[Dovecot] Sieve during read or login?

Rick Romero rick at havokmon.com
Wed Sep 29 03:20:51 EEST 2010



Sent from my iPhone

On Sep 28, 2010, at 6:43 PM, Stephan Bosch <stephan at rename-it.nl> wrote:

> Op 28-9-2010 23:02, Rick Romero schreef:
>>
>> I was wondering if anyone thought of applying filters to email post  
>> delivery, pre-read.
>>
>> Basically the idea would be to head off Spam, Malware or Phishing  
>> for already delivered email.  Malware would probably be the least  
>> likely target, as (knock on wood) user workstations would be  
>> updated, but a targeted phishing scam would not create a public  
>> signature that would be downloaded, yet an admin may have a regex  
>> that could be used to remove that email before it left the server.
>>
>> I used to run find and grep on my Maildirs, but that's no longer  
>> practical.  I think maybe an 'on connect', or 'on read' might be an  
>> option.
>>
> I am not sure I understand the benefit of filtering things like spam  
> and scams post-delivery as opposed to filtering on-delivery as it is  
> now.
>
> Please explain further.

If you assume the user retrieves their mail soon after delivery, it  
doesn't make sense. :)

I think the biggest benefit to my service  is the catching is phisjing  
scams aimed at my users. I usually get a copy (dolts), and I will  
block the reply to addresses, but it would be better to remove it  
cpmpletely.

Another possible use might be URL scanning for updated malware sites  
and labeling it accordingly -but modifying an email might a little  
excessive for this function.

Rick 


More information about the dovecot mailing list