[Dovecot] A Dovecot Sieve spam filter question.
Thomas Harold
thomas-lists at nybeta.com
Thu Dec 31 17:11:15 EET 2009
On 12/30/2009 2:21 PM, aja-lists at tni.org wrote:
> Hi,
>
> I'd like to make a filtering threshold for users to let them
> deal with spamassassin spam-level starred < 8 themselves,
> but spam-level starred higher than 8 should be discarded
>
In general, it's better to quarantine high-scoring spam (we shove it in
a server-side Junk folder) then to simply discard. (The old adage of
mail delivery is that once you accept delivery of mail into your system
you should never silently drop it on the floor.)
require ["comparator-i;ascii-numeric","fileinto","relational"];
# Definite spam gets shoved into the "Junk" folder in IMAP
# Currently defined as a Spam Assassin score of 8.0 or higher
if allof (
header :contains "X-Spam-Flag" "YES",
header :value "ge" :comparator "i;ascii-numeric" ["X-Spam-Score"] ["8"]
) {
fileinto "Junk";
stop;
}
You need to check both that the spam flag is set to YES in addition to
doing a comparison on the value of the spam score header. Otherwise
you'll find that spams with negative scores can confuse the comparison rule.
This script is in a central sieve file that we include from the
individual user's home folders. We always make sure that it's the
*first* include in the user's file (after the "require" lines) so that
we get a chance to stop processing on spam messages before processing
things like vacation responses.
Basically, we score and tag at 5.0 - putting "[SPAM]" into the subject
line, and leave the message in the Inbox. But for stuff over 8.0, we
move it server-side to the Junk folder. This gives the users a lot of
flexibility. If they don't trust our filter, then can look at the
"maybe" spam messages in their Inbox and also look in the Junk folder.
If they're not worried about false-positives in the 5.0-7.9 range, then
they can setup a client side rule to simply move the messages from the
Inbox to the Junk folder, or delete them.
We also have a server-side cron script that runs daily and removes any
files in Junk that are older then 90 days.
More information about the dovecot
mailing list