require "fileinto"; if header :matches "X-Spam-Level" "\*\*\*\*\*\*" { fileinto "discard"; } and I think it would be nice to have not so many lines in the globalsieverc file. TIA, Regards, Adrian
aja-lists at tni.org wrote:> I'd like to make a filtering threshold for users to let them > deal with spamassassin spam-level starred < 8 themselves, > but spam-level starred higher than 8 should be discarded > > > how can one do that with the "anyof" option ? > > the following doesn't work with a test email with "gtube", > which scores > 999 : > > # > require "fileinto"; > if header :matches "X-Spam-Level" "\*\*\*\*\*\*" { > fileinto "discard"; > } > > and I think it would be nice to have not so many lines > in the globalsieverc file.Try the following: if header :contains "X-Spam-Level" "*****" { ... -- [pl>en: Andrew] Andrzej Adam Filip : anfi at onet.eu Common sense is the collection of prejudices acquired by age eighteen. -- Albert Einstein
aja-lists at tni.org wrote:> On 12/30/2009 11:56 PM, aja-lists at tni.org wrote: > >> But this (2nd line is one long line) : >> >> require ["fileinto"]; >> if header :contains "X-Spam-Level" >> "**************************************************" { >> fileinto "Junk"; >> } >> >> simply delivers the gtube test email in the Inbox instead of the Junk >> folder :( No errors in the dovecot-deliver log, what am I missing ? > > My mistake, my personal .dovecot.sieve was in the way. > (Found this : > http://workaround.org/ispmail/lenny/server-side-sieve-filtering#comment-215 > ) >You can enforce global Sieve rules using the sieve_before setting: http://wiki.dovecot.org/LDA/Sieve/Dovecot#multiscript Regards, Stephan.
On 12/30/2009 2:21 PM, aja-lists at tni.org wrote:> Hi, > > I'd like to make a filtering threshold for users to let them > deal with spamassassin spam-level starred < 8 themselves, > but spam-level starred higher than 8 should be discarded >In general, it's better to quarantine high-scoring spam (we shove it in a server-side Junk folder) then to simply discard. (The old adage of mail delivery is that once you accept delivery of mail into your system you should never silently drop it on the floor.) require ["comparator-i;ascii-numeric","fileinto","relational"]; # Definite spam gets shoved into the "Junk" folder in IMAP # Currently defined as a Spam Assassin score of 8.0 or higher if allof ( header :contains "X-Spam-Flag" "YES", header :value "ge" :comparator "i;ascii-numeric" ["X-Spam-Score"] ["8"] ) { fileinto "Junk"; stop; } You need to check both that the spam flag is set to YES in addition to doing a comparison on the value of the spam score header. Otherwise you'll find that spams with negative scores can confuse the comparison rule. This script is in a central sieve file that we include from the individual user's home folders. We always make sure that it's the *first* include in the user's file (after the "require" lines) so that we get a chance to stop processing on spam messages before processing things like vacation responses. Basically, we score and tag at 5.0 - putting "[SPAM]" into the subject line, and leave the message in the Inbox. But for stuff over 8.0, we move it server-side to the Junk folder. This gives the users a lot of flexibility. If they don't trust our filter, then can look at the "maybe" spam messages in their Inbox and also look in the Junk folder. If they're not worried about false-positives in the 5.0-7.9 range, then they can setup a client side rule to simply move the messages from the Inbox to the Junk folder, or delete them. We also have a server-side cron script that runs daily and removes any files in Junk that are older then 90 days.