[Rspamd-Users] whitelisting before blacklisting

Sun Jan 12 17:56:30 UTC 2020

Hi Albert,

> it does not work. The mails are matched first by the blacklist filter and will then be rejected.
> 
> Is there any way to get the white-listing handled first ?

You could add a condition to the blacklist rules to not match if there is a whitelist symbol.

For example:

-----------------------------------------------------------------

sender_from_blacklisted_domain {

            require_symbols = "!SENDER_FROM_WHITELISTED_DOMAIN & !SENDER_FROM_WHITELISTED_TLD & !SENDER_FROM_WHITELISTED_ADDR"

            type = "header";
            header  = "from";
            filter = "email:domain";
            map = "file:///etc/rspamd/local.d/maps.d/blacklist_from_domain.map";
            regexp = true;
            symbol = "SENDER_FROM_BLACKLISTED_DOMAIN";
            action = "reject"; # Prefilter mode
} 

--> https://rspamd.com/doc/modules/multimap.html#conditional-maps

-----------------------------------------------------------------

This would make this rule only match if no whitelist rule matched the same time.
AFAIK all rules are processed but only one of them takes precedence in the end.

For black- and whitelisting on my system, I just set the symbols but do not define any actions.
These are defined with the ForceActions module where I can have those expressions like "require_symbols" but I only need them in one place ;-)
Maybe, if the above does not work, this could be the best way to do this.

Greetings from Wuppertal
 Max

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.rspamd.com/pipermail/users/attachments/20200112/c33e6ee9/attachment.bin>