[Rspamd-Users] Question about composite rules

Marcel Menzel mail at mcl.gg
Sun Jan 3 21:35:12 UTC 2021 

Am 03.01.2021 um 22:03 schrieb Vsevolod Stakhov:
> On 03/01/2021 21:00, Marcel Menzel wrote:
>> Yes, the configdump composites was printing the expression correctly
>> while it was missing in the config file. Also adding the missing
>> semicolon did not help here, the symbol is still being triggered.
>>
>> Am 03.01.2021 um 17:29 schrieb Alex JOST:
>>> Am 03.01.2021 um 16:32 schrieb Marcel Menzel:
>>>> Hello List,
>>>>
>>>> I have the following composite rule to add a score to mails originating
>>>> from freemail accounts, but not for receiving them from a mailing list:
>>>>
>>>> FREEMAIL_INVOLVED {
>>>>    expression = "(FREEMAIL_FROM | FREEMAIL_ENVFROM | FREEMAIL_REPLYTO |
>>>> FREEMAIL_CC) & (! CUSTOM_WHITELIST_SENDER_DOMAIN_MAILLIST | ! MAILLIST)"
>>>>    score = 3.0;
>>>>    policy = "leave";
>>>> }
>>>>
>>>> Some mailinglists are not being detected by rspamd, so I made the
>>>> "CUSTOM_WHITELIST_SENDER_DOMAIN_MAILLIST" multimap.
>>>>
>>>> Now, when a mail from an undetected mailinglist from a freemail sender
>>>> arrives in rspamd, it still triggers the "FREEMAIL_INVOLVED" symbol
>>>> while the mail itself has the "CUSTOM_WHITELIST_SENDER_DOMAIN_MAILLIST"
>>>> symbol set aswell (MAILLIST is not set):
>>>>
>>>> FREEMAIL_INVOLVED (3)
>>>> FREEMAIL_FROM (0) [gmail.com]
>>>> CUSTOM_WHITELIST_SENDER_DOMAIN_MAILLIST (0) [formilux.org]
>>>>
>>>> Am I hitting a bug here or am I missing something out?
>>> Have you checked with 'rspamadm configdump composites' that rspamd is
>>> correctly reading your rules? It looks like you are missing a
>>> semicolon at the end of 'expression' and you might need to remove the
>>> spaces after the exclamation marks.
>>>
>>> FREEMAIL_INVOLVED {
>>>     expression = "(FREEMAIL_FROM | FREEMAIL_ENVFROM | FREEMAIL_REPLYTO
>>> | FREEMAIL_CC) & (!CUSTOM_WHITELIST_SENDER_DOMAIN_MAILLIST | !MAILLIST)";
>>>     score = 3.0;
>>>     policy = "leave";
>>>  }
>>>
> Please stop top posting here.
>
> WRT your issue you need to check your logical expression.
> (FREEMAIL_FROM | FREEMAIL_ENVFROM | FREEMAIL_REPLYTO | FREEMAIL_CC) &
> (!CUSTOM_WHITELIST_SENDER_DOMAIN_MAILLIST | !MAILLIST)
>
> the first `()` is triggered by `FREEMAIL_FROM` the second `()` is
> triggered by `!MAILLIST`.
Sorry.

Yes, indeed I had a logic error. Writing it as
"(FREEMAIL_FROM | FREEMAIL_ENVFROM | FREEMAIL_REPLYTO | FREEMAIL_CC) &
!(CUSTOM_WHITELIST_SENDER_DOMAIN_MAILLIST | MAILLIST)"
does the trick, thanks.

More information about the Users mailing list