[Rspamd-Users] How to mark this kind of mails as spam ...

Albrecht Backhaus albrecht.backhaus at dojokun.ch
Wed May 29 16:30:03 UTC 2024 


Am 29.05.2024 16:16:28, schrieb "Steve Witten" <caponecicero at gmail.com> 
:

>On Wed, May 29, 2024 at 2:56 AM G.W. Haywood <rspamd at jubileegroup.co.uk>
>wrote:
>
>>  Hi there,
>>
>
><snip />
>
>Generally speaking I prefer to REJECT mail using SMTP at the server,
>>  rather than wait until the delivery stage when the server has ACCEPTed
>>  it, because the ACCEPT gives the impression that the spammed recipient
>>  address is valid.  Of course this assumes that the recipient address
>>  is not one of my (thousands of) spam traps - in which case normally I
>>  would TEMPFAIL it indefinitely instead. }:-)
>>
>
>I completely agree with you.  However, given the OPs list of
>characteristics for describing the spam s/he's experiencing, it's kinda
>hard to do that with *postfix*'s supported mechanics.  My preferred
>strategy would be to REJECT the mail as soon as possible -- before even
>bothering *rspamd* about it.
>
>If you know of a way to have *postfix* examine the internals of a message (*à
>la* the OPs describing characteristics), *boy! howdy!* I'd love a pointer
>to it!
>
>I only offered the *sieve* solution as another way to solve the OPs
>problem.  As I said, I find the *sieve* language to be fairly obtuse and
>pretty limited.  It's useful but kinda only as the last resort...
>
OK - I also think that these emails should be rejected directly at the 
mail server. I have therefore opted for the lua variant and created the 
following script (see below). As far as I could test, it works.

local rspamd_logger = require "rspamd_logger" 		
local fun = require "fun" 		

local function check_subject_attachment(task) 		
-- get subject from email 		
local subject = task:get_header("Subject") 		

if not subject then 		
rspamd_logger.infox(task, "No Subject found") 		
return 		
end 		

-- check for attachments 		
local attachments = task:get_parts() 		
if not attachments then 		
rspamd_logger.infox(task, "No attachments found") 		
return 		
end 		

-- check if filename without extension of one of the attachments is 
similar to Subject 		
local found = fun.any(function(part) 		
local fname = part:get_filename() 		
if fname then 		
-- remmove filename extension 		
local basename = fname:gsub("%..*$", "") 		
if basename == subject then 		
return true 		
end 		
end 		
return false 		
end, attachments) 		

if found then 		
rspamd_logger.infox(task, "Attachment found with a name similar to 
subject") 		
task:insert_result('SUBJECT_ATTACHMENT_MATCH', 1.0, "Name of an 
attachment is similar to Subject") 		
else 		
rspamd_logger.infox(task, "No attachment found with a name similar to 
Subject") 		
end 		
end 		

-- Register function as Symbol 		
rspamd_config:register_symbol({ 		
name = "SUBJECT_ATTACHMENT_MATCH", 		
score = 50.0, 		
group = "my_custom_rules", 		
callback = check_subject_attachment 		
})

Thank you for your support.

More information about the Users mailing list