[Rspamd-Users] BLACKLIST_DMARC not applying
Vsevolod Stakhov
vsevolod at rspamd.com
Fri Jan 29 14:59:23 UTC 2021
On 29/01/2021 14:54, Leonardo Brondani Schenkel via Users wrote:
> Hi.
>
> I am using rspamd version 2.7 in Debian and I have the following config
> (unchanged from default):
>
> group {
> whitelist {
> max_score = 10;
> symbols {
> BLACKLIST_DMARC {
> weight = 6;
> description = "Mail comes from the whitelisted domain
> and has failed DMARC and DKIM policies";
> }
> }
> whitelist {
> rules {
> WHITELIST_DMARC {
> valid_dmarc = true;
> inverse_symbol = "BLACKLIST_DMARC";
> score = -7;
> domains [
>
> "https://maps.rspamd.com/rspamd/dmarc_whitelist_new.inc.zst",
> "/etc/rspamd/local.d/maps.d/dmarc_whitelist.inc.local",
> "/var/lib/rspamd/dmarc_whitelist.inc.local",
> "fallback+file:///etc/rspamd/maps.d/dmarc_whitelist.inc",
> ]
> }
> }
>
>
> My interpretation of this config is that the following will happen, when
> the sender domain matches an entry from of the files:
> - if DMARC verification passed, symbol WHITELIST_DMARC=-7 is applied
> - if DMARC verification failed, symbol BLACKLIST_DMARC=6 is applied
>
> However, in my setup I can only see WHITELIST_DMARC=-7 for genuine
> messages. When I check spam messages spoofing the very same domain, or
> when I take a good message and tamper it and pass it to 'rspamc', I
> never see BLACKLIST_DMARC applied (but I can see that DMARC verification
> failed, given the other symbols present).
>
> Are my expectations wrong here? Is my setup broken? I would pretty much
> like BLACKLIST_DMARC to be applied and penalize messages that are
> spoofing senders.
>
> I would appreciate any advice that you may have.
>
> Thank you,
> // Leonardo.
>
>
Only when a value of a map entry specifies `both`, e.g.
barclays.co.uk both:1.0
Please read the module documentation for details.
More information about the Users
mailing list