[Rspamd-Users] Multimap with score in map file with value 0

[Thomas]

Am 20.01.2022 um 18:36 schrieb Jesse Norell via Users:
> On Thu, 2022-01-20 at 16:58 +0100, Thomas wrote:
>> Hello.
>>
>> I have a multimap.conf rule where I try to assign, dependent on the
>> from
>> adress, a score.
>>
>> multimap.conf:
>>
>> from_reputation {
>>       type = "from";
>>       description = "Score +/- per FROM address (Envelope or header
>> from).";
>>       map = "${LOCAL_CONFDIR}/maps/from_score.map";
>>       symbols = ["FROM_SCORE_GOOD","FROM_SCORE_BAD"];
>>       regexp = true;
>> }
>>
>> and in the map file I have the following (just two lines as an
>> example):
>>
>> /noreply at wetransfer\.com/i FROM_SCORE_GOOD:-5
>> /.*@jazzfree\.com/i FROM_SCORE_BAD:25
>>
>> But I see when the rule is triggered just 0.0 points assigned to the
>> symbol.
>>
>> What am I doing wrong?
>    I'm not sure I can answer that in the manner you were asking for
> (though try adding 'filter = "headers";' in multimap.conf), but what
> comes to mind in response to what you're doing wrong is not factoring
> in any authentication.  Once you get this working, you risk that anyone
> can spoof from noreply at wetransfer.com and have their message score
> reduced.  Yes, wetransfer.com has a dmarc quarantine policy which is
> intended to prevent that, but rspamd does not reject based on failing
> dmarc policy, it only adds to the score (in this case
> DMARC_POLICY_QUARANTINE adds 1.5, your FROM_SCORE_GOOD subtracts 5,
> totaling -3.5 for anyone forging that sender address).  Perhaps you
> have addressed this (via whitelist module, composite rules, opendmarc,
> or something else) in other config, but thought it worth a mention.
>
Yes you are right. Leftover of a temporary fix when wetransfer was on 
some blacklists...