Sieve filters not working

Please consider the following sieve filter

# rule:[discard SPAM to old leaked/compromised aliases]
if header :contains ["Received", "To"] 

when testing it using the sieve filter found here

using the following headers

Return-Path: <>
Received: from ([])
    by with LMTP id cJdVEakZ4WJEPwAAs4i54A
    for <>; Wed, 27 Jul 2022 12:55:37 +0200
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on
X-Spam-Flag: YES
X-Spam-Level: ********
X-Spam-Status: Yes, score=8.3 required=5.0 tests=DATE_IN_PAST_03_06,DMARC_NONE,
    PYZOR_CHECK,SPF_FAIL,SPF_HELO_NEUTRAL autolearn=no autolearn_force=no
    * 5.0 SPF_FAIL SPF check failed
    * 0.1 DMARC_NONE DMARC record not found
    * 1.1 DATE_IN_PAST_03_06 Date: is 3 to 6 hours before Received: date
    * 0.0 SPF_HELO_NEUTRAL SPF: HELO does not match SPF record (neutral)
    * 0.0 HTML_MESSAGE BODY: HTML included in message
    * 0.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
    * 0.0 HTML_IMAGE_RATIO_06 BODY: HTML has a low ratio of text to image
    * area
    * 2.0 PYZOR_CHECK Listed in Pyzor
    * (
    * 0.0 FSL_BULK_SIG Bulk signature with no Unsubscribe
X-Spam-Score: 8.3
X-Greylist: delayed 3601 seconds by postgrey-1.36 at; Wed, 27 Jul 2022 12:55:34 CEST
Authentication-Results:; dmarc=none (p=none dis=none)
Authentication-Results:; spf=fail
Authentication-Results:; dkim=none;
Received: from ( [])
    by (Postfix) with ESMTP id F2FC640018
    for <a@c.d>; Wed, 27 Jul 2022 12:55:34 +0200 (CEST)
To: a@c.d
Subject: Jahrelange Garantie auf unser Set >> Zwei z. Preis von einem
Message-ID: <>
Date: Wed, 27 Jul 2022 07:32:04 +0200
From: "Deutsche Werkzeughandel" <>
MIME-Version: 1.0
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: 8bit 

the result is

Adding ending newline to email
discarding message

Great, the filter looks like it is constructed correctly. So it should be working.

However the emails still end up either in my inbox, when not marked as SPAM. Or end up in my SPAM box. Both should not happen.

It there anything I can do to pinpoint where things are going wrong?

The reasoning for looking in both Received and To headers is because sometimes I am getting SPAM via a BCC. So then the To header does not contain anything related to the filter. But the Received always does so theoretically I should be able to only use the Received header but that also does not work ;(

I think I ran into a sieve bug.

Other rules in the same script are being executed properly. only the one in question is not being executed, or perhaps it is but it is not being interpreted correctly.
What i listed earlier in the message above was only the offending rule out of a larger script.

When I run the headers against that script using the sieve-test cli then I can see that the sieve script is properly interpreted and the action is to discard.
It’s just not working in the ‘live’ environment.

Any suggestions on what I can do to pinpoint why / what it is that is failing would be of great help.

BTW, i realize that I made a mistake when changing the to and received headers in the header example above. a@b.c is still there while I should have changed that. But never mind, the sieve rule is just fine. it is just a discrepancy between when testing a rule and when it runs ‘live’

thread can be closed. I think I figured it out.

1 Like