[Rspamd-Users] BLACKLIST_DMARC not applying

Leonardo Brondani Schenkel leonardo at schenkel.net
Fri Jan 29 14:54:17 UTC 2021


I am using rspamd version 2.7 in Debian and I have the following config 
(unchanged from default):

group {
     whitelist {
         max_score = 10;
         symbols {
             BLACKLIST_DMARC {
                 weight = 6;
                 description = "Mail comes from the whitelisted domain 
and has failed DMARC and DKIM policies";
whitelist {
     rules {
             valid_dmarc = true;
             inverse_symbol = "BLACKLIST_DMARC";
             score = -7;
             domains [

My interpretation of this config is that the following will happen, when 
the sender domain matches an entry from of the files:
- if DMARC verification passed, symbol WHITELIST_DMARC=-7 is applied
- if DMARC verification failed, symbol BLACKLIST_DMARC=6 is applied

However, in my setup I can only see WHITELIST_DMARC=-7 for genuine 
messages. When I check spam messages spoofing the very same domain, or 
when I take a good message and tamper it and pass it to 'rspamc', I 
never see BLACKLIST_DMARC applied (but I can see that DMARC verification 
failed, given the other symbols present).

Are my expectations wrong here? Is my setup broken? I would pretty much 
like BLACKLIST_DMARC to be applied and penalize messages that are 
spoofing senders.

I would appreciate any advice that you may have.

Thank you,
// Leonardo.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4494 bytes
Desc: S/MIME Cryptographic Signature
URL: <https://lists.rspamd.com/pipermail/users/attachments/20210129/07bb9ac8/attachment.bin>

More information about the Users mailing list