[Rspamd-Users] Blacklists Not Working

Tim Harman tim at muppetz.com
Tue Oct 6 16:38:24 UTC 2020


On 07/10/2020 4:46 am, Kyle A. wrote:
> Hi,
> 
> I just joined the list.  I don't see a way to search the list like you
> can on yahoo or groups.io, so I apologize if my question is a repeat.
> 
> I have a working rspamd and I have added some local black lists which
> are not processed.
> 
> Some of the basics ARE WORKING:
> * Blacklists show up and are editable/saveable in webui #configuration
>   (matching local.d/multimap.conf)
> * Blacklists show up with the correct score values in webui #symbols
>   (matching local.d/groups.conf)
> 
> Yet the entries in the referenced files are not processed.  It is like
> rspamd isn't processing modules.d/multimap.conf.  Any suggestions are
> appreciated.
> 
> Here are a couple of snippets showing excerpts of what I've done:
> 
> # local.d/groups.conf
> group "multimap" {
>   symbols = {
>     # Blacklists
>     "LOCAL_BL_DOMAIN" {
>       weight = 15;
>       description = "Sender DOMAIN listed in local blacklist";
>     }
> }
> 
> # local.d/multimap.conf
> # Blacklists
> local_bl_domain {
>   type = "from";
>   filter = "email:domain";
>   map = "/var/lib/rspamd/local_bl_domain.inc";
>   prefilter = true;
>   action = "reject";
>   description = "Blacklisted domain";
> }
> 
> 
> cat /var/lib/rspamd/local_bl_domain.inc
> # Block by domain
> #
> # Add one domain per line
> nottherealdomain.com
> 
> We continue to get messages from "info at nottherealdomain.com" and the
> #history entries make no reference to the blacklists at all.  There are
> 4 blacklists in all, and all 4 are ignored.
> 
> Thanks,
> Kyle


You have type = "from" which will match the *envelope from* (i.e the 
SMTP "from" that is send before the DATA command).  More often than not, 
especially with spam, the envelope from is different than the "from" 
header in the actual email.  You are probably wanting to match on the 
from in the header of the email (and that which appears in your mail 
client)

I use the following and it works for me:

BLACKLIST_FROM {
   type = "header";
   header ="from";
   filter = "email:domain";
   map = "${DBDIR}/from_blacklist.inc.local";
   description = "Sender in Blacklist";
   action = "reject";
}


Hope this helps.


More information about the Users mailing list