[Rspamd-Users] Multimap and syntax...

[Gerald Galster]

> I use the filter email:domain:tld which according to Docs Somebody "<user at foo.example.com> -> example.com " only returns the domain. So I enter e.g. aok.de in my map. But what about: canford.co.uk? Is co.uk then considered a TLD or as a domain and tld.

Rspamd includes the public suffix list (see https://publicsuffix.org/list/).
https://github.com/rspamd/rspamd/blob/master/contrib/publicsuffix/effective_tld_names.dat

> Should I do this with regex or not?

With hyperscan enabled you can use lots of regexes without performance penalty.
On the other hand you need to be familiar with regular expressions and be excact.
Given the problems you currently have I don't recommend it because it's harder to debug.

> I have many domains like this that I need to whitelist, but I'm not sure how to do it:
> cmp.dotmailer.co.uk

You've copied the example "email:domain:tld" which converts user at foo.example.com to example.com.
So user at cmp.dotmail.co.uk will be converted to dotmail.co.uk, which is not in your list and therefore does not match.

> de-news.adidas.com

Use "email:domain" if you want to match that, not email:domain:tld or remove de-news.adidas.com and add adidas.com instead.

> The problem I have is that some entries just don't work

Try to be more precise when reading the documentation.

> and I don't know why that could be. In my current white domain list I have around 2000 entries. Could it be that there are too many?

Generally speaking, no.

Just a hint: if you add e.g. adidas.com to your whitelist, any spammer that sends with @adidas.com is probably whitelisted due to score -20.
I'd rather train rspamd to filter spam and use those maps to assist learning. Otherwise a spammail with an added score of -20 will probably be learned as ham, which can ruin your bayes filter.

Best regards,
Gerald