Mail-in-a-box has been setup and running for over 2 months now in a real world situation. We have 4 domains added and most things work as expected.
The problem:
We have spam getting through from a couple of different domains, so we thought it wise to add a filter in roundcube to ensure these end up in our Junk folder. The problem is our rule for this spam is not working. There are other rules for domain forwarding which appear to be working as expected.
Our config files:
We have not altered any config files manually, this is a clean install and is up-to-date as of last week.
We added the rules to roundcube and saved, which creates this entry in /home/user-data/mail/sieve/mydomain.com/myuser.sieve (incidentally this is the same content as /home/user-data/mail/sieve/mydomain.com/roundcube.sieve not sure why):
require ["fileinto"];
# rule:[Spammers]
if anyof (header :matches "from" "*@spammerone.com", header :matches "from" "*@spammer2.com", header :matches "from" "*@*.spammer2.com")
{
fileinto "Spam";
}
When an email comes in from Spammer 2 we see this entry in our mail.log:
May 22 08:32:16 mail postgrey[3368695]: action=pass, reason=triplet found, client_name=mail7.msnd133.inmoo.net, client_address=n.n.n.n/32, sender=marketing@s.spammer2.com, recipient=myuser@mydomain.com
May 22 08:32:16 mail postfix/cleanup[3415007]: 5E9911F67B: message-id=<849f366c-03c6-4ad0-abee-e82b5556fb02_cdd6854b-545f-265c62dd5e67_20250522123211@s.spammer2.com>
May 22 08:32:16 mail opendkim[2984975]: 5E9911F67B: message has signatures from msnd4.com, s.spammer2.com
May 22 08:32:16 mail opendmarc[2471994]: 5E9911F67B: SPF(mailfrom): s.spammer2.com pass
May 22 08:32:16 mail opendmarc[2471994]: 5E9911F67B: s.spammer2.com pass
May 22 08:32:16 mail postfix/qmgr[3369316]: 5E9911F67B: from=<marketing@s.spammer2.com>, size=31152, nrcpt=1 (queue active)
May 22 08:32:16 mail spampd[3403026]: processing message <849f366c-03c6-4ad0-abee-e82b5556fb02_cdd6854b-545f-265c62dd5e67_20250522123211@s.spammer2.com> for <myuser@mydomain.com>
May 22 08:32:19 mail spampd[3403026]: clean message <849f366c-03c6-4ad0-abee-e82b5556fb02_cdd6854b-545f-265c62dd5e67_20250522123211@s.spammer2.com> (3.86/5.00) from <marketing@s.spammer2.com> for <myuser@mydomain.com> in 2.51s, 31642 bytes.
May 22 08:32:19 lmtp(myuser@mydomain.com)<3415009><W8PCNlAZL2jhGzQABYke1Q>: Info: sieve: msgid=<849f366c-03c6-4ad0-abee-e82b5556fb02_cdd6854b-545f-265c62dd5e67_20250522123211@s.spammer2.com>: stored mail into mailbox 'INBOX'
The last line shows that the message is being moved into INBOX, which is correct, but I do not understand why. This is the From: headers in the email:
From: Spammer Name <marketing@s.spammer2.com>
Questions:
- Is my rule incorrect? If yes, what is wrong with it.
This line `fileinto “Spam”; but we have no Spam folder on the server. We have Junk folders. In Roundcube, the dropdown correctly shows Junk as the folder we chose. Is Spam not the folder name?My bad, we do have a .Spam folder which is the special Spam folder. Why does Roundcube under Settings → Folders show the name as Junk, and not Spam?- Is there a script available to test rules against headers from the cli? I saw someone pointed to a sievetest.pl script, which appears to no longer exist. Being able to lint the rules is a great way to help in learning.
Thank you for any help or direction you might be able to point me to.
