[Rspamd-Users] BLACKLIST_DMARC not applying
Leonardo Brondani Schenkel
leonardo at schenkel.net
Fri Jan 29 14:54:17 UTC 2021
Hi.
I am using rspamd version 2.7 in Debian and I have the following config
(unchanged from default):
group {
whitelist {
max_score = 10;
symbols {
BLACKLIST_DMARC {
weight = 6;
description = "Mail comes from the whitelisted domain
and has failed DMARC and DKIM policies";
}
}
whitelist {
rules {
WHITELIST_DMARC {
valid_dmarc = true;
inverse_symbol = "BLACKLIST_DMARC";
score = -7;
domains [
"https://maps.rspamd.com/rspamd/dmarc_whitelist_new.inc.zst",
"/etc/rspamd/local.d/maps.d/dmarc_whitelist.inc.local",
"/var/lib/rspamd/dmarc_whitelist.inc.local",
"fallback+file:///etc/rspamd/maps.d/dmarc_whitelist.inc",
]
}
}
My interpretation of this config is that the following will happen, when
the sender domain matches an entry from of the files:
- if DMARC verification passed, symbol WHITELIST_DMARC=-7 is applied
- if DMARC verification failed, symbol BLACKLIST_DMARC=6 is applied
However, in my setup I can only see WHITELIST_DMARC=-7 for genuine
messages. When I check spam messages spoofing the very same domain, or
when I take a good message and tamper it and pass it to 'rspamc', I
never see BLACKLIST_DMARC applied (but I can see that DMARC verification
failed, given the other symbols present).
Are my expectations wrong here? Is my setup broken? I would pretty much
like BLACKLIST_DMARC to be applied and penalize messages that are
spoofing senders.
I would appreciate any advice that you may have.
Thank you,
// Leonardo.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4494 bytes
Desc: S/MIME Cryptographic Signature
URL: <https://lists.rspamd.com/pipermail/users/attachments/20210129/07bb9ac8/attachment.bin>
More information about the Users
mailing list