[Rspamd-Users] messages tagged as spam when sending encrypted and signed via Thunderbird

[Arno Welzel]

David Mehler:

[...]
> My keywords_bl has two entries one for a loan the other for false
> bitcoin messages:
> 
> #cat maps/keyword_bl.map
> /loan/
> /\s+[13][a-km-zA-HJ-NP-Z1-9]{25,34} #Bitcoin

Well - maybe the encrypted message triggers the "Bitcoin" entry which
matches a lot of things. The whole expression looks a bit weird. What
exactly should this match? I also would never add 5 points - which
indicates a message clearly as spam in your case (above 4) - just
because the single word "loan" is appearing somewhere.

Either you should change the map so it does not match encrypted messages
any longer our you have to create another map with adds a negative score
to compensate this rule for encrypted mails. Look for some specific text
which is always the same in encrypted mails and give -2 points for that,
so the result will be below your spam trigger.


> Here is my dkim_signing.conf file with the suggested try_fallback option:
> 
> 
> #cat dkim_signing.conf
> # If false, messages from local networks are not selected for signing
>  sign_local = true;
>  # If true, envelope/header domain mismatch is ignored
>  allow_hdrfrom_mismatch = true;
>  # If true, username does not need to contain matching domain
>  allow_username_mismatch = true;
> try_fallback = false;
[...]

It seems you don't use DKIM signing for outgoing mails. Do you? Because
this configuration does not look like you do. At least I would expect a
key selector and probably also domain map.

If you don't use DKIM why don't you just disable it?