[Rspamd-Users] Multimap with score in map file with value 0
Jesse Norell
jesse at kci.net
Thu Jan 20 17:36:28 UTC 2022
On Thu, 2022-01-20 at 16:58 +0100, Thomas wrote:
> Hello.
>
> I have a multimap.conf rule where I try to assign, dependent on the
> from
> adress, a score.
>
> multimap.conf:
>
> from_reputation {
> type = "from";
> description = "Score +/- per FROM address (Envelope or header
> from).";
> map = "${LOCAL_CONFDIR}/maps/from_score.map";
> symbols = ["FROM_SCORE_GOOD","FROM_SCORE_BAD"];
> regexp = true;
> }
>
> and in the map file I have the following (just two lines as an
> example):
>
> /noreply at wetransfer\.com/i FROM_SCORE_GOOD:-5
> /.*@jazzfree\.com/i FROM_SCORE_BAD:25
>
> But I see when the rule is triggered just 0.0 points assigned to the
> symbol.
>
> What am I doing wrong?
I'm not sure I can answer that in the manner you were asking for
(though try adding 'filter = "headers";' in multimap.conf), but what
comes to mind in response to what you're doing wrong is not factoring
in any authentication. Once you get this working, you risk that anyone
can spoof from noreply at wetransfer.com and have their message score
reduced. Yes, wetransfer.com has a dmarc quarantine policy which is
intended to prevent that, but rspamd does not reject based on failing
dmarc policy, it only adds to the score (in this case
DMARC_POLICY_QUARANTINE adds 1.5, your FROM_SCORE_GOOD subtracts 5,
totaling -3.5 for anyone forging that sender address). Perhaps you
have addressed this (via whitelist module, composite rules, opendmarc,
or something else) in other config, but thought it worth a mention.
--
Jesse Norell
Kentec Communications, Inc.
970-522-8107 - www.kci.net
More information about the Users
mailing list