[Rspamd-Users] Priority of whitelist and blacklist in rspamd

Sandy Drobic rspamd at drobic.de
Fri Mar 5 12:20:53 UTC 2021 


Am 05.03.2021 um 13:05 schrieb Vsevolod Stakhov:
> On 05/03/2021 11:58, Sandy Drobic wrote:
>> Hello,
>>
>> I stumbled on a problem how to make sure that a whitelisted recipient will
>> receive the mail and is not blocked by another rule.
>> The documentation shows how priority is used to merge different settings in
>> the configuration files but not how to prioritize one rule over another.
>>
>> In this case I have a whitelist rule and a blacklist rule and discovered that
>> the blacklist rule trumps the whitelist rule. I want to find out how this works.
>>
>> multimap.conf:
>>
>> # whitelist recipient address (printserver)
>> WHITELIST_RECIPIENT {
>>       type = "rcpt";
>>       filter = "email:domain";
>>       map = "${LOCAL_CONFDIR}/local.d/recipient_whitelist";
>>       symbol = RECIPIENT_WHITELIST;
>>       prefilter = true;
>>       score = 0.0;
>>       action = "accept";
>> }
>> # forbidden extensions in attachments (and archives as attachment)
>> file_extension_blacklist {
>>       type = "filename";
>>       filter = "extension";
>>       map = "${LOCAL_CONFDIR}/local.d/file_extension_blacklist.map";
>>       symbol = "FILE_EXTENSION_BLACKLISTED";
>>       prefilter = true;
>>       action = "reject";
>>       message = "attachment type not allowed";
>> }
>>
>> If no forbidden extension is found the recipient is whitelisted and the only
>> symbol is RECIPIENT_WHITELIST as a result.
>> But if an attachment from the blacklisted list is found the rule
>> file_extension_blacklist is overruling the recipient_whitelist.
>>
>> How can I control which rule takes priority?
> Sigh... Use scores, not actions and never use prefilters unless you
> understand how Rspamd works. Passthrough actions are almost all the time
> are misused, and this is a clear example of that mistake.
>
And now I am really baffled since I was told earlier that I should not use
scores when autolearn for bayes is active.
I can omit the action in the whitelist rule since I set the score there but
then what about the blacklist rule?
If I set the score to 20 to reject it safely will I not learn these rules als
spam in bayes?

Greetings
Sandy

More information about the Users mailing list