no email from you :’(
paste and share it in a gist provider please https://gist.github.com/
Maybe we have a bug here but do not know how to teach dovecot/sieve to modify the subject, or to reject the email.
I need the inputs of @giacomo and @davidep (later, actually he is drinking a margarita at the beach)
EDIT: this is a good reading https://wiki2.dovecot.org/Pigeonhole/Sieve/Examples
An important question is obviously, to prevent introducing false positives:
Are all the e-mails with this altered header spam mails?
OK, getting weard:
here my message.log of the mail to you: no errors. Also my mail queue is empty. . Kindly ask you to countercheck your spam folder. … 
Zusammenfassung
Aug 20 14:33:39 ebb-s01 rspamd[1869]: <5114eb>; proxy; rspamd_task_write_log: id: <6e3-5b7ab500-7-26cb5240@162361151>, qid: <BCDEB1085D85>, ip: 127.0.0.1, from: <myname@mydomain.tld>, (default: F (add header): [5.00/20.00] [R_SUSPICIOUS_URL(5.00){4570595.ru;},SIGNED_SMIME(-2.00){},MIME_BAD_ATTACHMENT(1.60){p7s;},MID_RHS_NOT_FQDN(0.50){},MIME_GOOD(-0.20){multipart/signed;multipart/mixed;multipart/alternative;text/plain;},MIME_UNKNOWN(0.10){message/rfc822;application/x-pkcs7-signature;},FROM_EQ_ENVFROM(0.00){},FROM_HAS_DN(0.00){},HAS_ATTACHMENT(0.00){},RCPT_COUNT_ONE(0.00){1;},RCVD_COUNT_ZERO(0.00){0;},RCVD_TLS_ALL(0.00){},TO_DN_NONE(0.00){},TO_MATCH_ENVRCPT_ALL(0.00){}]), len: 9525, time: 376.672ms real, 6.128ms virtual, dns req: 9, digest: <cd646228d7f14522a903e78d33e26158>, rcpts: <yourname@yourdomain.tld>, mime_rcpts: <yourname@yourdomain.tld> Aug 20 14:33:40 ebb-s01 postfix/smtp[8293]: BCDEB1085D85: to=<yourname@yourdomain.tld>, relay=mail.yourdomain.tld[164.132.77.216]:25, delay=2, delays=0.47/0.01/0.58/0.98, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as D052C180B3915)
second here is the respective spammers e-mail:
Return-Path: <grant@leracz.com>
Received: from ohanavolleyball.com ([138.197.214.204]) by mx-ha.web.de
(mxweb010 [212.227.15.17]) with ESMTP (Nemesis) id 1MpmTh-1gCLru3BZl-00pwPO
for <myname@web.de>; Sat, 18 Aug 2018 14:21:20 +0200
Subject: New order
Date: Sat, 18 Aug 2018 12:21:19 +0000
Content-Type: text/html; charset="UTF-8"
From: Ross Ramos Support <grant@leracz.com>
Enthusiastic-Plowman-Bong: royally
Semantics-Kanji: 1751
Content-Transfer-Encoding: 7bit
Escaping-Inductions-Comprising: b89a87c8de5
To: "myname@web.de" <myname@web.de>
Message-ID: <69ec6f87acacfd23d82a@leracz.com>
MIME-Version: 1.0
Envelope-To: <myname@web.de>
X-UI-Filterresults: junk:10;V01:K0:uhXvKqDnCBs=:ixLKiAhED5RdhoV36pA9UhXGwpf7
yaT4tflqVHlQeFEAaL1bU5y3xR95emg5zYkDQuREiTxRE918t7sqSEz11Eqm5tw4riWBXfCVf
FiVQWjjfpQknFKqofFcLkepqVMfKXL7QBYqztfXoXDxC33UG3lDywnrsbOqDCTihKrkqcOAKA
7T/E2TLN/AnjS0hLQ5hYe0Hltk13/vt5TwhEMajWmly0OT8w+Zs9MQYBYWN6aSKN6xWxGJnUa
hgdLL1yfzNZvvMAPBuWvmq75ml7wgFOKvThjhTrfZBauhRrkzZSDBX7YZzmH0CzkNjCgkCeqy
YXAirzXF3smLY0BT7+Iz0ACBOASvrQETrU7vBpIQ8Le22f61buKvQdj+UnEjbXP9HoTe1c0c1
