[Rspamd-Users] rspamd-3.8.4: SPOOF_REPLYTO penalty exception
Franta Hanzlík
franta at hanzlici.cz
Tue May 21 21:41:15 UTC 2024
On Wed, 15 May 2024 03:52:29 +0200
Gerald Galster <list+rspamd at gcore.biz> wrote:
> > I have a web application from which a visitor can send me mail, and
> > the visitor's mail address is added to its "Reply-to" header item.
> > This mail will be marked as spam ([SPAM 7.**] in the subject mail).
> > According to the log, this is caused by the evaluation of "SPOOF_REPLYTO"
> > which has a weight of 6).
> >
> > Please, is it possible to set some exception to the IP address of
> > the site or better MAILFROM, RCPT, From: and To: ?
>
>
> You could use a multimap with a negative score/weight:
> https://rspamd.com/doc/modules/multimap.html
>
> or apply a different symbol weight or disable it:
> https://rspamd.com/doc/configuration/settings.html#settings-structure
>
> or adjust local.d/groups.conf:
> https://rspamd.com/doc/configuration/metrics.html#configuring-scores-and-actions
>
> or update symbol scores (even remotely):
> https://rspamd.com/doc/modules/rspamd_update.html#updates-structure
>
> or use lua ...
>
> Best regards,
> Gerald
> --
Gerald, thank you for the recommendation. I'm learning what the multimap
module can do, but I'm not wise about it ;)
Ideally I would need some logic like this:
if ( ip == $MyExternalWebIP && from == $User1 at MyDomail && to == $User2 at MyDomain ){
score("SPOOF_REPLYTO") = 0
} else {
leave SPOOF_REPLYTO at default score 6.0
}
Is this possible to achieve using a map?
Or using some other Rspamd mechanism?
And maybe stupid questions, it's not clear to me from the documentation:
- what is in multimap rule matching? Regex match is somehow clear, but
how with normal (non-regexp, non-radix) map (e.g. for from or rcpt) map
type? Matching key in map (map file in my case) must exactly match?
Or is taken as substring? And glob/wildcards keys are supported?
Does this have anything to do with paragraph https://rspamd.com/doc/modules/multimap.html#maps-flaws ?
What is "regexp_multi" and "glob_multi" there?
- "score" and "weight" are synonyms and have same meaning?
- optional "multi" map attribute only make sense for multiple symbol maps?
--
My brain is messed up ;)
Thanks, Franta Hanzlik
More information about the Users
mailing list