[Rspamd-Users] email:domain vs email:domain:tld

Dan Swartzendruber dswartz at druber.com
Tue Oct 9 14:26:16 UTC 2018


I had sometime ago coded a multimap.conf that goes in 
/etc/rspamd/local.d.  I have two whitelists: one for files, and one for 
domains.  They look like this:

sender_from_whitelisted_user {
   type = "from";
   filter = "email:addr";
   map = "file:///usr/local/rspam/whitelisted_user.map";
   description = "Mail comes from whitelisted sender";
   symbol = "SENDER_FROM_WHITELISTED_USER";
   action = "accept";
}

sender_from_whitelisted_domain {
   type = "from";
   filter = "email:domain:tld";
   map = "file:///usr/local/rspam/whitelisted_domain.map";
   description = "Mail comes from whitelisted domain";
   symbol = "SENDER_FROM_WHITELISTED_DOMAIN";
   score = -10.0;
}

what has me confused: some domains are TLD (e.g. dcu.org), whereas 
others (most even) come from a 2nd level domain.  Since the latter is 
the case, I was using email:domain:tld, but this seems to also catch TLD 
references (e.g. I sent myself a test email from my work address, and it 
shows as:

symbols: SENDER_FROM_WHITELISTED_DOMAIN(-10.00)[MYCOMPANY.com]

yet, looking at /usr/local/rspam/whitelisted_domain.map, my company's 
domain name is a TLD.  I'm not complaining, this is how I would like it 
to work, but the documentation doesn't seem to indicate this, and I at 
first thought I would need two sets of rules...


More information about the Users mailing list