[Rspamd-Users] Image spam

Tim Harman tim at muppetz.com
Wed Apr 24 19:46:45 UTC 2019

On 23/04/2019 9:03 pm, Tim Harman via Users wrote:
> On 17/04/2019 9:51 pm, Bill Pye via Users wrote:
>> Hi all
>> Does anyone have some insight what can be done, if anything, with the
>> current wave of bitcoin 'image' spam that's hitting our servers?
> The way I've dealt with it (with my single, small domain) is to
> realise that the "scam" uses a from: that's the same as the to:
> Because I have SPF, DKIM and a DMARC record that I'm happy with, I
> have set DMARC failure to p=reject;
> Then all I did was set the following in local.d/dmarc.conf
> actions = {
>   quarantine = "add_header";
>   reject = "reject";
> }

Just for anyone following along, putting

quarantine = "add_header";

In there was actually a dumb idea.  The problem is that because it's a 
prefilter, it will accept a mail and add a header to it, even if the 
mail otherwise scores a 70!  Accepting known spam seems silly, even if 
it is still tagged with a Spam header.

So the better solution is just:

actions = {
   reject = "reject";

More information about the Users mailing list