[Rspamd-Users] rspamd outbound force enable SPF/DKIM policyes/symbole

Thu Feb 23 20:55:42 UTC 2023

Hello,

For outgoing email gateways (which do only that) I would like to have 
the cleanest messages possible and therefore I would like to reject all 
messages that are not DKIM signed, invalid SPF...

For this I increased the score (for example) of the R_DKIM_NA symbol:

     "R_DKIM_NA" {
         weight = 15.0;
         description = "Missing DKIM signature";
         one_shot = true;
         groups = ["dkim"];
     }

I specify that I am authenticated on these gateways... Indeed if this is 
not the case, my strategy to increase the score works but if I am 
authenticated it seems that rspamd does not use all the policies...

However, I tried this type of configuration:

authenticated {

     priority = high;

     authenticated = yes;

     apply {

         groups_enabled = ["policies","dkim", "spf"];

         symbols_enabled = ["ARC_NA", "R_DKIM_NA", "R_SPF_ALLOW"]

     }

}

Without effect, the symbols present are the following : 
https://dl.zici.fr/1692736531-74/Selection_591.png

/ARC_NA, FROM_EQ_ENVFROM, FROM_HAS_DN, RCPT_COUNT_ONE, RCVD_COUNT_TWO, 
RCVD_TLS_ALL, RCVD_VIA_SMTP_AUTH, TO_DN_NONE, TO_MATCH_ENVRCPT_ALL/

I specify of course that this message is not signed DKIM invalid SPF, 
but no precision on it, whereas with the same message, if I am not 
authenticated I have the symbols:

ARC_NA, ASN, DMARC_POLICY_REJECT, FROM_EQ_ENVFROM, FROM_HAS_DN, MID_RHS_MATCH_FROM, MIME_GOOD, MIME_TRACE, R_DKIM_NA, R_SPF_NA, RCPT_COUNT_ONE, RCVD_COUNT_TWO, RCVD_TLS_ALL, TO_DN_NONE, TO_MATCH_ENVRCPT_ALL

In short my question is: how to apply the same Rspamd rules on outgoing 
email with an authenticated user or not?

I also attempted to set skip_authenticated = false; pretty much everywhere..

A dump of my current config: 
https://pastebin.zici.fr/?22e0379881473dde#we1jSzedm6A94+5bucx6oiVwlaz763LxezzBIWqeL0E=

Thank you for your reply,
David

-- 
https://retzo.net/