NethServer Version: 7.5.1804
Module: pop3 connector
hi,
i configured the POP3 Connector to get mail from the provider. I have enabled antivirus and antispam checks. When an email exceeds the threshold, rspamd adds to the header of the “X-getmail-filter-classifier: Action: rewrite subject” but the subject does not change and the email is not moved into the junk folder.
thank you
same for me here, got similar / same problem for rsamd, but did not request support as I am stuck in several other problems …
what is the exact header please added by rspamd ?, there are known limitations https://rspamd.com/doc/integration.html#lda-mode when you install nethserver-getmail
I stephane: … nothing. No header was added, but the history reports that an email was considered as spam (value > 5) and the subject was rewritten:
but within any mail client (sogo, Iphone, thunderbird), the email is found in the inbox (not in the spam folder) with its original subject.
Yes, I eed to counterceck as I recieved this email (and most others spam) via getmail from an external account…
TIA
Thorsten
did you check the source of the email (option in thunderbird or sogo), I believe that the tag ‘X-SPAM’ ‘YES’ was added but dovecot send to junk only ‘X-SPAM-FLAG’ ‘YES’
get-mail is here for retro compatibility, but it is not a nice way to handle email 
moreover rspamd cannot works well in this configuration, it can only add headers, maybe we could use this header to reject email but postfix is not triggered at this level.
No, If I look at the source code of the e-mail, no tag / text is fould ([CRTL]+F) when searching for “SPAM” …
could you forward me the email as attachment please to stephdl at de-labrusse.fr
Normally
Dear Stephan,
email forewared as requested. My I kindly ask you to replay due to some issues on my server DNS setup: Some mail providers still refuse to talk to me… Logfile for you seems te be OK, I just want to make sure 
THX
Thorsten
no email from you :’(
paste and share it in a gist provider please https://gist.github.com/
Maybe we have a bug here but do not know how to teach dovecot/sieve to modify the subject, or to reject the email.
I need the inputs of @giacomo and @davidep (later, actually he is drinking a margarita at the beach)
EDIT: this is a good reading https://wiki2.dovecot.org/Pigeonhole/Sieve/Examples
An important question is obviously, to prevent introducing false positives:
Are all the e-mails with this altered header spam mails?
OK, getting weard:
here my message.log of the mail to you: no errors. Also my mail queue is empty. . Kindly ask you to countercheck your spam folder. …
Aug 20 14:33:39 ebb-s01 rspamd[1869]: <5114eb>; proxy; rspamd_task_write_log: id: <6e3-5b7ab500-7-26cb5240@162361151>, qid: <BCDEB1085D85>, ip: 127.0.0.1, from: <myname@mydomain.tld>, (default: F (add header): [5.00/20.00] [R_SUSPICIOUS_URL(5.00){4570595.ru;},SIGNED_SMIME(-2.00){},MIME_BAD_ATTACHMENT(1.60){p7s;},MID_RHS_NOT_FQDN(0.50){},MIME_GOOD(-0.20){multipart/signed;multipart/mixed;multipart/alternative;text/plain;},MIME_UNKNOWN(0.10){message/rfc822;application/x-pkcs7-signature;},FROM_EQ_ENVFROM(0.00){},FROM_HAS_DN(0.00){},HAS_ATTACHMENT(0.00){},RCPT_COUNT_ONE(0.00){1;},RCVD_COUNT_ZERO(0.00){0;},RCVD_TLS_ALL(0.00){},TO_DN_NONE(0.00){},TO_MATCH_ENVRCPT_ALL(0.00){}]), len: 