[Rspamd-Users] Multimap authenticated nflag matches despite being authenticated

[Marcel Menzel]

Hello List,

given the following configuration (it's a generic regex rDNS for people 
being too lazy to setup/change rDNS map I want to increase it's score) 
it should only match for non-authenticated users:

   BAD_HOSTNAMES {
     type = "hostname";
     map = "${CONFDIR}/custom/badhostnames.map";
     regexp = true;
      score = 4.0;
     nflags = ["authenticated"];
   }

Looking at the logs and history web interface, the rule matches despite 
being authenticated:

   Nov 22 08:14:34 mail rspamd[84883]: <A58355>; task; 
dkim_symbol_callback: skip DKIM checks for local networks and authorized 
users
   Nov 22 08:14:34 mail rspamd[84883]: <A58355>; lua; spf.lua:189: skip 
SPF checks for local networks and authorized users
   Nov 22 08:14:34 mail rspamd[84883]: <A58355>; lua; dmarc.lua:360: 
skip DMARC checks as either SPF or DKIM were not checked
   Nov 22 08:14:34 mail rspamd[84883]: <A58355>; lua; 
once_received.lua:51: Skipping once_received for authenticated user or 
local network
   Nov 22 08:14:38 mail-mut rspamd[84883]: <A58355>; task; 
rspamd_task_write_log: id: <undef>, qid: <A583555DDC>, ip: <redacted>, 
user: <redacted>, from: <redacted>, (default: T (add header): 
[9.06/20.00] 
[BAD_HOSTNAMES(4.00){dyndsl-xxx-xxx-xxx-xxx.ewe-ip-backbone.de;} *snip*
   Nov 22 08:14:38 mail postfix/submission/smtpd[164293]: disconnect 
from dyndsl-xxx-xxx-xxx-xxx.ewe-ip-backbone.de[xxx.xxx.xxx.xxx] ehlo=2 
starttls=1 auth=1 mail=1 rcpt=1 data=1 commands=7

rspamd even seems to notice that mail being authenticated, but why is 
"nflags = ["authenticated"]" still matching?

I am running rspamd 3.10.0 with Postfix 3.9.0. Nothing regarding 
Postfix' milter_* configuration has been changed. Postfix uses rspamd's 
proxy worker for milter.
Rspamd 3.10.2 is out, but looking at the release notes, nothing 
regarding this has been changed, or am I missing something?


Kind regards,

Marcel Menzel