HeB3ltoOrHH1d1ldfm0Q93ydbL8dsGG31qqEB//UX25Y1f2wNiO8zjAKQUaQEbZckbuV5pGPe
STWYNeTyHWkcZq/Vhv1QVwpejdpKKXBS2+YP1QEOxMYaYxwa5bzWngUBFWMgO4+ezLapZ0gsZ
6IGB6NELATW4qYJIBsoZoUG2W/zybp4sW0O4b2FJ85yJ+efJgJeTZTGr5Pkp34LNDoTwGBOGH
SQiKtnK45Bh6eNkqa4zhnfAFtZftEj8v7hJs5nq+cGczfGRIONxmrWsA3nEe5RquC68DyqLxi
MP1KIhDIwNi9eoaGRqn/dtUXLo03iyilz2F6ubaO/StvaR6rg2JizWviuSGhtvqQKnFH68x2c
cH9xti02GjsAQ7na9GL8OQ28H67gIo1/9P7aT1fsvxHi5U1wsWQ+6G9S8rWrBOsoJ0m/nQQ0/
nIm9hp9zqbKbP851eN016pXhRZ5U00uyoDIz97tWLKTXBbsDo6rNO8or1cbe7pFwRqXHIZZJW
VU5sbkNYw9psI2jnO6LspSkv3jYFEPtpk+2JySSYNahkyAd5wmJZ974WwuEQhX/Eq1B0hMbm7
g492NYMunIkptNama1iP66wnbwDo/m2ovfGDPDfM5GA0nwcE07BSnZeZOxIRTcELRFsDZagng
mm8Bz0CWmOdNdQrfA1htSPzS/5igsTQm9Y8XOD9T8pYsT1S9Wqs1FfTjQcB/xVj8Gt3cEQi3Y
7af4kxT8NKPMlytRHRFgb7nxQbLaEtcFHG+1T0LaF7M662+D4W0iC65BzDbaT9LVN23hB9n0s
2q2k7RkzJpPGquvSD4GXP+dQSeuS9YNVNTmRlezCmPr7/lvCMKnq/dYbsRG4wdY3/Q7vohcmR
8/1vjULVk3/NNUIr/dmH9j/V/3BffxJ2PM8E5wHLzuwVszH1wE/gcQSyEYPxysMcyMJn56fIw
x6zHOeAwX33wSgOXaUKePB+cL4jgHlctwRwRriZ4eRO3vCT5LeIsOMA+CLU4lpTtjHv/+DOuX
r8KjgthsdybDtmkaIYWP4UrAdmpAaccJ7XG27yTe45dy5VYYYIQu2XyQzfIHC6l/UaBZo2AiO
8//+j3UIIvPeHoa7piyuoIU4maNHcs3+vylqG3j9oUuKkpxYpEodX7Wrygyg0iKUWu9hLnBKw
JOzRNP2aC2jEryPcNy/uy2OlvLVS1GTXFTGSNtv98xjO4rzEY4KkaMA7q+M8o9o/QTch2MN5p
mCM3xMeRUvpj0RVJCWY091/T+NvKq3cnOfBA0uZFizJQ5sF8QZ5d1LUXC6dNDsRPns4AVA7TA
rjOEAI8owFI3BWo7IO85Yyq4o6aSnjokKjvglonQGMC5siDtf+UWC8vB9mfsPsw9SKQo7r6fS
SP9onZdwDu5C/2x7E1wB2rxu5ananoB8VXrU9RTP7au+hnIuCqS4QvLM31Y/GxP4ZwAXR6dRL
c79fxz/IIH6L5KSE/CsE2tAgfDJLSiSM89Yp6KqOhgC+DI+g2Z/MmT4k3057Ng7ljL6/ASfxp
P+JFEEgY7f2eIq/6cEsmpSgCZYMLVjNd1fLQJ6g9YMCl02DNWxbZ5e/iUMBgR4ZaZNKLlnvJG
tOzPSVSWG1hCQcf2Rp/gQHnE7eKhoj29boDCY5JRluirCzOhQcdcOaZMWkm/S4SJdsy7C4T2n
QwfJqtn7B4OWt8NNLVGkQx7DhGV/HQN4fQcVmeROzA8OnPrkzfum/go4ZT8vwU86s7nuwNVgf
vrQ/DsWWxv+C2YsGrc+RL/mcMqnz1Eb4VRoVNHGYDbgih3aHGt08iooWvOhAD3WawHgB1y43e
MjUIl4LywLBjNH5iwl8EtvFAkCi2lcwrSJjyX2FGeHT2tSKJ9GQQlXIZxlP+R5Qnxmz0tNB/d
kexYN+0/aNMqLhWuRopTuTPHMvmSZ2RrcVw==
X-getmail-filter-classifier: Action: rewrite subject
X-EsetId: 37303A29E5E4B16261766A
<html>
<head> <title></title>
</head>
<body>
<br><br> Hello <br><br>
You have<a href="http://4570595.ru/anticipated.php?New order69ec6f87acacfd23d82a" style="color:#3e6995;text-decoration:none;">
<span style="font-weight:bold;"> 8</span> messages</a> <br><br>
<a href="http://4570595.ru/anticipated.php?View" style="text-align:center; width:142px; margin-top:17px;margin-bottom:17px;width:152px; display: inline-block; -moz-border-radius: 55px; -webkit-border-radius: 55px; border-radius: 55px; -moz-background-clip: padding; -webkit-background-clip: padding-box; background-clip: padding-box; background-color: #e2223f; color: #ffffff; padding: 15px 55px; font-size: 15px; font-weight: 750; line-height: 15px; height: 15px; text-decoration: none; margin-right: 15px;">View</a>
<br><br> Ross Ramos, Support
<br><br>
This message was sent to myname@web.de.
