[Rspamd-Users] Question on multimap whitelisting

Kai Schaetzl maillists at conactive.com
Sun Nov 3 11:18:52 UTC 2019 

Hello,

still on rspamd 1.9.4.
I've implemented several black- and whitelists which used to work for some 
time. Now it seems they don't.

whitelist_from_ip {
            # nur per radix map?
            description = "client ip whitelist";
            type = "received";
            filter = "real_ip";
            map = "file://$LOCAL_CONFDIR/maps.d/whitelist_from_ip.txt";
            symbol = "WHITELIST_FROM_IP";
            action = "accept"; # Prefilter mode
}

I'm not sure if that map ever worked (because other maps encompass the 
same machines by other matches) as I'm not sure what a "radix map" should 
be. The content of whitelist_from_ip.txt is a list of IP addresses with 
and without CIDR separator, e.g.
1.2.3.4
1.2.3.4/27

whitelist_received_real_hostname_sld {
            description = "client received sld real hostname whitelist";
            type = "received";
            filter = "tld:real_hostname";
            map = "file://
$LOCAL_CONFDIR/maps.d/whitelist_received_real_hostname_sld.txt";
            symbol = "WHITELIST_FROM_HOSTNAME_SLD";
            action = "accept"; # Prefilter mode
}

This surely used to work.
whitelist_received_real_hostname_sld.txt contains a single main domain 
name like "example.com".

The received header of the mail that was not whitelisted looks like this:

Received: from a14.example.com (a14.example.com [1.2.3.4])
    by a13.example.com (Postfix) with ESMTPS id 6F7642BD87
    for <user at one.domain>; Sat,  2 Nov 2019 12:07:44 +0100 (CET)
Received: from [192.168.0.18] (whatever.dynamic.kabel-deutschland.de 
[95.1.1.1])
    by a14.example.com (Postfix) with ESMTPSA id A8F322007A
    for <user at other.domain>; Sat,  2 Nov 2019 12:07:42 +0100 (CET)

The mail was delivered via SMTP AUTH to a14, not considered spam and then 
forwarded to a13. There it was considered spam because of (among other 
things) the kabel-deutschland.de IP range hitting several spamhaus rbls. 

It should have been whitelisted because example.com and 1.2.3.4 being on 
the whitelists above. Or not?

What am I doing wrong/misinterpreting?

Thanks,


Kai

More information about the Users mailing list