[Rspamd-Users] force_actions not working as expected
G.W. Haywood
rspamd at jubileegroup.co.uk
Sat Sep 10 10:07:57 UTC 2022
Hi there,
On Sat, 10 Sep 2022, Ronny Seffner wrote:
> I've added an icap service in local.d/external_services.conf as
> follows setting the symbol ICAP_VIRUS - and with eicar test
> signature it is working.
>
> icap {
> servers = "127.0.0.1:1344"
> symbol = "ICAP_VIRUS";
> type = "icap";
> scheme = "scan";
> user_agent = "r-spam-d"
> }
With you so far.
(I'm just going by the documentation, I've never used this...)
> Now I don't like viruses to only higher the score - i'ld like to
> change the subject. As I read in docs, I've to use
> local.d/force_actions.conf to force an action depending on an
> symbol. I tried the follwing:
>
> VIRUS_EXCEPTION {
> action = "rewrite subject";
> expression = "ICAP_VIRUS";
> subject = "*** VIRUS-Verdacht *** %s";
> message = "Rejected due to suspicion of virus";
> # require_action = ["no action", "greylist", "reject", "add header", "rewrite subject"];
> }
Firstly, this seems incomplete. Is this block inside a rules {} block?
Secondly, I'm a little confused by your VIRUS_EXCEPTION block. The line
message = "Rejected ...."
seems to be an SMTP reply message [*]
> As you can see, I also tried to make this action an post-action
> (commenting out require_action). But no subject is rewritten. I also
> tried action = "reject" without success.
[*] The SMTP reply in a [message = "..."] config line would be sent to
the connecting client (presumably in the case of finding a virus after
the End Of Message processing) and after the decision has been made to
*reject* the message. In this case I would not expect the message be
delivered. Attempting to modify the subject would therefore not make
sense, as nobody would ever see it. I do not know if the presence of
this line might be as confusing to rspamd as it is to me. :/
> I checked if mentioned config snippets were ok using rspamadm
> configtest and rspamadm configdump.
I guess it's difficult to detect all possible pathological cases. :)
> Did you have any hint how to force subject rewriting ...
If the problem isn't the absence of a rules {} block and isn't the
presence of the [message ="..."] line then I'm as puzzled as you. :(
Perhaps you have something configured to override the action?
--
73,
Ged.
More information about the Users
mailing list