[Rspamd-Users] Priority of whitelist and blacklist in rspamd

Tue Mar 9 00:58:37 UTC 2021

On Fri, 2021-03-05 at 13:20 +0100, Sandy Drobic wrote:
> 
> Am 05.03.2021 um 13:05 schrieb Vsevolod Stakhov:
> > On 05/03/2021 11:58, Sandy Drobic wrote:
> > > Hello,
> > > 
> > > I stumbled on a problem how to make sure that a whitelisted
> > > recipient will
> > > receive the mail and is not blocked by another rule.
> > > The documentation shows how priority is used to merge different
> > > settings in
> > > the configuration files but not how to prioritize one rule over
> > > another.
> > > 
> > > In this case I have a whitelist rule and a blacklist rule and
> > > discovered that
> > > the blacklist rule trumps the whitelist rule. I want to find out
> > > how this works.
> > > 
> > > multimap.conf:
> > > 
> > > # whitelist recipient address (printserver)
> > > WHITELIST_RECIPIENT {
> > >       type = "rcpt";
> > >       filter = "email:domain";
> > >       map = "${LOCAL_CONFDIR}/local.d/recipient_whitelist";
> > >       symbol = RECIPIENT_WHITELIST;
> > >       prefilter = true;
> > >       score = 0.0;
> > >       action = "accept";
> > > }
> > > # forbidden extensions in attachments (and archives as
> > > attachment)
> > > file_extension_blacklist {
> > >       type = "filename";
> > >       filter = "extension";
> > >       map =
> > > "${LOCAL_CONFDIR}/local.d/file_extension_blacklist.map";
> > >       symbol = "FILE_EXTENSION_BLACKLISTED";
> > >       prefilter = true;
> > >       action = "reject";
> > >       message = "attachment type not allowed";
> > > }
> > > 
> > > If no forbidden extension is found the recipient is whitelisted
> > > and the only
> > > symbol is RECIPIENT_WHITELIST as a result.
> > > But if an attachment from the blacklisted list is found the rule
> > > file_extension_blacklist is overruling the recipient_whitelist.
> > > 
> > > How can I control which rule takes priority?
> > Sigh... Use scores, not actions and never use prefilters unless you
> > understand how Rspamd works. Passthrough actions are almost all the
> > time
> > are misused, and this is a clear example of that mistake.
> > 
> And now I am really baffled since I was told earlier that I should
> not use
> scores when autolearn for bayes is active.
> I can omit the action in the whitelist rule since I set the score
> there but
> then what about the blacklist rule?
> If I set the score to 20 to reject it safely will I not learn these
> rules als
> spam in bayes?

I am also curious as to this.  Is there maybe a way to disable
autolearning when the FILENAME_BLACKLISTED symbol is present?

Thanks,

-- 
Jesse Norell