|
FastMail Forum All posts relating to FastMail.FM should go here: suggestions, comments, requests for help, complaints, technical issues etc. |
|
Thread Tools |
20 Jan 2022, 05:22 PM | #1 | |
Senior Member
Join Date: May 2003
Location: Melbourne, Aus
Posts: 116
|
Sieve help - simple code to discard spam not working
Many years ago I began receiving spam from a source that always uses the same email address name but each new message is sent from different compromised email account.
At the time it first became a problem rules for FM accounts permitted dodgy messages to be discarded. FM changed its tune on that policy and henceforth it became necessary to create sieve rules to achieve the same effect. I created sieve code to discard messages from this sender in May 2021 and tested it successfully with FM's sieve tester. Today a message from the same spammer got through to my account. I tried the code again in FM's sieve tester but the result was "keeping message", not "discard". I suspect FM's handing of user account sieve code has changed. I'd like to alter the sieve code to get it working again. The from line of the spam messages in question consistently have the following format: "Flypaper Media & Publicity" <compromisedemailacct@company.tld> The sieve code that used to work but now does not is: Code:
if header :matches "From" "Flypaper Media*" { discard; stop; } Quote:
|
|
20 Jan 2022, 07:50 PM | #2 |
The "e" in e-mail
Join Date: May 2003
Location: mostly in Thailand
Posts: 3,090
|
The first thing I would definitely check is whether changes elsewhere in the sieve script (either yours or FM's) means that the sieve snippet in question is no longer being processed. What happens in your script if a message has an intermediate spam score? Could that cause some of your code to be bypassed?
|
20 Jan 2022, 08:16 PM | #3 |
Essential Contributor
Join Date: Dec 2017
Location: Scotland
Posts: 484
|
The Sieve condition
if header :matches "From" "Flypaper Media*" { is testing for a From header value that starts with an 'F' but in this example From: "Flypaper Media & Publicity" <compromisedaccount@outlook.com> the first character is a double-quote. I would think you either need to use eg if header :matches "From" "*Flypaper Media*" { ie look for 'Flypaper Media' preceded or followed by other characters, or explicitly look for the double quote at the start with if header :matches "From" "\"Flypaper Media*" { I checked this assumption by temporarily changing an existing condition that's defined via the GUI in my rule set so it contained a double-quote, then using the "browse sieve rules" option to see how FM's code generated the sieve test for that rule. If you want a literal double-quote in the condition it needs to be 'escaped' with a leading backslash so it's not confused with the double-quotes that enclose a test value. Maybe previously the mails that you think were filtered ok didn't enclose the sender's name in double quotes? |
21 Jan 2022, 05:52 AM | #4 |
Senior Member
Join Date: May 2003
Location: Melbourne, Aus
Posts: 116
|
Thank you BritTim and JeremyNicoll for your quick replies.
In this instance JeremyNicoll was on the money. I tried both suggested edits to the sieve script in FM's sieve tester and each of them achieved the "discarding message" result I seek. I'm sure I would have tested the sieve script shown in my first post to this thread to be certain it would discard messages. Maybe I'm mistaken. One way or the other FM's sieve is currently very fussy about making allowances for double-quotes. For example: if header :matches "From" "*Flypaper Media*" { ==> discarding message if header :matches "From" "*Flypaper Media & Publicity" { ==> keeping message if header :matches "From" "*Flypaper Media & Publicity*" { ==> discarding message Thank you for this solution. I'm a complete novice with sieve and without help from this forum there's no way I would have noticed the important detail I'd overlooked. Using FM's rules GUI to reveal how FM auto-generates its script was clever. Last edited by Mr David : 21 Jan 2022 at 07:01 PM. |
21 Jan 2022, 06:57 AM | #5 |
Essential Contributor
Join Date: May 2018
Posts: 474
|
Why not just use :contains "Flypaper Media" instead of :matches?
|
21 Jan 2022, 07:04 AM | #6 | |
Essential Contributor
Join Date: Dec 2017
Location: Scotland
Posts: 484
|
Quote:
The second example keeps the message because the condition does not match. It's nothing to do with whether there's a double-quote at the start of the From header's value. It's because the righthand end of the test value has no asterisk and therefore means 'Publicity' followed by nothing else. The actual header has a space then an email address enclosed in angle brackets after the stuff in quotes. |
|
21 Jan 2022, 07:09 AM | #7 |
Senior Member
Join Date: May 2003
Location: Melbourne, Aus
Posts: 116
|
|
Thread Tools | |
|
|