You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@spamassassin.apache.org by Thomas Harold <th...@nybeta.com> on 2009/12/16 15:25:04 UTC

Re: Sieve mailing list rules (was Spam from compromised web mails)

On 12/15/2009 9:54 AM, Benny Pedersen wrote:
> On tir 15 dec 2009 15:44:50 CET, Jeff Koch wrote
>
>> in has a tag. A tag of two characters would allow users to quickly
>> identify the email as coming from the SA mailing list and decide
>> whether the email is worth opening.
>
> in the header:
>
> List-Id: <users.spamassassin.apache.org>
>
> in sieve filter:
>

I use a bit simpler syntax.

require ["body","fileinto","include"];
if allof(
     header :contains "List-ID" "<users.spamassassin.apache.org>"
     ) {
     fileinto "Mail.SpamAssassin";
     stop;
}

I think only "fileinto" is required for the above, but you might need 
other options in the require line.  I have half a dozen requires in my 
sieve file.

If I think that someone will forge the List-ID line, I add additional 
checks like:

if allof(
     header :contains "Precedence" "bulk",
     header :contains "Maling-List" "@spamassassin.apache.org",
     header :contains "List-ID" "<users.spamassassin.apache.org>"
     ) {
     fileinto "Mail.SpamAssassin";
     stop;
}

I generally check on the "Sender" and "List-ID" headers as those are 
added by most mailing list software.  Server-side Sieve filtering into 
individual IMAP folders is the only way (IMO) to stay sane and track a 
few dozen mailing lists.

(Sieve is a wonderful thing...)