How to log a Sieve match in Dovecot debug_log
Hi everybody!
I manage a mail server running Dovecot 2.2.21 with Pigeonhole 0.4.10. I successfully configured sieve and use it also to filter some spam messages. Here is one of the script I use to filter messages on the basis of prohibited words in message body.
As you can see, the last command writes to the log the action of this script.
-- the script begins ------------
require ["fileinto", "imap4flags", "editheader", "body", "vnd.dovecot.debug"];
if anyof (
body :text :contains "crypto", body :text :contains "sex", body :text :contains "viagra" ) { setflag "\\Seen"; addheader :last "X-Sieve-Filtered" "blocked words in message body"; fileinto "INBOX.Spam"; debug_log "Body contains blocked word: <the matching word>"; }
-- the script ends --------------
MY QUESTION: is there a way to have also the result of the match in that log message? I mean, is it possible to have that "<the matching word>" substituted with the exact word that matched one of the conditions (more or less the same way it is possible using Exim's System Filter)? I googled and searched a lot Dovecot documentation but wasn't able to find a definite YES or NO to this question.
Thanks a lot!
Lukas
Am Samstag, 30. Juni 2018, 11:28:43 CEST schrieb Lukas:
Hi everybody!
I manage a mail server running Dovecot 2.2.21 with Pigeonhole 0.4.10. I successfully configured sieve and use it also to filter some spam messages. Here is one of the script I use to filter messages on the basis of prohibited words in message body.
As you can see, the last command writes to the log the action of this script.
-- the script begins ------------
require ["fileinto", "imap4flags", "editheader", "body", "vnd.dovecot.debug"];
if anyof (
body :text :contains "crypto", body :text :contains "sex", body :text :contains "viagra" )
{ setflag "\\Seen"; addheader :last "X-Sieve-Filtered" "blocked words in message body"; fileinto "INBOX.Spam"; debug_log "Body contains blocked word: <the matching word>"; }
-- the script ends --------------
MY QUESTION: is there a way to have also the result of the match in that log message? I mean, is it possible to have that "<the matching word>" substituted with the exact word that matched one of the conditions (more or less the same way it is possible using Exim's System Filter)? I googled and searched a lot Dovecot documentation but wasn't able to find a definite YES or NO to this question.
You could make a separate rule for each of the words which should be blocked...
Volker
Hi Volker!
This is what I wanted to avoid with my question. I reported my script with only three word just to make an example but my list is quite longer than this. Let's suppose a list of 30 or 40 words... 30 or 40 rules? Possible but very unconfortable to manage. A more compact version of the script could be this:
-- the script begins ------------
require ["fileinto", "imap4flags", "editheader", "body", "vnd.dovecot.debug"];
if anyof (
body :text :contains [
"crypto", "sex", "viagra"
])
{ setflag "\\Seen"; addheader :last "X-Sieve-Filtered" "blocked words in message body"; fileinto "INBOX.Spam"; debug_log "Body contains blocked word: <the matching word>"; }
-- the script ends --------------
This is simpler to maintain if you have a long list of word. And here comes my previous question: it would be great if there is a way to log the matching word in order to know what word in that list was the "culprit".
Lukas
----- Messaggio originale ----- Da: "Volker Wysk" post@volker-wysk.de A: "dovecot" dovecot@dovecot.org Inviato: Sabato, 30 giugno 2018 12:14:11 Oggetto: Re: How to log a Sieve match in Dovecot debug_log
Am Samstag, 30. Juni 2018, 11:28:43 CEST schrieb Lukas:
Hi everybody!
I manage a mail server running Dovecot 2.2.21 with Pigeonhole 0.4.10. I successfully configured sieve and use it also to filter some spam messages. Here is one of the script I use to filter messages on the basis of prohibited words in message body.
As you can see, the last command writes to the log the action of this script.
