[Rspamd-Users] Multimap with score in map file with value 0
Thomas
thomas at plant.systems
Fri Jan 21 08:13:45 UTC 2022
Am 20.01.2022 um 18:36 schrieb Jesse Norell via Users:
> On Thu, 2022-01-20 at 16:58 +0100, Thomas wrote:
>> Hello.
>>
>> I have a multimap.conf rule where I try to assign, dependent on the
>> from
>> adress, a score.
>>
>> multimap.conf:
>>
>> from_reputation {
>> type = "from";
>> description = "Score +/- per FROM address (Envelope or header
>> from).";
>> map = "${LOCAL_CONFDIR}/maps/from_score.map";
>> symbols = ["FROM_SCORE_GOOD","FROM_SCORE_BAD"];
>> regexp = true;
>> }
>>
>> and in the map file I have the following (just two lines as an
>> example):
>>
>> /noreply at wetransfer\.com/i FROM_SCORE_GOOD:-5
>> /.*@jazzfree\.com/i FROM_SCORE_BAD:25
>>
>> But I see when the rule is triggered just 0.0 points assigned to the
>> symbol.
>>
>> What am I doing wrong?
> I'm not sure I can answer that in the manner you were asking for
> (though try adding 'filter = "headers";' in multimap.conf), but what
> comes to mind in response to what you're doing wrong is not factoring
> in any authentication. Once you get this working, you risk that anyone
> can spoof from noreply at wetransfer.com and have their message score
> reduced. Yes, wetransfer.com has a dmarc quarantine policy which is
> intended to prevent that, but rspamd does not reject based on failing
> dmarc policy, it only adds to the score (in this case
> DMARC_POLICY_QUARANTINE adds 1.5, your FROM_SCORE_GOOD subtracts 5,
> totaling -3.5 for anyone forging that sender address). Perhaps you
> have addressed this (via whitelist module, composite rules, opendmarc,
> or something else) in other config, but thought it worth a mention.
>
Yes you are right. Leftover of a temporary fix when wetransfer was on
some blacklists...
More information about the Users
mailing list