spam getting through custom sieve rules
I have custom sieve rules set up to discard mail sent to certain addresses. When I test the script by sending myself an email to one particular address on the "discard" list, the email correctly gets discarded. But certain emails from outside spammers to that same email address get through, and I don't understand why. I have run my Sieve code on this particular email through Sieve Tester, and sure enough, it gets through.
The only reference to a "To" address I could find is highlighted in red in the message below, which is the email address that is in my Sieve script to be discarded, and as I indicated, sending myself an email to that address does result in the email being discarded. Am I misreading the headers and is the email actually being sent to a different address? Thanks for any help you can be. Here's the raw headers: Code:
Return-Path: <mlopez@oben.com.co> |
Sorry I thought you were just testing your rules by sending yourself an email so what I said is pointless.
|
With regards to the To header, this depends on what you munged in the headers you posted. There are addresses in the To header, and I'm not sure if one is yours. There are usually three ways someone can send an email which is delivered to your account:
If you use a wildcard alias for your domain, a better way to block certain specific addresses is to make aliases for these addresses which are set to Reject all mail sent to this address. This causes that address to not exist at the SMTP receiving stage. Bill |
It looks as Bill suggested that the message was delivered via bcc (the x-delivered-to header apparently is different from those in the To header). Maybe, you are missing a check of the x-delivered-to header in addition to To and Cc headers.
I also see that the message has a pretty big spam score of 6.2. I would look at the spam block in the sieve script to see what happens to messages with that spam score. |
I'm going to repeat two suggestions I made:
|
Quote:
I didn't munge any of the "To:" addresses because none of the ones listed are mine. My Sieve code only looks at "From" and "To", so I think the next step will be to add "X-Delivered-to" to the list of headers to check. If I understand you correctly, if, for example, someone sends me an email with the email address <me@mydomain.com> in the BCC field, this email address won't show up in to "To" header but will be in the envelope header and will therefore be copied to the "X-Delivered-to" header. Do I understand this correctly? If I understand this correctly, can I just use the "X-Delivered-to" header and skip the checking of the "To" header? |
Quote:
The email ended up in my spam folder, which is good, but I'd rather simply delete email to certain addresses silently, because I have found that particularly with email addresses than once were legitimate (such as <dropbox@mydomain.com>, when these fall into the hands of spammers they are much more likely to end up in my inbox rather than in the spam folder (perhaps because FM remembers from a while back when the email was good?) |
Quote:
Can you explain a bit what you mean by ?Use aliases set to reject delivery to block specific usernames at your own domain"? Does this mean to set up an alias and just point it to "nobody"? |
A followup question related to writing Sieve rules. Currently my sieve rules for discarding mail to known "spammy" targets at my domain looks like this:
Code:
if anyof If I want to filter on the Envelope header or the X-delivered-to header, the only way I know to do that would be to add another block in the "anyof" series. But that would force me to repeat all of the nearly 50 email addresses I'm checking for in each block. Is there a fancier way of writing the Sieve code so I only have to list the email addresses once? |
Quote:
Code:
550 5.1.1 <sp@example.com>: Recipient address rejected: User unknown in virtual mailbox table Bill |
Quote:
If you decide to continue the long sieve script, you should be able to change #1 and #2 as follows. Just add "x-delivered-to" as shown. I tested this and it seems to work correctly. Code:
# 1. 'matches' can contain wildcards, 'contains' cannot |
Quote:
My only hesitation is that with about 50 (so far!) addresses to deal with, my Sieve script allows me to put them in alphabetical order, and it looks as if on the Alias screen the email addresses are in newest to oldest order, which makes it a bit tedious to find a particular address. |
Quote:
|
User unknown alias rejection & alias sorting
Quote:
Code:
The response from the remote server was: Quote:
|
Messages sent to more than one of your addresses
Quote:
|
All times are GMT +9. The time now is 09:57 PM. |
Copyright EmailDiscussions.com 1998-2022. All Rights Reserved. Privacy Policy