-- the script begins ------------
require ["fileinto", "imap4flags", "editheader", "body", "vnd.dovecot.debug"];
if anyof (
body :text :contains "crypto", body :text :contains "sex", body :text :contains "viagra" )
{ setflag "\\Seen"; addheader :last "X-Sieve-Filtered" "blocked words in message body"; fileinto "INBOX.Spam"; debug_log "Body contains blocked word: <the matching word>"; }
-- the script ends --------------
MY QUESTION: is there a way to have also the result of the match in that log message? I mean, is it possible to have that "<the matching word>" substituted with the exact word that matched one of the conditions (more or less the same way it is possible using Exim's System Filter)? I googled and searched a lot Dovecot documentation but wasn't able to find a definite YES or NO to this question.
You could make a separate rule for each of the words which should be blocked...
Volker
Am Samstag, 30. Juni 2018, 12:33:49 CEST schrieb Lukas:
This is what I wanted to avoid with my question. I reported my script with only three word just to make an example but my list is quite longer than this. Let's suppose a list of 30 or 40 words... 30 or 40 rules? Possible but very unconfortable to manage.
Okay.
A more compact version of the script could be this:
-- the script begins ------------
require ["fileinto", "imap4flags", "editheader", "body", "vnd.dovecot.debug"];
if anyof (
body :text :contains [ "crypto", "sex", "viagra" ])
{ setflag "\\Seen"; addheader :last "X-Sieve-Filtered" "blocked words in message body"; fileinto "INBOX.Spam"; debug_log "Body contains blocked word: <the matching word>"; }
-- the script ends --------------
This is simpler to maintain if you have a long list of word. And here comes my previous question: it would be great if there is a way to log the matching word in order to know what word in that list was the "culprit".
I'm afraid that I can't help you, then.
Volker
On 30 Jun 2018, at 03:28, Lukas lukas@email.it wrote:
body :text :contains "crypto", body :text :contains "sex", body :text :contains "viagra"
This is a very silly way to try to deal with spam. In fact, your own message to the list will be flagged by your rule. Actual spam message will illy not even hit this rule as they often use ETF-8 characters or weird spacing and substitutions to evade simplistic checks like this.
There are anti-spam packages that do a good job (well, there's SpamAssassin, I suspect there must be others), use those.
-- Hamburgers. The cornerstone of any nutritious breakfast.
Sorry @lbutlr, this is a very silly answer to my question...! My script is not the definite spam solution on my mail server, obviously. In addition to Spamassassin, blacklist implementation, SPF, DKIM and more, I need to filter some specific messages with particular words and log the script action. In my first mail I made an example with three really obvious words but my need is not about sex or crypto currency...
So, if you can help, please, help me. But personal opinions that don't answer a question are... useless!
Lukas
----- Messaggio originale ----- Da: "@lbutlr" kremels@kreme.com A: "dovecot" dovecot@dovecot.org Inviato: Sabato, 30 giugno 2018 23:13:39 Oggetto: Re: How to log a Sieve match in Dovecot debug_log
On 30 Jun 2018, at 03:28, Lukas lukas@email.it wrote:
body :text :contains "crypto", body :text :contains "sex", body :text :contains "viagra"
This is a very silly way to try to deal with spam. In fact, your own message to the list will be flagged by your rule. Actual spam message will illy not even hit this rule as they often use ETF-8 characters or weird spacing and substitutions to evade simplistic checks like this.
There are anti-spam packages that do a good job (well, there's SpamAssassin, I suspect there must be others), use those.
-- Hamburgers. The cornerstone of any nutritious breakfast.
On 30 Jun 2018, at 15:41, Lukas lukas@email.it wrote:
Sorry @lbutlr, this is a very silly answer to my question...! My script is not the definite spam solution on my mail server, obviously.
It doesn't matter. Triggering on specific words is not a spam solution.
So, if you can help, please, help me. But personal opinions that don't answer a question are... useless!
Trying to do this in Dovecot is not the right solution. There're other tools. Heck, Spamassassin, which you already have.
But regardless of the tool you use, triggering a spam status on a word (any word) is a bad idea.
-- 'Dojo! What is Rule One?' Even the cowering challenger mumbled along to the chorus: 'Do not act incautiously when confronting little bald wrinkly smiling men!'
participants (3)
-
@lbutlr
-
Lukas
-
Volker Wysk