[Rspamd-Users] mark spam in subject, any side effects?

Gerald Galster list+rspamd at gcore.biz
Sat Aug 13 11:37:49 UTC 2022 

Hello,

> First question is, how do I implement these two thresholds and the actions?  To be honest I currently have no clue.

/etc/rspamd/local.d/actions.conf

greylist = 5.0; # Apply greylisting when reaching this score (will emit `soft reject action`)
add_header = 6.0; # Add header when reaching this score
rewrite_subject = 7.0;
reject = 8.0; # Reject when reaching this score
subject = "[SPAM] %s";

You need to set your own levels or use default ones; here 5.0, 6.0, ... just show the order.
Reaching 5 points the mail is greylisted. Reaching 6 points it's not greylisted but a header is added, and so on.


> Second.  If we add the tag to the subject, does this have any impact on learning spam?  Does rspamd know and remember that it added the [SPAM xx] itself?

https://rspamd.com/doc/configuration/statistic.html#classifier-and-headers

"The classifier will only learn headers that are defined in classify_headers in the options.inc file. It is therefore not necessary to remove any headers added (such as X-Spam or others) before learning, as these headers will not be used for classification. Rspamd also uses Subject that is tokenized according to the rules above and several meta-tokens, such as size or number of attachments that are extracted from the messages."


> The prefix to the subject should look like this:   [SPAM score]    like    [SPAM 8.0]

See actions.conf at the beginning (subject = "[SPAM %d] %s")

https://rspamd.com/doc/configuration/metrics.html

"subject - string value that replaces the message’s subject if the rewrite subject action is applied. Original subject can be included with %s. Message score can be filled using %d extension."


> Below eg 4.0 it should not add any prefix to the subject, but still add the score to another header (see 3.).

Levels are defined in actions.conf.


> Third.  We need to add a header with the score as number, like X-Spam-Value: 4.0

https://rspamd.com/doc/modules/milter_headers.html


> Fourth.  If we found the mail as false negative we would use sieve to not only notify rspamd and move to the spam folder but to also modify the subject line to mark the mail visibly as spam (unified inbox).  In that case rspamd will learn that this mail is spam, where rspamd though it is no spam.  But what about the addition of the [SPAM xx]?  Will it learn that spam mails will have [SPAM xx]?  This would not be true.  How could this be managed?
> This case is different from rspamd detected mail as spam, added the header itself and we filtered it to spam folder.  If we see it is not spam, [SPAM xx] will be deleted, means subject line will be deleted and newly added to the end by sieve.  If one decides that it should be spam, [SPAM xx] will be added again, rspamd will be notified and mail gets moved to spam again.  I believe this would work.  But the question is, what happens to mails that sieve marks as spam afterwards by adding the tag to the subject if rspamd has seen this mail as not being spam.

The subject is just a part of the email, it is unlikely that it will get blocked if the remaining body does not match spam criteria.
Bayes filter is about statistics: it matches only if a combination of tokens is considered significant.
Alternatively you could just feed the mail to rspamd before altering the subject.

Best regards
Gerald

More information about the Users mailing list