How do you make Dovecot Sieve search for content in the message header? Possible?

jkirker

Verified User
Joined
Nov 22, 2012
Messages
123
I'm sending all my inbound mail for a domain through a spam washing relay host. The problem though is that the spammers are sending junk straight to the servers IP bypassing the relay server.

What I want to do is set a rule in Sieve that looks for the known IP addresses of the relay machine. If the IP address is not contained in the header, the message will be dropped before it hits the inbox.

Is it possible to use Sieve to search the header of a message for contents? I want to see if the message contains the IP of a relay host.

Any thoughts?

I want to search for what is in bold below:

Return-Path: <[email protected]>
Delivered-To: [email protected]
Received: from host1.serverhost.com
by host1.serverhost.com (Dovecot) with LMTP id F194EsLSa1Q9CgAAPCBobw
for <[email protected]>; Tue, 18 Nov 2014 15:14:41 -0800
Return-path: <[email protected]>
Received: from gmy2-mh902.relayhost.com ([123.123.123.123])
by host1.serverhost.com with esmtps (TLSv1:AES256-SHA:256)
(Exim 4.84)
(envelope-from <[email protected]>)
id 1Xqryq-0000fx-Fw
for [email protected]; Tue, 18 Nov 2014 15:14:41 -0800
X-Katharion-ID: 1416352383.95749.gmy2-mh902 (0.0)
Received: from remote.senderdomain.com ([111.222.333.444]) by
gmy2-mh902.relayhost.com [(123.123.123.123)] with ESMTP via TCP
(TLSv1/TLS_RSA_WITH_AES_256_CBC_SHA); 18 Nov 2014 23:13:03 +0000
Received: from SERVER.tlg.local ([fe80::1d7a:b7bf:9be1:3c99]) by
SERVER.tlg.local ([fe80::1d7a:b7bf:9be1:3c99%10]) with mapi id
14.01.0438.000; Tue, 18 Nov 2014 15:13:03 -0800
From: Richie Smith <[email protected]>
To: John Doe <[email protected]>
Subject: Black Marlin
Thread-Topic: Black Marlin
Thread-Index: AQHQA4UzolL1uK+tdkOW4ypz28S7gw==
Date: Tue, 18 Nov 2014 23:13:01 +0000
Message-ID: <[email protected]>
References: <[email protected]>,<[email protected]>
In-Reply-To: <[email protected]>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Content-Type: multipart/alternative;
boundary="_000_0C6AB8B5691D4F22880C7EB1A8025F87TustinLegalGroupcom_"
MIME-Version: 1.0
 
This is probably not exactly what you're looking for, but it may be helpful. And this will work even if you or your users don't use Roundcube.

Roundcube installed by DirectAdmin has a Filters option under Settings. You don't need to know anything about the Sieve language; you just create filters under Roundcube.

You do need to modify exim.conf to deliver email through Dovecot instead of through Exim.

And then the RoundCube filters will work on delivery, so even if you don't use Roundcube you'll see the emails have been moved to the proper folder/directory.

Jeff
 
This might just work, I use a similar construct to file some of my incoming email. I include imap4flags because in other parts of my script, I modify some of the imap flags, but just moving a file shouldn't require including it.

Code:
require "fileinto";
require "imap4flags";
if header :contains "received" "relayhost.com" {
  fileinto "Spam";
}
 
Thanks Jeff... I had it all set up - but couldn't get the filter right.

received - that's what I was missing... ;) Thank a lot TomL... That did the trick.

Testing now. If the message isn't going through proper channels (the relay spam washer) I'm flagging it. We'll see how it goes over the next few days and then I'll use this as a method to force all the inbound mail through the third party server.

Thanks again!
 
@jkirker,

I didn't notice it was from you when I answered. If in the Roundcube dropdown box you select the '...' option you can type in the header line to look for. I've never tested it but it should work.

Jeff
 
Back
Top