[Rspamd-Users] How to mark this kind of mails as spam ...

G.W. Haywood rspamd at jubileegroup.co.uk
Thu May 30 11:59:58 UTC 2024 

Hi there,

On Wed, 29 May 2024, Steve Witten wrote:
> On Wed, May 29, 2024 at 10:17 AM Tino Hendricks wrote:
>>
>> I do this for single header matches but wasn’t brave enough to dare this
>> with an „AND“ condition. ;-)
> 
> There are no logical operations in the *postfix* *header_check *facilities :-(
> ...

If Postfix and rspamd are too painful to configure, then you could use
a simple milter to do this sort of thing.  Then you could have all the
Boolean logic you need with a simple configuration.  It's what I do.
My milters are written in Perl, and Perl regexes can do more or less
anything, but if there are limitations they can be augmented with some
simple logic.

Perl might not be the best for performance, but there are things like
milter-regex, written in C, at perhaps some cost in flexibilty.

I'd suggest it's best if the MTA calls your milter for every part of
the SMTP conversation before rspamd does anything for the same parts.

One issue to be aware of is that with the current (version 6) milter
specifications you can't use one milter to prevent other milters from
running by ACCEPTing the message.  You can only prevent later milters
from running by making an earlier milter reply with a REJECT (either
REJECT, or TEMPFAIL, or DISCARD).  So for example if you're sending a
report to SpamCop and you don't want your virus scanning milter to run
because you know it has a virus in it, you can't stop it by returning
ACCEPT from an earlier milter.  If a milter replies to the MTA with
ACCEPT, then for the rest of the processing of the message[*] the MTA
will ignore the milter which ACCEPTed the message but it will continue
to ask the opinion of the other milters.  I get around this using some
flags in a database which the milters share, but I'm afraid it results
in quite a lot of juggling in the code.  The alternative can be a lot
of duplication of whitelisting in the configurations.  They probably
all use a completely different syntax, which was why, years ago, I
abandoned the use of multiple (seven!) milters and wrote my own.

[*] Slightly simplified logic here which is near enough for now.

-- 

73,
Ged.

More information about the Users mailing list