[Rspamd-Users] Question regarding IP reputation in conjunction with forced actions

[Tobias Westerhever]

Hello *,

above all, apologies if my question has already answered elsewhere - working
through rspamd's documentation and some googling did not turn up anything obvious,
so please point me into the direct direction if I overlooked something. :-)

I have been happily using rspamd for a while now, in several environments. To
enforce the respective AUP and to keep the mail system experience deterministic,
I make heavy use of forced actions. For example, the occurrence of a blocklisted
FQDN is sufficient for a message to be rejected.

Messages rejected due to forced actions appear to bypass some modules, such as
Bayes and fuzzy, and it seems like the reputation module won't take them into
account as well.

The ignorance of such messages by Bayes and fuzzy makes sense: Otherwise, an
adversary may sabotage the mail system by stuffing rspamd with arbitrary content
that is automatically learned as spam, making a DoS against legitimate messages
trivial.

However, for IP reputation tracking, I do not quite see such a risk: True,
an attacker may deteriorate the reputation of a shared or compromised IP he/she
gained access to, but to my understanding, that's what IP reputation tracking
is all about.

Please enlighten me on the rationale for ignoring forced actions for IP reputation
tracking as well. Otherwise, it would be great if such messages could be taken
into account by the reputation module. :-)

Thanks in advance for your replies!

Best,
Tobias