[Rspamd-Users] Spam from my own address not detected

Yves Goergen nospam.list at unclassified.de
Thu Apr 29 20:11:30 UTC 2021 

Hi Andrew,

Thanks for the note about DMARC, I'll see what I can do here.

The greylisting is more complicated than what Rspamd is thinking. I'm 
providing e-mail services to my customers and they need to adjust the 
spam level for each of their addresses. Rspamd isn't able to support 
that so I'm just letting it do the rating and then decide what to do 
with it later in Exim where I have the necessary data for the 
destination address. Greylisting is working, but not the way Rspamd 
believes it does (which doesn't).

I have read the docs about Rspamd in Exim integration, but it's not 
working for multi-user environments. So I had to run my own solution.

-Yves


-------- Ursprüngliche Nachricht --------
Von: Andrew Lewis via Users <users at lists.rspamd.com>
Gesendet: Mittwoch, 28. April 2021, 09:44 MESZ
Betreff: [Rspamd-Users] Spam from my own address not detected


Hi Yves,

It looks like you've enabled greylisting but not configured Exim to
honour the 'soft reject' action - you'll want to do that, or disable
greylisting - or you'll get bad results. There's an example at
https://rspamd.com/doc/integration.html#integration-with-exim-mta

The envelope sender of the mail in question is empty so SPF is not
applicable here. Consider publishing DMARC policy.

Best,
-AL.

Quoting Yves Goergen <nospam.list at unclassified.de>:

Hello,

I keep getting spam mail that has my own e-mail address as envelope
sender. Then I look in the Rspamd log and see that it has this label:

R_SPF_NA (0) [no SPF record]

The tooltip says:

Missing SPF record

Something's wrong here. My domains all have SPF and DKIM records.
Why do I see this message here? What does it mean?

These are the full headers of one of such messages as I receive it:

----------

Return-path: <>
Envelope-to: y****@unclassified.de
Delivery-date: Tue, 27 Apr 2021 21:14:07 +0200
Received: from
astmpdsfsdf-i61telefonica.westeurope.cloudapp.azure.com
([23.97.207.120] helo=p89t.resellerratings.com)
	by dotforward.de with esmtp (Exim 4.93)
	id 1lbT9m-004BGJ-9y
	for y****@unclassified.de; Tue, 27 Apr 2021 21:14:07 +0200
Content-Transfer-Encoding: 7bit
Content-Type: text/html; charset="UTF-8"
Date: Tue, 27 Apr 2021 18:53:18 +0200
To: y****@unclassified.de
From: "Bitcoin-Handel"  <y****@unclassified.de>
Subject:
=?utf-8?Q?Der_Preis_von_Bitcoin_ist_h=C3=B6her_als_seit_zwei_Jahren?=
MIME-Version: 1.0
Message-Id: <E1lbT9m-004BGJ-9y at dotforward.de>
X-Spam-Score: 3.6 (+++)
X-Spam-Report: Scanned by the dotforward mail server
	HFILTER_HELO_NORES_A_OR_MX(0.30)
	TO_DN_NONE(0.00)
	HFILTER_HELO_IP_A(1.00)
	SEM_URIBL_FRESH15_UNKNOWN_FAIL(0.00)
	URIBL_MULTI_FAIL(0.00)
	RCVD_COUNT_ONE(0.00)
	RCVD_NO_TLS_LAST(0.10)
	TO_EQ_FROM(0.00)
	R_DKIM_NA(0.00)
	MIME_TRACE(0.00)
	ASN(0.00)
	SPAMHAUS_FAIL(0.00)
	RSPAMD_URIBL_FAIL(0.00)
	ONCE_RECEIVED(0.10)
	ARC_NA(0.00)
	SEM_URIBL_UNKNOWN_FAIL(0.00)
	FROM_HAS_DN(0.00)
	TO_MATCH_ENVRCPT_ALL(0.00)
	SURBL_MULTI_FAIL(0.00)
	RCPT_COUNT_ONE(0.00)
	DBL_FAIL(0.00)
	BLOCKLISTDE_FAIL(0.00)
	DMARC_DNSFAIL(0.00)
	MIME_HTML_ONLY(0.20)
	R_SPF_NA(0.00)
	HFILTER_URL_ONLY(1.87)
	GREYLIST(0.00)
   Message: Try again later

----------

These are all symbols of the entry in Rspamd:

----------

HFILTER_URL_ONLY (1.871642) [0.85074626865672]
HFILTER_HELO_IP_A (1) [p89t.resellerratings.com]
HFILTER_HELO_NORES_A_OR_MX (0.3) [p89t.resellerratings.com]
MIME_HTML_ONLY (0.2)
ONCE_RECEIVED (0.1)
RCVD_NO_TLS_LAST (0.1)
SPAMHAUS_FAIL (0) [23.97.207.120:query timed out]
SEM_URIBL_UNKNOWN_FAIL (0) [farsjoo.com:query timed
out,unclassified.de:query timed out]
TO_EQ_FROM (0)
GREYLIST (0) [greylisted,Tue, 27 Apr 2021 19:19:07 GMT,new record]
ASN (0) [asn:8075, ipnet:23.96.0.0/14, country:US]
SEM_URIBL_FRESH15_UNKNOWN_FAIL (0) [farsjoo.com:query timed
out,unclassified.de:query timed out]
MIME_TRACE (0) [0:~]
RCPT_COUNT_ONE (0) [1]
RSPAMD_URIBL_FAIL (0) [farsjoo.com:query timed
out,unclassified.de:query timed out]
URIBL_MULTI_FAIL (0) [unclassified.de:query timed
out,farsjoo.com:query timed out]
R_DKIM_NA (0)
BLOCKLISTDE_FAIL (0) [23.97.207.120:query timed out]
R_SPF_NA (0) [no SPF record]
SURBL_MULTI_FAIL (0) [farsjoo.com:query timed
out,unclassified.de:query timed out]
DBL_FAIL (0) [farsjoo.com:query timed out]
TO_DN_NONE (0)
ARC_NA (0)
RCVD_COUNT_ONE (0) [1]
DMARC_DNSFAIL (0) [unclassified.de : query timed out]
TO_MATCH_ENVRCPT_ALL (0)
FROM_HAS_DN (0)

----------
-- 
Users mailing list
Users at lists.rspamd.com
https://lists.rspamd.com/mailman/listinfo/users

More information about the Users mailing list