[Rspamd-Users] Image spam

Tim Harman tim at muppetz.com
Tue Apr 23 09:03:13 UTC 2019

On 17/04/2019 9:51 pm, Bill Pye via Users wrote:
> Hi all
> Does anyone have some insight what can be done, if anything, with the
> current wave of bitcoin 'image' spam that's hitting our servers?

The way I've dealt with it (with my single, small domain) is to realise 
that the "scam" uses a from: that's the same as the to:
Because I have SPF, DKIM and a DMARC record that I'm happy with, I have 
set DMARC failure to p=reject;

Then all I did was set the following in local.d/dmarc.conf

actions = {
   quarantine = "add_header";
   reject = "reject";

So when a mail comes in for my domain, from my domain, when they have no 
authority in SPF or DKIM to send from my domain, they fail DMARC and the 
mail is rejected, no matter how well it would otherwise score:

2019-04-23 15:27:28 #25902(normal) <69eec6>; task; 
rspamd_add_passthrough_result: <undef>: set pre-result to reject (no 
score): 'Action set by DMARC' from dmarc(1)

Hope this helps.


More information about the Users mailing list