[Rspamd-Users] Problems with multimap (which I'm sure used to work...)
Reio Remma
reio at mrstuudio.ee
Mon Oct 21 10:56:07 UTC 2019
On 21/10/2019 12:33, Tim Cutts wrote:
> Dear list,
>
> I hope you can help me debug a multimap rule I’m having trouble with.
>
> I get a lot of spam from a particular source, and their common feature is the all have received headers like this one:
>
> Received: from mail.understandingtheimpacts.com <http://mail.understandingtheimpacts.com/> (vpsnode12.webstudio26.com <http://vpsnode12.webstudio26.com/> [185.250.243.24]) by cyclin.thecutts.org <http://cyclin.thecutts.org/> (Postfix) with ESMTP id 45064300019 for <tim at thecutts.org <mailto:tim at thecutts.org>>; Thu, 17 Oct 2019 13:15:37 +0100 (BST)
>
> The numbers in the vpsnode hostname vary, but the pattern is the same.
>
> So, I added a rule in local.d/multimap.conf:
>
> TJRC_RECEIVED_BLACKLIST {
> type = "received";
> filter = "real_hostname";
> description = "Found in Tim's Received blacklist";
> map = "/${LOCAL_CONFDIR}/local.d/received_blacklist.map";
> symbol = "TJRC_RECEIVED_BLACKLIST";
> regexp = true;
> }
>
> And the .map file looks like this:
>
> /vpsnode\d+\.webstudio\d+\.com/i
I'm suspicuous of the filter = "real_hostname" (hostname as resolved by
MTA).
Can you see what your MTA is passing to Rspamd?
Good luck,
Reio
More information about the Users
mailing list