I have setup my own mail server by partially following the guide (series) here
The sieve filter rule is:
... truncated ...
# Trash messages with improperly formed message IDs
if not header :regex "message-id" ".*@.*\\." {
fileinto :create "Junk";
}
if header :contains "X-Virus-Status" "Infected" {
discard;
stop;
}
if header :contains "X-Spam-Level" "*****" {
fileinto :create "Junk";
setflag "\\Seen";
}
And I compiled it right after the change. Restarted Dovecot.
Still, I see the log:
2016-05-16 22:01:43 lda(mail@example.com): Info: sieve: msgid=emailsecuritycheck.net.2.becsz*6nYwm7BtlKdQRYXg==: stored mail into mailbox 'Junk'
2016-05-16 22:01:43 lda(mail@example.com): Info: sieve: msgid=emailsecuritycheck.net.2.becsz*6nYwm7BtlKdQRYXg==: marked message to be discarded if not explicitly delivered (discard action)
I was using the EICAR testing service from here.
When I used this service, sieve is working properly (disregard straightly)
Do you have any idea why do I still see the email rather than just discard it?
The 2nd email contains the test virus, is not a spam email, and its virus header is:
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary=XXX
X-Virus-Scanned: clamav-milter 0.99.1 at mail.example.com
X-Virus-Status: Infected (Eicar-Test-Signature)
