[Rspamd-Users] Having trouble setting up a user blacklist

Michael Hall MiHall at primustel.ca
Wed Mar 18 14:41:54 UTC 2020


On Mon, 2020-03-16 at 14:41 +0000, Vsevolod Stakhov wrote:

On 16/03/2020 14:29, Michael Hall wrote:

Hello folks,


I'm trying to set up a user blacklist using Redis. This is my /etc/rspamd/local.d/multimap.conf:


blacklisted_user {

  type = "user";

  map = "redis://blacklisted_users";

  prefilter = true;

  action = reject;

}


blacklisted_ip {

  type = "ip";

  map = "redis://blacklisted_ips";

  prefilter = true;

  action = reject;

}


The IP blacklist works fine, but if I do a packet capture between rspamd and Redis, it's not even checking the user.


If I change type = "user" to type = "from" it works, but I want to use the authentication username, not the from address.


Any suggestions?


Thanks,


Michael Hall

Systems Administrator, Unix

Primus Management ULC



Why do you want to ban specific authenticated users? Aside that it

should work if your MTA passes authenticated username correctly.



We're an ISP, and this is our outbound mail server cluster.  If a

customer's password is compromised, we want to be able to block mail

from them, but we don't have any other way to lock an account without

deleting it all together.  And if we reset the password, the customer

can just login to our portal (portal logins are separate from email

addresses) and change it back.  (We also don't keep track of old

passwords.  That's on my wish list, but it depends on other teams that

have their own priorities.)


We also sometimes see compromised accounts used to send mail with

other from addresses (e.g. the spammer authenticates as

john at example.com<mailto:jdoe at example.com>, then sends mail from fred at example.net<mailto:fred at example.net>,

george at example.org<mailto:george at example.org>, jane at somecompany.example<mailto:jane at somecompany.example>, etc.) so just

blacklisting based on From isn't sufficient.  And we have commercial

customers with their own mai lservers, but dynamic IPs, so they

have to relay through us using a single username, but many email

addresses, potentially in different domains.  So we can't just reject

mail if the username and from address don't match.


Thanks,


Michael Hall

Systems Administrator, Unix

Primus Management ULC


More information about the Users mailing list