[Rspamd-Users] RSPAMD not rejecting email despite rule?

[Srikrishnan Chitoor]

Hi:

  We are using RSPAMD v3.2 on Ubuntu. A spam email was sent and the RSPAMD log for the same is as below:
** START(default: F (no action): [3.40/15.00] [FROM_INVALID(2.00){},RISFORGED(1.00){},FORGED_SENDER(0.30){Mr Larry gl899262 at gmail.com;gl899262 at gmail.com;},MIME_HTML_ONLY(0.20){},R_DKIM_ALLOW(-0.20){elink4jobs.com:s=default;},DMARC_POLICY_SOFTFAIL(0.10){gmail.com : No valid SPF, DKIM not aligned (relaxed);none;},ARC_NA(0.00){},ASN(0.00){asn:46606, ipnet:198.1.64.0/18, country:US;},DKIM_TRACE(0.00){elink4jobs.com:+;},FREEMAIL_ENVFROM(0.00){gmail.com;},FREEMAIL_FROM(0.00){gmail.com;},FREEMAIL_REPLYTO(0.00){gmail.com;},FROM_NEQ_ENVFROM(0.00){Mr Larry gl899262 at gmail.com;gl899262 at gmail.com;},FROM_NO_DN(0.00){},HAS_REPLYTO(0.00){gl8992362 at gmail.com;},HAS_X_ANTIABUSE(0.00){},HAS_X_AS(0.00){info at elink4jobs.com;},HAS_X_GMSV(0.00){info at elink4jobs.com;},HAS_X_SOURCE(0.00){},MID_RHS_MATCH_FROM(0.00){},MIME_TRACE(0.00){0:~;},RCPT_COUNT_ONE(0.00){1;},RCVD_COUNT_TWO(0.00){2;},RCVD_TLS_LAST(0.00){},RCVD_VIA_SMTP_AUTH(0.00){},REPLYTO_DN_EQ_FROM_DN(0.00){},REPLYTO_DOM_EQ_FROM_DOM(0.00){},R_SPF_SOFTFAIL(0.00){~all;},TO_DN_NONE(0.00){},TO_MATCH_ENVRCPT_ALL(0.00){}]), len: 2821, time: 813.294ms, dns req: 27, digest: <0bdb01683fe96e1147e7cbf1bf25eba8>
** END
  We have a rule in force_actions.conf as follows:

** START  RISFORGED1 {
    action = "reject";
    expression = "!RISWHITELISTED & RISFORGED & !DMARC_POLICY_ALLOW";
    message = "Email rejected due to sender spoofing.";
  }
** END
 We have checked that 

1. RISWHITELISTED does not exist in log.2. RISFORGED does exist in log3. DMARC_POLICY_ALLOW does not exist in log.
Then this rule is supposed to fire and reject the email, but it is not happening. Any idea on what the issue can be?
Thanks,-Krishnan.