Sieve spamtest and virustest extensions

RFC 5235defines Sieve filter extension tests " " and " " intended to allow users to test whether a message is spam (unsolicited bulk e-mail) or contains a virus, with the Sieve test syntax itself being independent of the exact mechanism by which the message was determined to be spam or contain a virus. Typically the actual spam/virus determination might be made by a third-party spam/virus filter package returning a verdict; to convert the underlying spam/virus filter package verdict to a form usable (testable) with " " and " ", the MTA provides private extensions " " and  " ". (The MTA also (7.0u2) supports setting a spam score via the  flag in a    mapping table or recipient   mapping table, for cases where, say, a particular message source can be presumed to be emitting spam and/or virii.)

The capability identifiers for the tests from RFC 5235 are " " (or " " if the " " argument to " " will be used) and " ". The MTA&#x27;s private " " and " " actions are available without any special capability declaration; no " " action is needed for their use.

Because the intended purpose of " " and " " is to increase the portability and logical clarity of spam and virus handling in Sieve scripts, insulating the Sieve script from the details of the actual spam or virus detection/determination, understanding the  interaction of multiple Sieve scripts  may be of special relevance when setting up to enable use of such tests. For instance, a typical sort of use might be that when a spam/virus filter package returns a string verdict including some spam score, then the MTA is configured to convert that string into a spam score using the " " action via a corresponding pair of MTA options      and     : msconfig&#x3e; exec get_path "config" &#x3e; "/opt/SUNWmsgsr/config" msconfig&#x3e; show spamfilter1_&#x2a; role.mta.spamfilter1_config_file = IMTA_TABLE:spamassassin.dat role.mta.spamfilter1_library = IMTA_LIB:libspamass.so role.mta.spamfilter1_name = SpamAssassin msconfig&#x3e; set spamfilter1_verdict_0 False&#x2a; msconfig# set spamfilter1_action_0 &#x27;require "addheader";virusset "0";addheader "Spam-test: $U";spamadjust "$U";&#x27; msconfig# show spamfilter1_&#x2a;_0 role.mta.spamfilter1_action_0 = require "addheader";virusset "0";addheader "Spam-test: $U";spamadjust "$U"; role.mta.spamfilter1_verdict_0 = False&#x2a; Then a user Sieve filter has a spam score available to test. And for instance, one user might choose to configure: require &#x5b;"fileinto", "spamtest","virustest","relational"&#x5d;; if virustest :value "ge" "3" { discard; } if spamtest :value "ge" "100" { if spamtest :value "ge" 200" { discard; }    else {fileinto "spam"; }   } The MTA&#x27;s support for  Sieve external lists (7.0u1)  includes supporting their use (supporting a " " argument) in " " and " " tests.   (For an entirely different in details and intention use of " " and " " in conjunction with a Sieve external list, see the example of "white-listing" Personal AddressBook addresses via a  Sieve external list; in that example, the external list is a list of addresses, not a list of spam or virus levels.)

As of Messaging Server 7.0u3, the " " and " " levels in effect for the active Sieve filter for a given recipient will be included in " " (Enqueue) MTA message transaction log file entries when the   MTA option is enabled. This will appear between the Sieve name and      the applied action list, e.g.: file:///file-spec, spamtest 26.000000, discard

See also:
 * Spamfilter MTA options
 * Sieve external lists
 * FROM_ACCESS mapping table
 * Recipient access mapping tables
 * Sieve hierarchy
 * log_filter MTA Option
 * MTA transaction logging
 * Spam and virus filtering
 * Sieve supported extensions