[Rspamd-Users] Multimaps seem to not work

Simon Hoffmann rspamd at list.simonhoffmann.net
Wed Aug 10 14:30:41 UTC 2022

Hey fellow spam fighters! :)

I currently have the following multimap.conf in /etc/rspamd/local.d

    type = "ip";
    map = "$CONFDIR/local.d/whitelist_ip.map";
    description = "Local ip whitelist";
    action = "accept";

        type = "from";
        map = "$CONFDIR/local.d/whitelist_from.map";
        description = "Local from whitelist";
        action = "accept";

        type = "header";
        header = "from";
        map = "$CONFDIR/local.d/whitelist_from_header.map";
        description = "Local from (header) whitelist";
        action = "accept";

        type = "ip";
        map = "$CONFDIR/local.d/blacklist_ip.map";
        description = "Local ip blacklist";
        action = "reject";

        type = "from";
        map = "$CONFDIR/local.d/blacklist_from.map";
        description = "Local from blacklist";
        action = "reject";

        type = "header";
        header = "from";
        map = "$CONFDIR/local.d/blacklist_from_header.map";
        description = "Local from (header) blacklist";
        action = "reject";

        type = "header";
        header = "to";
        map = "$CONFDIR/local.d/whitelist_to_header.map";
        description = "Local to (header) whitelist";
        acction = "accept";

The IP based maps are not yet in use, I cannot say anything about that.

In the whitelist_to_header.map I have two entries, 

spam at filter.xyz.net
ham at filter.xyz.net

which seems to work fine. When submitting a ham the message got flagged as spam
first, but after adding this map mails now pass to my filter learning script.

However, the blacklist_from and blacklist_header_from seem to not work at all.
I have added michaels at emdeals.michaels.com into both maps, yet rspamd does not reject
incoming mails from this address.

Rspamd log:

Aug 10 11:23:55 mailin rspamd[788]: <1ab58e>; task; rspamd_task_write_log: id: <1fb16a2b-7af0-4213-b60d-49a5b3df2380 at dfw1s10mta411.xt.local>, qid: <858107cd>, ip:, from: <bounce-26_HTML-345041960-190051-100010552-23689 at bounce.emdeals.michaels.com>, (default: T (add header): [9.54/15.00] [BAYES_SPAM(8.00){100.00%;},FORGED_RECIPIENTS(2.00){m:@.NET;s:simon at .net;},DMARC_POLICY_ALLOW_WITH_FAILURES(-0.50){},FORGED_SENDER(0.30){michaels at emdeals.michaels.com;bounce-26_HTML-345041960-190051-100010552-23689 at bounce.emdeals.michaels.com;},R_DKIM_ALLOW(-0.20){emdeals.michaels.com:s=10dkim1;},MIME_GOOD(-0.10){multipart/alternative;text/plain;},MANY_INVISIBLE_PARTS(0.05){1;},HAS_LIST_UNSUB(-0.01){},ARC_NA(0.00){},ASN(0.00){asn:34788, ipnet:, country:DE;},DKIM_TRACE(0.00){emdeals.michaels.com:+;},DMARC_POLICY_ALLOW(0.00){michaels.com;none;},FROM_HAS_DN(0.00){},FROM_NEQ_ENVFROM(0.00){michaels at emdeals.michaels.com;bounce-26_HTML-345041960-190051-100010552-23689 at bounce.emdeals.michaels.com;},GREYLIST(0.00){pass;body;},MIME_TRACE(0.00){0:+;1:+;2:~;},NEURAL_HAM(-0.00){-1.000;},RCPT_COUNT_ONE(0.00){1;},RCVD_COUNT_THREE(0.00){3;},RCVD_TLS_LAST(0.00){},R_SPF_FAIL(0.00){-all;},SUBJECT_ENDS_EXCLAIM(0.00){},TO_DN_NONE(0.00){}]), len: 100485, time: 622.634ms, dns req: 67, digest: <70be4cff13e3465a683cee0b3cdc1c8b>, rcpts: <simon at .net>, mime_rcpts: <J at .NET>

Since all files are rolled out via configmanagement, everyone has the same owner and
permissions. Do you have any idea why it is not working?

Also, I am not yet entirely convinced that the whitelist_from maps are working as
intended as well.



-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: not available
URL: <https://lists.rspamd.com/pipermail/users/attachments/20220810/21a10f99/attachment.bin>

More information about the Users mailing list