mail-server/resources/config/sieve/received.sieve

set "rcvd_raw" "%{header.received[*].raw}";
set "rcvd_count" "%{count(rcvd_raw)}";

# Count received headers
if eval "rcvd_count == 0" {
    set "t.RCVD_COUNT_ZERO" "1";
} elsif eval "rcvd_count == 1" {
    set "t.RCVD_COUNT_ONE" "1";
} elsif eval "rcvd_count == 2" {
    set "t.RCVD_COUNT_TWO" "1";
} elsif eval "rcvd_count == 3" {
    set "t.RCVD_COUNT_THREE" "1";
} elsif eval "rcvd_count <= 5" {
    set "t.RCVD_COUNT_FIVE" "1";
} elsif eval "rcvd_count <= 7" {
    set "t.RCVD_COUNT_SEVEN" "1";
} elsif eval "rcvd_count <= 12" {
    set "t.RCVD_COUNT_TWELVE" "1";
}

# Received from an authenticated user
if eval "!is_empty(env.authenticated_as)" {
    set "t.RCVD_VIA_SMTP_AUTH" "1";
}

# Received headers have non-ASCII characters
if eval "!is_ascii(rcvd_raw)" {
    set "t.RCVD_ILLEGAL_CHARS" "1";
}

# HELO contains 'user'
if eval "eq_ignore_case(env.helo_domain, 'user')" {
    set "t.RCVD_HELO_USER" "1";
}

# Received from an IP address rather than a FQDN
if eval "is_ip_addr(env.helo_domain)" {
    set "t.RCVD_IP_SPAM" "1";
}

# Received: HELO and IP do not match, but should
if eval "!is_empty(env.iprev.ptr) && !eq_ignore_case(env.helo_domain, env.iprev.ptr)" {
    set "t.RCVD_HELO_IP_MISMATCH" "1";
}

set "i" "0";
set "recipients" "%{header.to:cc:bcc[*].addr[*]}";
set "tls_count" "0";
while "i < rcvd_count" {
    set "i" "%{i + 1}";
    set "helo_domain" "%{received_part(i, 'from')}";

    # Check for a forged received trail
    if eval "!t.FORGED_RCVD_TRAIL" {
        set "iprev" "%{received_part(i, 'iprev')}";

        if eval "!is_empty(iprev) && !is_empty(helo_domain) && !eq_ignore_case(helo_domain, iprev)" {
            set "t.FORGED_RCVD_TRAIL" "1";
        }
    }

    if eval "!t.PREVIOUSLY_DELIVERED" {
        set "for" "%{received_part(i, 'for')}";
        # Recipient appears on Received trail
        if eval "!is_empty(for) && contains_ignore_case(recipients, for)" {
            set "t.PREVIOUSLY_DELIVERED" "1";
        }
    }

    if eval "!t.RCVD_HELO_USER && eq_ignore_case(helo_domain, 'user')" {
        # Received: HELO contains 'user'
        set "t.RCVD_HELO_USER" "1";
    }

    if eval "!t.RCVD_IP_SPAM && !is_empty(received_part(i, 'from.ip'))" {
        # Received from an IP address rather than a FQDN
        set "t.RCVD_IP_SPAM" "1";
    }

    if eval "!is_empty(received_part(i, 'tls'))" {
        # Received with TLS
        set "tls_count" "%{tls_count + 1}";
    }
}

# Received with TLS checks
if eval "rcvd_count > 0 && tls_count == rcvd_count && !is_empty(env.tls.version)" {
    set "t.RCVD_TLS_ALL" "1";
} elsif eval "!is_empty(env.tls.version)" {
    set "t.RCVD_TLS_LAST" "1";
} else {
    set "t.RCVD_NO_TLS_LAST" "1";
}
Antispam bounce, date, from, message-id and received tests 2023-09-22 16:52:22 +08:00			`set "rcvd_raw" "%{header.received[*].raw}";`
			`set "rcvd_count" "%{count(rcvd_raw)}";`

