[Rspamd-Users] How to reject email subject/body message?

G.W. Haywood rspamd at jubileegroup.co.uk
Fri Oct 20 22:19:48 UTC 2023 

Hi there,

On Fri, 20 Oct 2023, Stanislav wrote:
> On Fri, 20 Oct 2023, G.W. Haywood wrote:
>>
>> Stanislav: can you tell us how familiar you are with the structure of
>> 
>> (1) emails in general and
>> 
>> (2) MIME-structured emails in particular?
>> 
>> It's especially important to know what you're dealing with before you
>> try to filter mail because otherwise the results may be disappointing.
> 
> ... I'm more or less familiar with mail server, and, overall, how it
> works.  I do not consider myself a guru ... used to have just Postfix
> ... built-in basic checks and rbls to reject spam.

My experience using a scoring system with 12 - 15 BLs is that they can
help a lot if you choose them carefully, but they can only stop around
two-thirds of the spam.  You really need something which can take both
more features and more specific features of the mail into account.

> I've recently started noticing legitimate emails getting rejected,
> so I'm experimenting with this now.  I didn't use SpamAssassin or
> any other similar solution in the past. Pretty much Rspamd is the
> first one I've decided to try.

If your BLs are causing the legitimate emails to be rejected then my
view would be you need to consider your choice of BLs more carefully.

> What I'm expecting to achieve is the following: - Rspamd renders a
> message, and based on some key patterns or text like "you won
> million dollar" rejects the email.

I think you have answers to that question now, but I don't have an
answer to mine. :(

The bulk of spam which I see here is not sent in unencoded plain text.

That's why I asked about your understanding of the structure of emails
in general and especially of MIME-structured emails.  It's helpful to
be able to dismantle any email and examine its component parts so that
you can craft rules which will be triggered by spam but not by genuine
messages.  For example, here we increasingly see viruses disguised as
purchase orders or quotation requests.  It's trivial to identify them
if you know exactly what to look for in the message body, but it would
be very laborious to try to identify them all by means of the Subject:
header or by *any* of the text in the body which would be displayed to
the recipient by a typical mail client.

There are many places on the Web which will explain MIME-structured
email.  If you do not have a thorough grasp of the subject, that's
where I would advise you to start.  There are a lot of wrinkles, but
the structure is basically fairly straightforward and although you may
see some spam which is rather cunningly crafted, most of it won't be.
In fact much of it is downright dumb, speaking loudly of its creator.

-- 

73,
Ged.

More information about the Users mailing list