|
FastMail Forum All posts relating to FastMail.FM should go here: suggestions, comments, requests for help, complaints, technical issues etc. |
|
Thread Tools |
14 Jul 2017, 09:02 AM | #1 |
Cornerstone of the Community
Join Date: Jul 2002
Location: Tacoma, WA
Posts: 642
|
spam getting through custom sieve rules
I have custom sieve rules set up to discard mail sent to certain addresses. When I test the script by sending myself an email to one particular address on the "discard" list, the email correctly gets discarded. But certain emails from outside spammers to that same email address get through, and I don't understand why. I have run my Sieve code on this particular email through Sieve Tester, and sure enough, it gets through.
The only reference to a "To" address I could find is highlighted in red in the message below, which is the email address that is in my Sieve script to be discarded, and as I indicated, sending myself an email to that address does result in the email being discarded. Am I misreading the headers and is the email actually being sent to a different address? Thanks for any help you can be. Here's the raw headers: Code:
Return-Path: <mlopez@oben.com.co> Received: from compute5.internal (compute5.nyi.internal [10.202.2.45]) by sloti38d1t06 (Cyrus fastmail-fmjessie44472-15312-git-fastmail-15312) with LMTPA; Thu, 13 Jul 2017 15:41:18 -0400 X-Cyrus-Session-Id: sloti38d1t06-281765-1499974878-2-2414931264603118082 X-Sieve: CMU Sieve 3.0 X-Spam-known-sender: no X-Spam-score: 6.2 X-Spam-hits: BAYES_40 -0.001, DIET_1 0.001, MISSING_SUBJECT 1.799, RCVD_IN_BL_SPAMCOP_NET 2, RCVD_IN_INVALUEMENT 2, SPF_HELO_PASS -0.001, SPF_PASS -0.001, URI_NOVOWEL 0.5, LANGUAGES en, BAYES_USED user, SA_VERSION 3.4.0 X-Spam-source: IP='190.145.99.75', Host='mail.casaoben.com', Country='CO', FromHeader='co', MailFrom='co' X-Spam-charsets: X-Resolved-to: myFMname@fastmail.com X-Delivered-to: sp@myfmdomain.com X-Mail-from: mlopez@oben.com.co Received: from mx3 ([10.202.2.202]) by compute5.internal (LMTPProxy); Thu, 13 Jul 2017 15:41:18 -0400 Received: from mx3.messagingengine.com (localhost [127.0.0.1]) by mailmx.nyi.internal (Postfix) with ESMTP id 03D7446444 for <sp@myfmdomain.com>; Thu, 13 Jul 2017 15:41:18 -0400 (EDT) Received: from mx3.messagingengine.com (localhost [127.0.0.1]) by mx3.messagingengine.com (Authentication Milter) with ESMTP id 01EBEB883D7; Thu, 13 Jul 2017 15:41:18 -0400 Authentication-Results: mx3.messagingengine.com; dkim=none (no signatures found); dmarc=none (p=none) header.from=oben.com.co; spf=pass smtp.mailfrom=mlopez@oben.com.co smtp.helo=mail.casaoben.com Received-SPF: pass (oben.com.co: 190.145.99.75 is authorized to use 'mlopez@oben.com.co' in 'mfrom' identity (mechanism 'mx' matched)) receiver=mx3.messagingengine.com; identity=mailfrom; envelope-from="mlopez@oben.com.co"; helo=mail.casaoben.com; client-ip=190.145.99.75 Received: from mail.casaoben.com (mail.casaoben.com [190.145.99.75]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx3.messagingengine.com (Postfix) with ESMTPS for <sp@myfmdomain.com>; Thu, 13 Jul 2017 15:41:17 -0400 (EDT) Received: from localhost (localhost [127.0.0.1]) by mail.casaoben.com (Postfix) with ESMTP id D54FF196154B; Thu, 13 Jul 2017 09:28:35 -0500 (COT) Received: from mail.casaoben.com ([127.0.0.1]) by localhost (mail.casaoben.com [127.0.0.1]) (amavisd-new, port 10032) with ESMTP id V52moA6lzHma; Thu, 13 Jul 2017 09:28:35 -0500 (COT) Received: from localhost (localhost [127.0.0.1]) by mail.casaoben.com (Postfix) with ESMTP id 90EF91936437; Wed, 12 Jul 2017 18:21:00 -0500 (COT) X-Virus-Scanned: amavisd-new at casaoben.com Received: from mail.casaoben.com ([127.0.0.1]) by localhost (mail.casaoben.com [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id g-eHNeuIkBdp; Wed, 12 Jul 2017 18:21:00 -0500 (COT) Received: from [127.0.0.1] (unknown [185.138.92.84]) by