<span style="font-size: 14pt;">Please <a href="http://4570595.ru/anticipated.php?uid-69ec6f87acacfd23d82a" style="color:#3b5998;text-decoration:none;">unsubscribe</a> if you don't want to receive these e-mail .</span> <br><br>
8/18/2018 <br><br>
</body> </html>got it in spam for your second attempts
X-Spamd-Result: default: False [13.03 / 19.90];
R_SPF_ALLOW(-0.20)[+a];
HAS_ATTACHMENT(1.00)[];
TO_DN_NONE(0.00)[];
MX_GOOD(-0.01)[cached: mail.exxxxus.world];
DKIM_TRACE(0.00)[ebbxxxxaus.world:~];
DMARC_POLICY_ALLOW(-0.25)[exxxxxxus.world,none];
FROM_EQ_ENVFROM(0.00)[];
IP_SCORE(0.18)[country: EU(0.91)];
RCVD_TLS_LAST(0.00)[];
ASN(0.00)[asn:1836, ipnet:80.254.160.0/19, country:EU];
BAYES_HAM(-1.19)[89.09%];
MIME_UNKNOWN(0.10)[message/rfc822,application/x-pkcs7-signature];
SPAM_FLAG(5.00)[];
FROM_HAS_DN(0.00)[];
SIGNED_SMIME(-2.00)[];
TO_MATCH_ENVRCPT_ALL(0.00)[];
MIME_GOOD(-0.20)[multipart/signed,multipart/mixed,multipart/alternative,text/plain];
PREVIOUSLY_DELIVERED(0.00)[stephdl at de-labrusse.fr];
MIME_BAD_ATTACHMENT(1.60)[p7s];
RCPT_COUNT_ONE(0.00)[1];
R_DKIM_PERMFAIL(1.00)[ebxxxxus.world];
R_SUSPICIOUS_URL(5.00)[4570595.ru];
MID_RHS_NOT_FQDN(0.50)[];
RCVD_COUNT_TWO(0.00)[2];
HFILTER_HOSTNAME_UNKNOWN(2.50)[];
GREYLIST(0.00)[pass,meta]at least uf … I am still stuck to this here …
… I feard your server would not accept my emails …
yes spf, dkim and dmarc
you could use also a smarthost
well, I have the feeling that a sieve script can
- modify/set a header
- reject(bounce message) or discard (reject silently)
- move an email in junk folder
but I never read something on sieve and subject rewriting, I worry it could be not possible, I read this also https://www.dovecot.org/list/dovecot/2007-October/026079.html
IMHO if , as @AndreLinux just confirmed, mails with the header addition X-getmail-filter-classifier: Action: rewrite subject are spam,
it is enough to simply move them to the Junk folder with a adoption in the before.sieve without actually rewiring the subject.
@AndreLinux what do you think?
yes but nothing will be done if the checkbox move to junk is disabled 
1 Like
The subject is not actually rewritten, it remains unaltered. It is only the header that changes.
Is this different behavior as with ‘X-SPAM-FLAG’ ‘YES’ ?
But would it be good enough for you if the mails are moved to the Junk folder without rewriting the subject?
Rewriting the subject does not seem to be a simple task in our setup.
would be fine
Today I got an E-Mail from Univention which I tried before Nethserver. I am still on the mailing list. It was send to one of the domains I handle using Nethserver (my old myname.dyndns.org adress): The subject was replaces to anounce its spam status and it was moved to junk - at least this part seems to work …
this is the postfix milter job, this is the normal way to handle email 
this could be just another sieve script in before.sieve provided by nethserver-mail2-getmail
1 Like
Yes, that is my expectation, too. Just from this discussion, I was not sure if it works on my system at all