les scripts sieve sont une technologie permettant de faire un tri des emails avant après ou pendant la délivrance dans les boites aux lettres de destination par le programme qui est chargé de délivrer les emails
en l’occurrence sur ma machine c’est le paquetage dovecot qui assure la délivrance des emails
voici précisément les paquetages installes sur ma machine
[root@r***** ~]# rpm -aq | grep dovecot
dovecot-managesieve-0.11.11-0_4.el5
dovecot-sieve-devel-0.1.15-4.el5
dovecot-sieve-0.1.15-4.el5
dovecot-devel-1.2.11-3_108.el5
dovecot-1.2.11-3_108.el5
dovecot-sieve-cmu-1.1.8-11.el5
voici le script sieve qui est exécuté avant la délivrance des emails dans les boites aux lettres
require ["fileinto","regex","comparator-i;ascii-numeric","reject","relational"];
# rule:[spammanage-before]
if header :value "ge" :comparator "i;ascii-numeric" ["X-Spam-score"] ["500"] {
discard;
stop;
}
if header :value "ge" :comparator "i;ascii-numeric" ["X-Spam-score"] ["100"] {
fileinto "Junk.spam";
stop;
}
if header :value "ge" :comparator "i;ascii-numeric" ["X-Spam-score"] ["10"] {
fileinto "Junk";
}
elsif anyof (
header :contains "Received"
[ "[4.63.221.224",
"[24.244.141.112",
"[61.171.253.177",
"[63.123.149.", "[63.209.206.", "(63.233.30.73", "[63.251.200.",
"[64.41.183.","[64.49.250.", "[64.57.188.", "[64.57.221.",
"[64.62.204.",
"[64.70.17.", "[64.70.44.", "[64.70.53.",
"[64.39.27.6", "[64.39.27.7","[64.191.25.","[64.191.36.",
"[64.191.9.",
"[64.125.181.", "[64.191.123.", "[64.191.23.", "[64.239.182.",
"[65.211.3.",
"[66.46.150.", "[66.62.162.", "[66.118.170.", "[66.129.124.",
"[66.205.217.", "[66.216.111.", "[66.239.204.",
"[67.86.69.",
"[80.34.206.", "[80.80.98.",
"[81.72.233.13",
"[128.242.120.",
"[157.238.18",
"[168.234.195.18]",
"[193.253.198.57",
"[194.25.83.1",
"[200.24.129.", "[200.161.203.",
"[202.164.182.76]","[202.57.69.116",
"[203.19.220.","[203.22.104.","[203.22.105.",
"[204.188.52.",
"[205.153.154.203",
"[206.26.195.", "[206.154.33.","[206.169.178",
"[207.142.3.",
"[208.46.5.","[208.187.",
"[209.164.27.","[209.236.",
"[210.90.75.129]",
"[211.101.138.199","[211.185.7.125]","[211.239.231.",
"[212.240.95.",
"[213.47.250.139", "[213.225.61.",
"[216.22.79.","[216.39.115.","[216.99.240.",
"[216.126.32.", "[216.187.123.","[217.36.124.53",
"[218.145.25","[218.52.71.103","[218.158.136.115",
"[218.160.42.74", "[218.242.112.4]"
]
)
{
fileinto "Junk";
}
elsif anyof (
header :contains ["SPAM", "X-Spam-hits"]
["ADDRESSES_ON_CD","ACT_NOW","ADULT_SITE", "ALL_CAP_PORN",
"AMATEUR_PORN", "AS_SEEN_ON",
"BAD_CREDIT", "BALANCE_FOR_LONG_20K", "BARELY_LEGAL", "BEEN_TURNED_DOWN",
"BANG_GUARANTEE", "BANG_MONEY","BASE64_ENC_TEXT",