mail.casaoben.com (Postfix) with ESMTPSA id E9BA018CDFE8; Wed, 12 Jul 2017 10:50:12 -0500 (COT) Date: Wed, 12 Jul 2017 17:50:02 +0200 From: mlopez@oben.com.co To: sp@aceplasticinc.com, sp@action-hi.co.uk, sp@aircomp.com, sp@asfc.ac.uk, Message-Id: <20170712155012.E9BA018CDFE8@mail.casaoben.com> : SMTPHEADER_REPLYTO# MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="--_com.android.email_56950588071180" Message-ID: <eqt0ayh-b6i839-20@oben.com.co> This is a multi-part message in MIME format ----_com.android.email_56950588071180 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit filterUsage=0 filterMask= negateFilter=0 plaintext=1 convertMsgBodyToImage=0 convertedMsgBody=%3Chtml%3E%3Cbody%3E%3Cimg+src%3D%22%23ATTACHIMG(1)%23%22%3E%3C%2Fbody%3E%3C%2Fhtml%3E delayedMessage=0 minutesToDelay=60 Both Short-Term And Long-Lasting Improvements: The Newest Diet Solution It’s never too late to start working on improving your body's natural weight loss system. Begin improving your health by learning more about our extraordinary diet product. All the powerful components are there to provide both momentary and lasting improvements, you will drop approximately 40 pounds or more, you will lose 4 inches or more off your waistline. The crucial part: you'll keep all of that off. You [wouldn’t|would not} believe the wonderful results that you can check on our official website. To learn all the information you need, click on this link http://www.google.com/url?q=http%3A%2F%2Feqhgr.goodlostfat2.top&sa=D&sntz=1&usg=AFQjCNGcaXtyk5hp8wTtnOEApw8mYE7_xQ ----_com.android.email_56950588071180 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: 8bit filterUsage=0 filterMask= negateFilter=0 plaintext=1 convertMsgBodyToImage=0 convertedMsgBody=%3Chtml%3E%3Cbody%3E%3Cimg+src%3D%22%23ATTACHIMG(1)%23%22%3E%3C%2Fbody%3E%3C%2Fhtml%3E delayedMessage=0 minutesToDelay=60 Both Short-Term And Long-Lasting Improvements: The Newest Diet Solution It’s never too late to start working on improving your body's natural weight loss system. Begin improving your health by learning more about our extraordinary diet product. All the powerful components are there to provide both momentary and lasting improvements, you will drop approximately 40 pounds or more, you will lose 4 inches or more off your waistline. The crucial part: you'll keep all of that off. You [wouldn’t|would not} believe the wonderful results that you can check on our official website. To learn all the information you need, click on this link http://www.google.com/url?q=http%3A%2F%2Feqhgr.goodlostfat2.top&sa=D&sntz=1&usg=AFQjCNGcaXtyk5hp8wTtnOEApw8mYE7_xQ ----_com.android.email_56950588071180-- |
14 Jul 2017, 03:06 PM | #2 |
The "e" in e-mail
Join Date: Jul 2002
Location: VK4
Posts: 3,029
|
Sorry I thought you were just testing your rules by sending yourself an email so what I said is pointless.
Last edited by Terry : 15 Jul 2017 at 11:13 AM. |
14 Jul 2017, 03:14 PM | #3 |
Intergalactic Postmaster
Join Date: May 2004
Location: Irving, Texas
Posts: 8,930
|
With regards to the To header, this depends on what you munged in the headers you posted. There are addresses in the To header, and I'm not sure if one is yours. There are usually three ways someone can send an email which is delivered to your account:
If you use a wildcard alias for your domain, a better way to block certain specific addresses is to make aliases for these addresses which are set to Reject all mail sent to this address. This causes that address to not exist at the SMTP receiving stage. Bill |
15 Jul 2017, 12:57 AM | #4 |
The "e" in e-mail
Join Date: May 2003
Location: mostly in Thailand
Posts: 3,095
|
It looks as Bill suggested that the message was delivered via bcc (the x-delivered-to header apparently is different from those in the To header). Maybe, you are missing a check of the x-delivered-to header in addition to To and Cc headers.
