[Rspamd-Users] Grab.com or amazonses.com messages are scored 11.99

Sophie Loewenthal sophie at klunky.co.uk
Thu Jul 11 18:45:03 UTC 2019


> On 10 Jul 2019, at 5:46 pm, Alexander Moisseev via Users <users at lists.rspamd.com> wrote:
> 
>> On 10.07.2019 15:22, Sophie Loewenthal wrote:
>> Hi,
>> I just realised that email from grab.com were being marked as spam.  Grab.com is the biggest competition to Uber in South East Asia.    The poison pill was a whopping 11.99.
>> Why did FUZZY_DENIED assign 11.99 points and did it assign based on grab.com or amazonses.com?
>> (default: T (reject): [15.06/14.00] [FUZZY_DENIED(11.99)
>> 705c5943fd8776c629e6244fc565b33eea27cd9a3d6d69b5b5b1bc100e7d8a9002cdd1baa5ea172059c52c676e8c73106cc0c3c3c188f318a6b90615444c47a8
> 
SNIP
>> I see I can whitelist grab.com but I prefer to understand how this hit in the first place. Especially such a high scoring rule could reject many legitimate senders.
>> Or how could I disable FUZZY_DENIED?
>> Where should I put something like this:
>> settings {
>>   SJL_grab_com {
>>       priority = high;
>>       from = "@grab.com";
>>       from = "/@grab\.com$/";
>>       apply "default" {
>>           FUZZY_DENIED = 0.0;
>>       }
>>   }
>> }
> 
> I think the from domain in your sample is not @grab.com but @ses-us-east-1.grab.com .
> 
> You can put the following in the local.d/setting.conf :
> 
> SJL_grab_com {
>  priority = high;
>  from = "@ses-us-east-1.grab.com";
>  apply {
>      FUZZY_DENIED = 0.0;
>  }
> }
> 
> If those mails come from different 3rd level domains, you can use multiple 'from =' directives or a regexp like 'from = "/@ses-us-east-[1-4]\.grab\.com$/";' (it is just an example, please modify it accordingly).
> -- 
> 

Thank-you for correcting mine

I requested delisting 7 hours ago, but the emails still are in the rspamd blacklist.  


How long must we wait for this to be removed?
How did it get in there in the first place?
I delisted this string: 

705c5943fd8776c629e6244fc565b33eea27cd9a3d6d69b5b5b1bc100e7d8a9002cdd1baa5ea172059c52c676e8c73106cc0c3c3c188f318a6b90615444c47a8

And have had this reply twice:
"705c5943fd8776c629e6244fc565b33eea27cd9a3d6d69b5b5b1bc100e7d8a9002cdd1baa5ea172059c52c676e8c73106cc0c3c3c188f318a6b90615444c47a8" has already been removed from the Hash blacklist


2019-07-11 18:33:52 #1143(normal) <bc648b>; task; fuzzy_insert_result: found exact fuzzy hash(txt) 705c5943fd8776c629e6244fc565b33eea27cd9a3d6d69b5b5b1bc100e7d8a9002cdd1baa5ea172059c52c676e8c73106cc0c3c3c188f318a6b90615444c47a8 with weight: 0.99, probability 1.00, in list: FUZZY_DENIED:1



Sophie 







More information about the Users mailing list