"BAYES_99","BAYES_90",
"BE_BOSS", "BEST_PORN", "BULK_EMAIL",
"CASINO", "CONSOLIDATE_DEBT", "COPY_ACCURATELY", "COPY_DVD",
"DIET", "DO_IT_TODAY","DOMAIN_4U2",
"EMAIL_MARKETING","EMAIL_ROT13", "EXPECT_TO_EARN","EARN_MONEY",
"FIND_ANYTHING", "FORGED_AOL_RCVD",
"FORGED_HOTMAIL_RCVD", "FORGED_YAHOO_RCVD",
"FORGED_RCVD_TRAIL", "FORGED_JUNO_RCVD",
"FORGED_MUA_",
"FREE_MONEY","FREE_PORN",
"GENTLE_FEROCITY", "GET_PAID", "GUARANTEED_STUFF", "GUARANTEED_100_PERCENT",
"HAIR_LOSS", "HIDDEN_ASSETS", "HGH,", "HOME_EMPLOYMENT","HOT_NASTY","HTTP_ESCAPED_HOST",
"HTTP_USERNAME_USED","HTML_FONT_INVISIBLE",
"IMPOTENCE","INVALID_MSGID","INVESTMENT",
"LESBIAN","LIVE_PORN","LOSE_POUNDS",
"MARKETING_PARTNERS", "MORTGAGE_OBFU", "MORTGAGE_RATES",
"NIGERIAN_SCAM", "NIGERIAN_TRANSACTION_1", "NIGERIAN_BODY", "NUMERIC_HTTP_ADDR",
"NO_MX_FOR_FROM","NO_DNS_FOR_FROM",
"OBFUSCATING_COMMENT", "ONLINE_PHARMACY",
"PENIS_ENLARGE",
"PREST_NON_ACCREDITED", "PURE_PROFIT","PORN_4",
"RCVD_IN_DSBL", "RCVD_IN_OSIRUSOFT_COM","RCVD_IN_BL_SPAMCOP_NET", "RCVD_IN_SBL",
"RCVD_IN_MULTIHOP_DSBL", "RCVD_IN_RELAYS_ORDB_ORG", "RCVD_IN_UNCONFIRMED_DSBL",
"RCVD_FAKE_HELO_DOTCOM", "RCVD_IN_RFCI", "RCVD_IN_NJABL","RCVD_IN_SORBS",
"REFINANCE", "REVERSE_AGING",
"SAVE_ON_INSURANCE","SPAM_REDIRECTOR", "STOCK_ALERT", "STOCK_PICK", "STRONG_BUY",
"SEE_FOR_YOURSELF", "SUPPLIES_LIMITED",
"THE_BEST_RATE","TONER",
"UNSECURED_CREDIT",
"VACATION_SCAM", "VIAGRA", "VJESTIKA",
"WHILE_SUPPLIES", "WORK_AT_HOME",
"X_OSIRU_DUL", "X_OSIRU_SPAMWARE_SITE", "X_OSIRU_SPAM_SRC"
]
)
{
fileinto "Junk";
}
on peut voir dans ce script sieve :
que les emails ayant un header X-Spam-Score très élevé supérieur à 500 :
ils sont purement et simplement supprimer
les emails ayant un header X-Spam-Score superieur à 100 ils sont diriges vers une boite au lettre special spam à score haut
que j’appelle dans le script Junk.spam
les emails ayant un header X-Spam-Score superier à 10 sont diriges vers la boite spam normale
que j’appelle dans le script Junk
il est necessaire de se souvenir que le moteur anti spam « spamassassin » que j’utilise sur ma machine considere
les mails comme etant des spam avec un header X-Spam-Score superieur à 6
je teste aussi la provenance des emails en fonction de leurs adresses ip d’emission ( adresses ip de spammeurs reputes )
je teste aussi les X-Spam-hit si un message passe le filtre anti spam avec une note inferieure à 10 et que dans les X-Spam-Hit
il y a NIGERIAN_SCAM , PORN_4 , … les mails sont alors delivrer dans la boite Junk qui est la boite spam normale
This article is copyright © by admin: Sat May 19 18:37:03 UTC 2012
Loading ...