I also see that the message has a pretty big spam score of 6.2. I would look at the spam block in the sieve script to see what happens to messages with that spam score. |
15 Jul 2017, 04:26 AM | #5 |
Intergalactic Postmaster
Join Date: May 2004
Location: Irving, Texas
Posts: 8,930
|
I'm going to repeat two suggestions I made:
|
15 Jul 2017, 08:17 AM | #6 | |
Cornerstone of the Community
Join Date: Jul 2002
Location: Tacoma, WA
Posts: 642
|
Quote:
I didn't munge any of the "To:" addresses because none of the ones listed are mine. My Sieve code only looks at "From" and "To", so I think the next step will be to add "X-Delivered-to" to the list of headers to check. If I understand you correctly, if, for example, someone sends me an email with the email address <me@mydomain.com> in the BCC field, this email address won't show up in to "To" header but will be in the envelope header and will therefore be copied to the "X-Delivered-to" header. Do I understand this correctly? If I understand this correctly, can I just use the "X-Delivered-to" header and skip the checking of the "To" header? |
|
15 Jul 2017, 08:21 AM | #7 | |
Cornerstone of the Community
Join Date: Jul 2002
Location: Tacoma, WA
Posts: 642
|
Quote:
The email ended up in my spam folder, which is good, but I'd rather simply delete email to certain addresses silently, because I have found that particularly with email addresses than once were legitimate (such as <dropbox@mydomain.com>, when these fall into the hands of spammers they are much more likely to end up in my inbox rather than in the spam folder (perhaps because FM remembers from a while back when the email was good?) |
|
15 Jul 2017, 08:28 AM | #8 | |
Cornerstone of the Community
Join Date: Jul 2002
Location: Tacoma, WA
Posts: 642
|
Quote:
Can you explain a bit what you mean by ?Use aliases set to reject delivery to block specific usernames at your own domain"? Does this mean to set up an alias and just point it to "nobody"? |
|
15 Jul 2017, 08:36 AM | #9 |
Cornerstone of the Community
Join Date: Jul 2002
Location: Tacoma, WA
Posts: 642
|
A followup question related to writing Sieve rules. Currently my sieve rules for discarding mail to known "spammy" targets at my domain looks like this:
Code:
if anyof ( # 1. 'matches' can contain wildcards, 'contains' cannot address :matches ["to","from"] [ "adobe@mydomain.com", "adobe1@mydomain.com", "adobe2@mydomain.com", "adbrs1@mydomain.com", and about 50 more! ], # 2. for partial match but cannot contain wildcards address :contains ["to"] [ "info@mydo", "sales@mydo" ], # 3. by header #fastmail virus notifications header :is ["subject"] ["Infected file rejected"], header :contains ["subject"] ["fcyi.pk"], header :contains ["subject"] ["Undelivered Mail Returned"], #specific attachment header :is ["X-Attached"] ["email-info.zip"], header :is ["X-Attached"] ["email-text.zip"], header :is ["X-Attached"] ["email-doc.zip"], header :is ["X-Attached"] ["IMPORTANT.zip"], header :contains ["X-Spam-orig-subject"] ["ISO-2022-JP"] ) {discard;stop;} If I want to filter on the Envelope header or the X-delivered-to header, the only way I know to do that would be to add another block in the "anyof" series. But that would force me to repeat all of the nearly 50 email addresses I'm checking for in each block. Is there a fancier way of writing the Sieve code so I only have to list the email addresses once? |
15 Jul 2017, 10:35 AM | #10 | |
Intergalactic Postmaster
Join Date: May 2004
Location: Irving, Texas
Posts: 8,930
|
Quote:
Code:
550 5.1.1 <sp@example.com>: Recipient address rejected: User unknown in virtual mailbox table Bill |
|
15 Jul 2017, 11:03 AM | #11 | |
Intergalactic Postmaster
Join Date: May 2004
Location: Irving, Texas
Posts: 8,930
|
Quote:
If you decide to continue the long sieve script, you should be able to change #1 and #2 as follows. Just add "x-delivered-to" as shown. I tested this and it seems to work correctly. Code:
# 1. 'matches' can contain wildcards, 'contains' cannot address :matches ["to","from","x-delivered-to"] [ "adobe@mydomain.com", "adobe1@mydomain.com", "adobe2@mydomain.com", "adbrs1@mydomain.com", and about 50 more! ], # 2. for partial match but cannot contain wildcards address :contains ["to","x-delivered-to"] [ "info@mydo", "sales@mydo" ], |
|
16 Jul 2017, 09:45 AM | #12 | |
Cornerstone of the Community
Join Date: Jul 2002
Location: Tacoma, WA
Posts: 642
|
Quote:
My only hesitation is that with about 50 (so far!) addresses to deal with, my Sieve script allows me to put them in alphabetical order, and it looks as if on the Alias screen the email addresses are in newest to oldest order, which makes it a bit tedious to find a particular address. |
|
16 Jul 2017, 12:03 PM | #13 | |
The "e" in e-mail
Join Date: May 2003
Location: mostly in Thailand
Posts: 3,095
|
Quote:
|
|
16 Jul 2017, 01:37 PM | #14 | ||
Intergalactic Postmaster
Join Date: May 2004
Location: Irving, Texas
Posts: 8,930
|
User unknown alias rejection & alias sorting
Quote:
Code:
The response from the remote server was: 550 5.1.1 <aa@mydomain.xxx>: Recipient address rejected: User unknown in virtual mailbox table Quote:
|
||
16 Jul 2017, 02:40 PM | #15 | |
Intergalactic Postmaster
Join Date: May 2004
Location: Irving, Texas
Posts: 8,930
|
Messages sent to more than one of your addresses
Quote:
Last edited by n5bb : 16 Jul 2017 at 02:59 PM. |
|