[Dovecot] question about scripts sieves
Stan Hoeppner
stan at hardwarefreak.com
Fri May 21 19:07:54 EEST 2010
fakessh put forth on 5/21/2010 7:22 AM:
> hello list
> hello dovecot network
> hello all the reader
>
> here is a sieve script
<snip>
> I tested that emails are not from japan and korea
> I would like to add one condition:
> that is, the emails from japan or korea who are destined for which I am
> mailling subscriber does not end up in Junk
> and I do the same test in the header: contains "Content-Type"
First, why aren't you rejecting spam outright with your MTA at SMTP time
instead of accepting it and filing into the junk folder? Always reject spam
at SMTP if at all possible, or drop spam connections at the firewall.
Second, _never_ reject spam in a sieve script. It creates backscatter bounces
to innocent 3rd parties whose addresses were forged as the sender or just
clogs you with NDAs if the sender addresses are bogus.
For mailing list subscriptions filter on "List Id: xxxxxxx" and fileinto the
appropriate list mail folders. Stick an entry in your MTA whitlist for the IP
addresses or RHS domain names of the Japanese and Korean list servers you are
subscribed to. Then block .jp and .kr with a REGEX, PCRE, or ipdeny cidr
file. For a hash whitelist and pcre blacklist in Postfix, you can use
something like this to whitelist the listservs and block all other sending
hosts with rDNS ending in .jp and .kr:
/etc/postfix/main.cf
smtpd_recipient_restrictions =
permit_mynetworks
reject_unauth_destination
check_client_access hash:/etc/postfix/whitelist
check_client_access pcre:/etc/postfix/ptr-tld.pcre
....
/etc/postfix/whitelist
...
example.listserv.jp OK
example.listserv.kr OK
...
/etc/postfix/ptr-tld.pcre
...
/^.*?(kr|jp)$/i 550 We do not accept mail from .$1 domains
...
Doing this eliminates the possibility of backscatter spam because the inbound
spam is rejected at SMTP time, returning an error code to the sending MTA,
_NOT_ a bounce to the sender address, which is usually forged with an innocent
third party's address.
I kill all my spam with Postfix, my MX MTA, at SMTP time, as you should. I
use sieve strictly to sort mail into the proper folders. If you'd like tips
on fighting spam with your MTA, I suggest joining the mailing list for your
MTA, or joining a spam fighting or mail operators list such as spam-l, mailop,
or maybe even NANAE, although from what I understand NANAE can require a thick
skin, and there's ton 'o traffic. Also read the documentation and howto's for
your MTA.
I guess I'm in a sharing mood this Friday. Below is my Postfix spam fighting
config, not including lookup table contents for the draconian local black
lists (which are _very_ large). The complete config kills over 97% of inbound
spam _without_ using content filters of any kind. It rejects strictly based
upon sending host IP address, rDNS characteristics, bad HELO, certain header
stamps, for instance a 41.x.x.x IP anywhere in the received header, IP or
domain listing in two Spamhaus zones, and finally via super selective
greylisting.
Most of the magic is in 3 lookup tables, fqrdns.regexp, countries.cidr, and
spammer.cidr. Countries is an ipdeny cidr list of about 8 or 9 countries' IP
space, mostly in Eastern Europe and Asia, West Africa, one in Central America.
Spammer.cidr is mostly US based snowshoe networks but probably paints with
too broad a brush for general use at most sites. The regexp file is about
1500 fully qualified rDNS patterns matching mostly dynamic IP ranges worldwide
and is very safe for anyone to use. The other two are pretty draconian.
Here's a copy of the regexp table if anyone wants to try it out. I actually
received it from another mail OP a while back and I'm pretty pleased with its
performance and zero FP rate. It should work on any MTA with POSIX regular
expression support:
http://www.hardwarefreak.com/fqrdns.regexp
My Postfix anti spam config:
cidr=cidr:/etc/postfix/cidr_files
smtpd_recipient_restrictions =
permit_mynetworks
reject_unauth_destination
check_recipient_access hash:/etc/postfix/whitelist
check_sender_access hash:/etc/postfix/whitelist
check_client_access hash:/etc/postfix/whitelist
check_client_access hash:/etc/postfix/blacklist
check_client_access proxy:regexp:/etc/postfix/fqrdns.regexp
check_client_access pcre:/etc/postfix/ptr-tld.pcre
check_client_access proxy:${cidr}/countries
check_client_access proxy:${cidr}/spammer
check_client_access proxy:${cidr}/misc-spam-srcs
reject_unknown_reverse_client_hostname
reject_non_fqdn_sender
reject_non_fqdn_helo_hostname
reject_invalid_helo_hostname
reject_unknown_helo_hostname
reject_unlisted_recipient
reject_rbl_client zen.spamhaus.org
reject_rhsbl_client dbl.spamhaus.org
reject_rhsbl_sender dbl.spamhaus.org
reject_rhsbl_helo dbl.spamhaus.org
check_policy_service inet:127.0.0.1:60000
Here's my sieve script, which strictly sorts valid mail, mostly list mail,
after Postfix kills the spam:
require "fileinto";
if false {}
elsif header :contains "List-Id" "linux-ide.vger.kernel.org" {
fileinto "1-Linux-IDE";
stop;
}
elsif header :contains "List-Id" "XFS" {
fileinto "1-XFS";
stop;
}
elsif header :contains "List-Post" "postfix-users at postfix.org" {
fileinto "1-Postfix-Users";
stop;
}
elsif header :contains "List-Id" "users.lists.roundcube.net" {
fileinto "1-Roundcube";
stop;
}
elsif header :contains "List-Id" "dovecot.dovecot.org" {
fileinto "1-Dovecot";
stop;
}
elsif address :contains "to" "postmaster at hardwarefreak.com" {
fileinto "Postmaster";
stop;
}
elsif header :contains "Received" "for <postmaster at hardwarefreak.com>" {
fileinto "Postmaster";
stop;
}
elsif header :contains "List-Id" "debian-user.lists.debian.org" {
fileinto "1-Debian-Users";
stop;
}
elsif header :contains "List-Id" "spam-l.spam-l.com" {
fileinto "1-Spam-l";
stop;
}
elsif header :contains "List-Id" "samba.lists.samba.org" {
fileinto "1-Samba";
stop;
}
else {
fileinto "INBOX";
}
--
Stan
More information about the dovecot
mailing list