[Rspamd-Users] How to debug unexpected RSPAMD_EMAILBL score?
Vadim Zeitlin
vz-rspamd at zeitlins.org
Tue Jun 18 16:11:50 UTC 2019
Hello,
Emails from a particular person get filtered as spam by rspamd (version
1.9.4 with mostly default configuration) that I'm running because of the
elevated score for RSPAMD_EMAILBL (9.50). I'd like to understand where is
this coming from and which email exactly triggers this. Looking in the log
I see something like this (slightly redacted and wrapped for ease of
reading):
2019-06-18 17:32:30 #11569(normal) <505c92>; task; rspamd_task_write_log:
id: <xxx>, qid: <xxx>, ip: xxx, from: <someone at domain.com>, (default: T (add
header): [6.77/15.00] [RSPAMD_EMAILBL(9.50){.;pdj11uthygksitexhj564i1yyehsjbft;},
BAYES_HAM(-5.62){96.47%;},AUTH_NA(1.00){},REPLYTO_UNPARSEABLE(1.00){},
URI_COUNT_ODD(1.00){5;},MIME_GOOD(-0.10){multipart/alternative;text/plain;},
...
and I have no idea where does this weird "pdj11uthygksitexhj564i1yyehsjbft"
string come from. Looking at the only other occurrence of RSPAMD_EMAILBL in
my log, I see this:
RSPAMD_EMAILBL(9.50){longgiacomputer.gmail.com;y6k3i5t3suzw3ygj6jrz3sgydey1d84u;}
which would seem to indicate that the actual blacklisted email is supposed
to be in the first field, but in the case of the false positive above it is
empty, so could someone please explain what's going on here?
On a related note, how can I test RSPAMD_EMAILBL manually? I thought I was
just supposed to make a DNS lookup of localpart.domain.email.rspamd.com,
but looking up longgiacomputer.gmail.com.email.rspamd.com returns SERVFAIL
and for longgiacomputer at gmail.com.email.rspamd.com I get NXDOMAIN.
Thanks in advance for any hints!
VZ
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 196 bytes
Desc: not available
URL: <https://lists.rspamd.com/pipermail/users/attachments/20190618/cab8222a/attachment.bin>
More information about the Users
mailing list