[Rspamd-Users] Blacklists Not Working

[Kyle A.]

I modified yours slightly to meet our needs, but you did get get me
going the in the right direction.  I really appreciate your advice.
Instead of rejecting from the BL, I wanted to assign it a high spam
score and continue to run it through rspamd for the learning filters.
For posterity, the domain based black list ended up like this:

local_bl_domain {
  type = "header";
  header = "from";
  filter = "email:domain:tld";
  map = "/var/lib/rspamd/local_bl_domain.inc";
  description = "Blacklisted domain";
  symbol = "LOCAL_BL_DOMAIN";
}

I used a discrete path because I have not been able to get rspamd to
dump the variables.  When I do configdump etc, it does not tell me
things like where ${DBDIR} (or others) are pointed to on this CentOS 8
system.  Mine do not seem to match the rspamd docs so I don't know what
variable might match my pathing.  However, discrete paths work in the
rspamd configs, so that's the direction I've used in our setup.

Thanks,
Kyle

On 10/6/2020 12:38 PM, Tim Harman via Users wrote:
> You have type = "from" which will match the *envelope from* (i.e the
> SMTP "from" that is send before the DATA command).  More often than not,
> especially with spam, the envelope from is different than the "from"
> header in the actual email.  You are probably wanting to match on the
> from in the header of the email (and that which appears in your mail
> client)
> 
> I use the following and it works for me:
> 
> BLACKLIST_FROM {
>   type = "header";
>   header ="from";
>   filter = "email:domain";
>   map = "${DBDIR}/from_blacklist.inc.local";
>   description = "Sender in Blacklist";
>   action = "reject";
> }
> 
> 
> Hope this helps.