[Rspamd-Users] Priority of whitelist and blacklist in rspamd

Vsevolod Stakhov vsevolod at rspamd.com
Fri Mar 5 12:05:04 UTC 2021


On 05/03/2021 11:58, Sandy Drobic wrote:
> Hello,
> 
> I stumbled on a problem how to make sure that a whitelisted recipient will
> receive the mail and is not blocked by another rule.
> The documentation shows how priority is used to merge different settings in
> the configuration files but not how to prioritize one rule over another.
> 
> In this case I have a whitelist rule and a blacklist rule and discovered that
> the blacklist rule trumps the whitelist rule. I want to find out how this works.
> 
> multimap.conf:
> 
> # whitelist recipient address (printserver)
> WHITELIST_RECIPIENT {
>       type = "rcpt";
>       filter = "email:domain";
>       map = "${LOCAL_CONFDIR}/local.d/recipient_whitelist";
>       symbol = RECIPIENT_WHITELIST;
>       prefilter = true;
>       score = 0.0;
>       action = "accept";
> }
> # forbidden extensions in attachments (and archives as attachment)
> file_extension_blacklist {
>       type = "filename";
>       filter = "extension";
>       map = "${LOCAL_CONFDIR}/local.d/file_extension_blacklist.map";
>       symbol = "FILE_EXTENSION_BLACKLISTED";
>       prefilter = true;
>       action = "reject";
>       message = "attachment type not allowed";
> }
> 
> If no forbidden extension is found the recipient is whitelisted and the only
> symbol is RECIPIENT_WHITELIST as a result.
> But if an attachment from the blacklisted list is found the rule
> file_extension_blacklist is overruling the recipient_whitelist.
> 
> How can I control which rule takes priority?

Sigh... Use scores, not actions and never use prefilters unless you
understand how Rspamd works. Passthrough actions are almost all the time
are misused, and this is a clear example of that mistake.



More information about the Users mailing list