9525, time: 376.672ms real, 6.128ms virtual, dns req: 9, digest: <cd646228d7f14522a903e78d33e26158>, rcpts: <yourname@yourdomain.tld>, mime_rcpts: <yourname@yourdomain.tld> Aug 20 14:33:40 ebb-s01 postfix/smtp[8293]: BCDEB1085D85: to=<yourname@yourdomain.tld>, relay=mail.yourdomain.tld[164.132.77.216]:25, delay=2, delays=0.47/0.01/0.58/0.98, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as D052C180B3915)
second here is the respective spammers e-mail:
Return-Path: <grant@leracz.com>
Received: from ohanavolleyball.com ([138.197.214.204]) by mx-ha.web.de
(mxweb010 [212.227.15.17]) with ESMTP (Nemesis) id 1MpmTh-1gCLru3BZl-00pwPO
for <myname@web.de>; Sat, 18 Aug 2018 14:21:20 +0200
Subject: New order
Date: Sat, 18 Aug 2018 12:21:19 +0000
Content-Type: text/html; charset="UTF-8"
From: Ross Ramos Support <grant@leracz.com>
Enthusiastic-Plowman-Bong: royally
Semantics-Kanji: 1751
Content-Transfer-Encoding: 7bit
Escaping-Inductions-Comprising: b89a87c8de5
To: "myname@web.de" <myname@web.de>
Message-ID: <69ec6f87acacfd23d82a@leracz.com>
MIME-Version: 1.0
Envelope-To: <myname@web.de>
X-UI-Filterresults: junk:10;V01:K0:uhXvKqDnCBs=:ixLKiAhED5RdhoV36pA9UhXGwpf7
yaT4tflqVHlQeFEAaL1bU5y3xR95emg5zYkDQuREiTxRE918t7sqSEz11Eqm5tw4riWBXfCVf
FiVQWjjfpQknFKqofFcLkepqVMfKXL7QBYqztfXoXDxC33UG3lDywnrsbOqDCTihKrkqcOAKA
7T/E2TLN/AnjS0hLQ5hYe0Hltk13/vt5TwhEMajWmly0OT8w+Zs9MQYBYWN6aSKN6xWxGJnUa
hgdLL1yfzNZvvMAPBuWvmq75ml7wgFOKvThjhTrfZBauhRrkzZSDBX7YZzmH0CzkNjCgkCeqy
YXAirzXF3smLY0BT7+Iz0ACBOASvrQETrU7vBpIQ8Le22f61buKvQdj+UnEjbXP9HoTe1c0c1
HeB3ltoOrHH1d1ldfm0Q93ydbL8dsGG31qqEB//UX25Y1f2wNiO8zjAKQUaQEbZckbuV5pGPe
STWYNeTyHWkcZq/Vhv1QVwpejdpKKXBS2+YP1QEOxMYaYxwa5bzWngUBFWMgO4+ezLapZ0gsZ
6IGB6NELATW4qYJIBsoZoUG2W/zybp4sW0O4b2FJ85yJ+efJgJeTZTGr5Pkp34LNDoTwGBOGH
SQiKtnK45Bh6eNkqa4zhnfAFtZftEj8v7hJs5nq+cGczfGRIONxmrWsA3nEe5RquC68DyqLxi
MP1KIhDIwNi9eoaGRqn/dtUXLo03iyilz2F6ubaO/StvaR6rg2JizWviuSGhtvqQKnFH68x2c
cH9xti02GjsAQ7na9GL8OQ28H67gIo1/9P7aT1fsvxHi5U1wsWQ+6G9S8rWrBOsoJ0m/nQQ0/
nIm9hp9zqbKbP851eN016pXhRZ5U00uyoDIz97tWLKTXBbsDo6rNO8or1cbe7pFwRqXHIZZJW
VU5sbkNYw9psI2jnO6LspSkv3jYFEPtpk+2JySSYNahkyAd5wmJZ974WwuEQhX/Eq1B0hMbm7
g492NYMunIkptNama1iP66wnbwDo/m2ovfGDPDfM5GA0nwcE07BSnZeZOxIRTcELRFsDZagng
mm8Bz0CWmOdNdQrfA1htSPzS/5igsTQm9Y8XOD9T8pYsT1S9Wqs1FfTjQcB/xVj8Gt3cEQi3Y
7af4kxT8NKPMlytRHRFgb7nxQbLaEtcFHG+1T0LaF7M662+D4W0iC65BzDbaT9LVN23hB9n0s
2q2k7RkzJpPGquvSD4GXP+dQSeuS9YNVNTmRlezCmPr7/lvCMKnq/dYbsRG4wdY3/Q7vohcmR
8/1vjULVk3/NNUIr/dmH9j/V/3BffxJ2PM8E5wHLzuwVszH1wE/gcQSyEYPxysMcyMJn56fIw
x6zHOeAwX33wSgOXaUKePB+cL4jgHlctwRwRriZ4eRO3vCT5LeIsOMA+CLU4lpTtjHv/+DOuX
r8KjgthsdybDtmkaIYWP4UrAdmpAaccJ7XG27yTe45dy5VYYYIQu2XyQzfIHC6l/UaBZo2AiO
8//+j3UIIvPeHoa7piyuoIU4maNHcs3+vylqG3j9oUuKkpxYpEodX7Wrygyg0iKUWu9hLnBKw
JOzRNP2aC2jEryPcNy/uy2OlvLVS1GTXFTGSNtv98xjO4rzEY4KkaMA7q+M8o9o/QTch2MN5p
mCM3xMeRUvpj0RVJCWY091/T+NvKq3cnOfBA0uZFizJQ5sF8QZ5d1LUXC6dNDsRPns4AVA7TA
rjOEAI8owFI3BWo7IO85Yyq4o6aSnjokKjvglonQGMC5siDtf+UWC8vB9mfsPsw9SKQo7r6fS
