[horde] Regular Expression Filter of recipients

Niels Dettenbach nd at syndicat.com
Sun Oct 24 08:04:27 UTC 2010


[sorry for TOFU here - depends from my cellphone mailer]

Dear Philipe,

i did not know SIEVE in any details. But as any name information in email To: (or recipient field) is optional to the sender there may no wide need for an application as you describes here (i wrote about before).

To investigate further i recommend to look into the created sieve script by ingo - i.e. with "sieveshell" to see what ingo is creating.

Secondly you can try to write your rule by hand in SIEVE and store it into the email account (sieveshell) - then try if it works as expected.

Because "<" and ">" and even whitespaces have special meanings within SIEVE it may be that ingo does not escaping it correctly.

As described in RFC 3028 (SIEVE) - section 2.4.2.3 and 2.7 for regex / 2.7.4 and 5.1 for address matching - you may use email adresses in the simple form and with the Name (address specification) in .

Afaik the address type in SIEVE does not acting on comments in an address field, because comments are not part of an email address byself (like an "Your Name" before) - this means you have to use somekind of a (header) string comparation here instead.

Im not shure if it will work, but instead of your regex rules i would try to split it into two rules like
	recipients - contains: your at mailadress.tld
	AND
	recipients - contains: Your Name

Or something like that. This makes shure that your email address is treaten case insensitive while you can have case sensitive rules against the rest. I'm not shure how you can reach this with ingo - i.e. by using general headers instead of address fields or something like that.

But at all, i hardly recommend to read the basics / RFC parts about SIEVE as they explain why things are done as there in SIEVE and how SIEVE acts - incl. good examples.

If you really find a bug in ingo - i.e. in incorrect rendered sieve scripts - it would be nice to read this again on this list.

hth,
Cheers,

Niels.
---
Niels Dettenbach
http://www.syndicat.com

-- Urspr. Mitt. --
Betreff: [horde] Regular Expression Filter of recipients
Von: Philippe Faure <philippe at faure.ca>
Datum: 24.10.2010 04:24

Hello Neils,

I managed to get a few more details.  The system is using Cyrus-Sieve  
configuration. Which should support regex. I have also checked the  
spam filter and it is working.

I have also completed several tests and it would seem that if you do a  
search the content of "To:" it only seems to search the actual email  
address, and not the whole string: "John doe" <me at you.com>.  From what  
I can tell the search function only search <me at you.com>, and not "John  
Doe".

To me, that doesn't make sense, Is this correct? All the examples that  
I have found online only show examples of the actual email address and  
not the associated name. IS this correct?

Thank you

Philippe





Quoting Niels Dettenbach <nd at syndicat.com>:

> It depends from which filter driver you are using for ingo (i assume  
> you mean ingo with filtering) - afaik not all drivers are regex  
> capable.
>
> I.e. if you filter with ingo / SIEVE (we mainly use SIEVE / Cyrus)  
> you have to consult the SIEVE specification for regex details and  
> the SIEVE documentation of your Mailers SIEVE subsystem if and how  
> far it provides SIEVE and SIEVE regexes. Same may happen if you are  
> using procmailrc or others where the regexes are to interpret by the  
> mailer.
>
> If filters are not working in general you have to check too that  
> your ingos backend is working.
>
> Without any technical details about the ingo backend in use probably  
> no one could help you here.
>
> If you really think such a delete rule is a good idea - other options are:
>  - to add a (i.e. more general) rule to your anti spam subsystem  
> (for all users?) or
>  - to the mailer (MTA/LDA) directly.
>
> I'm just wondering if you currently get such kind of spam through if  
> you really have a working spam filter - in system's i've seen such  
> stuff is filtered out with typically high scores by other reasons.  
> Another trick is/was to "encode" some chars within a email address  
> to bypass special regex filters (but no mailer should accept such  
> stuff).
>
> So i would recommend to review your mailer and spam filter solution,  
> tuning or give him further data sources - especially if you plan to  
> delete spam without any bounce or manual on review on one AND you  
> rely on email communication on the other hand.
>
> Cheers,
>
> Niels.
> ---
> http://www.dettenbach.de
>
>






More information about the horde mailing list