mirror of
https://github.com/stalwartlabs/mail-server.git
synced 2025-02-26 17:04:05 +08:00
93 lines
2.6 KiB
Sieve
93 lines
2.6 KiB
Sieve
set "rcvd_raw" "%{header.received[*].raw}";
|
|
set "rcvd_count" "%{count(rcvd_raw)}";
|
|
|
|
# Count received headers
|
|
if eval "rcvd_count == 0" {
|
|
set "t.RCVD_COUNT_ZERO" "1";
|
|
} elsif eval "rcvd_count == 1" {
|
|
set "t.RCVD_COUNT_ONE" "1";
|
|
} elsif eval "rcvd_count == 2" {
|
|
set "t.RCVD_COUNT_TWO" "1";
|
|
} elsif eval "rcvd_count == 3" {
|
|
set "t.RCVD_COUNT_THREE" "1";
|
|
} elsif eval "rcvd_count <= 5" {
|
|
set "t.RCVD_COUNT_FIVE" "1";
|
|
} elsif eval "rcvd_count <= 7" {
|
|
set "t.RCVD_COUNT_SEVEN" "1";
|
|
} elsif eval "rcvd_count <= 12" {
|
|
set "t.RCVD_COUNT_TWELVE" "1";
|
|
}
|
|
|
|
# Received from an authenticated user
|
|
if eval "!is_empty(env.authenticated_as)" {
|
|
set "t.RCVD_VIA_SMTP_AUTH" "1";
|
|
}
|
|
|
|
# Received headers have non-ASCII characters
|
|
if eval "!is_ascii(rcvd_raw)" {
|
|
set "t.RCVD_ILLEGAL_CHARS" "1";
|
|
}
|
|
|
|
# HELO contains 'user'
|
|
if eval "eq_ignore_case(env.helo_domain, 'user')" {
|
|
set "t.RCVD_HELO_USER" "1";
|
|
}
|
|
|
|
# Received from an IP address rather than a FQDN
|
|
if eval "is_ip_addr(env.helo_domain)" {
|
|
set "t.RCVD_IP_SPAM" "1";
|
|
}
|
|
|
|
# Received: HELO and IP do not match, but should
|
|
if eval "!is_empty(env.iprev.ptr) && !eq_ignore_case(env.helo_domain, env.iprev.ptr)" {
|
|
set "t.RCVD_HELO_IP_MISMATCH" "1";
|
|
}
|
|
|
|
set "i" "0";
|
|
set "recipients" "%{header.to:cc:bcc[*].addr[*]}";
|
|
set "tls_count" "0";
|
|
while "i < rcvd_count" {
|
|
set "i" "%{i + 1}";
|
|
set "helo_domain" "%{received_part(i, 'from')}";
|
|
|
|
# Check for a forged received trail
|
|
if eval "!t.FORGED_RCVD_TRAIL" {
|
|
set "iprev" "%{received_part(i, 'iprev')}";
|
|
|
|
if eval "!is_empty(iprev) && !is_empty(helo_domain) && !eq_ignore_case(helo_domain, iprev)" {
|
|
set "t.FORGED_RCVD_TRAIL" "1";
|
|
}
|
|
}
|
|
|
|
if eval "!t.PREVIOUSLY_DELIVERED" {
|
|
set "for" "%{received_part(i, 'for')}";
|
|
# Recipient appears on Received trail
|
|
if eval "!is_empty(for) && contains_ignore_case(recipients, for)" {
|
|
set "t.PREVIOUSLY_DELIVERED" "1";
|
|
}
|
|
}
|
|
|
|
if eval "!t.RCVD_HELO_USER && eq_ignore_case(helo_domain, 'user')" {
|
|
# Received: HELO contains 'user'
|
|
set "t.RCVD_HELO_USER" "1";
|
|
}
|
|
|
|
if eval "!t.RCVD_IP_SPAM && !is_empty(received_part(i, 'from.ip'))" {
|
|
# Received from an IP address rather than a FQDN
|
|
set "t.RCVD_IP_SPAM" "1";
|
|
}
|
|
|
|
if eval "!is_empty(received_part(i, 'tls'))" {
|
|
# Received with TLS
|
|
set "tls_count" "%{tls_count + 1}";
|
|
}
|
|
}
|
|
|
|
# Received with TLS checks
|
|
if eval "rcvd_count > 0 && tls_count == rcvd_count && !is_empty(env.tls.version)" {
|
|
set "t.RCVD_TLS_ALL" "1";
|
|
} elsif eval "!is_empty(env.tls.version)" {
|
|
set "t.RCVD_TLS_LAST" "1";
|
|
} else {
|
|
set "t.RCVD_NO_TLS_LAST" "1";
|
|
}
|