SP9onZdwDu5C/2x7E1wB2rxu5ananoB8VXrU9RTP7au+hnIuCqS4QvLM31Y/GxP4ZwAXR6dRL
c79fxz/IIH6L5KSE/CsE2tAgfDJLSiSM89Yp6KqOhgC+DI+g2Z/MmT4k3057Ng7ljL6/ASfxp
P+JFEEgY7f2eIq/6cEsmpSgCZYMLVjNd1fLQJ6g9YMCl02DNWxbZ5e/iUMBgR4ZaZNKLlnvJG
tOzPSVSWG1hCQcf2Rp/gQHnE7eKhoj29boDCY5JRluirCzOhQcdcOaZMWkm/S4SJdsy7C4T2n
QwfJqtn7B4OWt8NNLVGkQx7DhGV/HQN4fQcVmeROzA8OnPrkzfum/go4ZT8vwU86s7nuwNVgf
vrQ/DsWWxv+C2YsGrc+RL/mcMqnz1Eb4VRoVNHGYDbgih3aHGt08iooWvOhAD3WawHgB1y43e
MjUIl4LywLBjNH5iwl8EtvFAkCi2lcwrSJjyX2FGeHT2tSKJ9GQQlXIZxlP+R5Qnxmz0tNB/d
kexYN+0/aNMqLhWuRopTuTPHMvmSZ2RrcVw==
X-getmail-filter-classifier: Action: rewrite subject
X-EsetId: 37303A29E5E4B16261766A
<html>
<head> <title></title>
</head>
<body>
<br><br> Hello <br><br>
You have<a href="http://4570595.ru/anticipated.php?New order69ec6f87acacfd23d82a" style="color:#3e6995;text-decoration:none;">
<span style="font-weight:bold;"> 8</span> messages</a> <br><br>
<a href="http://4570595.ru/anticipated.php?View" style="text-align:center; width:142px; margin-top:17px;margin-bottom:17px;width:152px; display: inline-block; -moz-border-radius: 55px; -webkit-border-radius: 55px; border-radius: 55px; -moz-background-clip: padding; -webkit-background-clip: padding-box; background-clip: padding-box; background-color: #e2223f; color: #ffffff; padding: 15px 55px; font-size: 15px; font-weight: 750; line-height: 15px; height: 15px; text-decoration: none; margin-right: 15px;">View</a>
<br><br> Ross Ramos, Support
<br><br>
This message was sent to myname@web.de.
<span style="font-size: 14pt;">Please <a href="http://4570595.ru/anticipated.php?uid-69ec6f87acacfd23d82a" style="color:#3b5998;text-decoration:none;">unsubscribe</a> if you don't want to receive these e-mail .</span> <br><br>
8/18/2018 <br><br>
</body> </html>got it in spam for your second attempts
X-Spamd-Result: default: False [13.03 / 19.90];
R_SPF_ALLOW(-0.20)[+a];
HAS_ATTACHMENT(1.00)[];
TO_DN_NONE(0.00)[];
MX_GOOD(-0.01)[cached: mail.exxxxus.world];
DKIM_TRACE(0.00)[ebbxxxxaus.world:~];
DMARC_POLICY_ALLOW(-0.25)[exxxxxxus.world,none];
FROM_EQ_ENVFROM(0.00)[];
IP_SCORE(0.18)[country: EU(0.91)];
RCVD_TLS_LAST(0.00)[];
ASN(0.00)[asn:1836, ipnet:80.254.160.0/19, country:EU];
BAYES_HAM(-1.19)[89.09%];
MIME_UNKNOWN(0.10)[message/rfc822,application/x-pkcs7-signature];
SPAM_FLAG(5.00)[];
FROM_HAS_DN(0.00)[];
SIGNED_SMIME(-2.00)[];
TO_MATCH_ENVRCPT_ALL(0.00)[];
MIME_GOOD(-0.20)[multipart/signed,multipart/mixed,multipart/alternative,text/plain];
PREVIOUSLY_DELIVERED(0.00)[stephdl at de-labrusse.fr];
MIME_BAD_ATTACHMENT(1.60)[p7s];
RCPT_COUNT_ONE(0.00)[1];
R_DKIM_PERMFAIL(1.00)[ebxxxxus.world];
R_SUSPICIOUS_URL(5.00)[4570595.ru];
MID_RHS_NOT_FQDN(0.50)[];
RCVD_COUNT_TWO(0.00)[2];
HFILTER_HOSTNAME_UNKNOWN(2.50)[];
GREYLIST(0.00)[pass,meta]at least uf … I am still stuck to this here …
… I feard your server would not accept my emails …
yes spf, dkim and dmarc
you could use also a smarthost
well, I have the feeling that a sieve script can
but I never read something on sieve and subject rewriting, I worry it could be not possible, I read this also https://www.dovecot.org/list/dovecot/2007-October/026079.html