			`# Count received headers`
			`if eval "rcvd_count == 0" {`
			`set "t.RCVD_COUNT_ZERO" "1";`
			`} elsif eval "rcvd_count == 1" {`
			`set "t.RCVD_COUNT_ONE" "1";`
			`} elsif eval "rcvd_count == 2" {`
			`set "t.RCVD_COUNT_TWO" "1";`
			`} elsif eval "rcvd_count == 3" {`
			`set "t.RCVD_COUNT_THREE" "1";`
			`} elsif eval "rcvd_count <= 5" {`
			`set "t.RCVD_COUNT_FIVE" "1";`
			`} elsif eval "rcvd_count <= 7" {`
			`set "t.RCVD_COUNT_SEVEN" "1";`
			`} elsif eval "rcvd_count <= 12" {`
			`set "t.RCVD_COUNT_TWELVE" "1";`
			`}`

			`# Received from an authenticated user`
			`if eval "!is_empty(env.authenticated_as)" {`
			`set "t.RCVD_VIA_SMTP_AUTH" "1";`
			`}`

			`# Received headers have non-ASCII characters`
			`if eval "!is_ascii(rcvd_raw)" {`
			`set "t.RCVD_ILLEGAL_CHARS" "1";`
			`}`

			`# HELO contains 'user'`
			`if eval "eq_ignore_case(env.helo_domain, 'user')" {`
			`set "t.RCVD_HELO_USER" "1";`
			`}`

			`# Received from an IP address rather than a FQDN`
			`if eval "is_ip_addr(env.helo_domain)" {`
			`set "t.RCVD_IP_SPAM" "1";`
			`}`

			`# Received: HELO and IP do not match, but should`
			`if eval "!is_empty(env.iprev.ptr) && !eq_ignore_case(env.helo_domain, env.iprev.ptr)" {`
			`set "t.RCVD_HELO_IP_MISMATCH" "1";`
			`}`

			`set "i" "0";`
Antispam from, recipient and reply-to modules 2023-09-25 01:06:35 +08:00			`set "recipients" "%{header.to:cc:bcc[].addr[]}";`
Antispam bounce, date, from, message-id and received tests 2023-09-22 16:52:22 +08:00			`set "tls_count" "0";`
			`while "i < rcvd_count" {`
			`set "i" "%{i + 1}";`
			`set "helo_domain" "%{received_part(i, 'from')}";`

			`# Check for a forged received trail`
			`if eval "!t.FORGED_RCVD_TRAIL" {`
			`set "iprev" "%{received_part(i, 'iprev')}";`

			`if eval "!is_empty(iprev) && !is_empty(helo_domain) && !eq_ignore_case(helo_domain, iprev)" {`
			`set "t.FORGED_RCVD_TRAIL" "1";`
			`}`
			`}`

			`if eval "!t.PREVIOUSLY_DELIVERED" {`
			`set "for" "%{received_part(i, 'for')}";`
			`# Recipient appears on Received trail`
			`if eval "!is_empty(for) && contains_ignore_case(recipients, for)" {`
			`set "t.PREVIOUSLY_DELIVERED" "1";`
			`}`
			`}`

			`if eval "!t.RCVD_HELO_USER && eq_ignore_case(helo_domain, 'user')" {`
			`# Received: HELO contains 'user'`
			`set "t.RCVD_HELO_USER" "1";`
			`}`

			`if eval "!t.RCVD_IP_SPAM && !is_empty(received_part(i, 'from.ip'))" {`
			`# Received from an IP address rather than a FQDN`
			`set "t.RCVD_IP_SPAM" "1";`
			`}`

			`if eval "!is_empty(received_part(i, 'tls'))" {`
			`# Received with TLS`
			`set "tls_count" "%{tls_count + 1}";`
			`}`
			`}`

			`# Received with TLS checks`
			`if eval "rcvd_count > 0 && tls_count == rcvd_count && !is_empty(env.tls.version)" {`
			`set "t.RCVD_TLS_ALL" "1";`
			`} elsif eval "!is_empty(env.tls.version)" {`
			`set "t.RCVD_TLS_LAST" "1";`
			`} else {`
			`set "t.RCVD_NO_TLS_LAST" "1";`
			`}`