[Rspamd-Users] weird MIME penalisation on (IMO) right formated mail attachments - RSPAMD or our mistake?
Franta Hanzlík
franta at hanzlici.cz
Tue Apr 15 10:31:32 UTC 2025
On Mon, 14 Apr 2025 17:02:28 +0200
Franta Hanzlík <franta at hanzlici.cz> wrote:
> At our high school we have now problem with internal mail delivery -
> emails from students with the completion of assigned tasks are not
> delivered because of poor RSPAMD classification.
>
> As example in attachment is email to the teacher, where three homework
> files are attached - their MIME types are .js, .html and .css - where
> important penalisation are:
>
> MIME_BAD_EXTENSION - highest penalty (although legitimate attachments)
> MIME_BAD_ATTACHMENT - ?WHY penalty? According to RFC9239 .js MUST be text/javascript type. RSPAMD bug?
> MIME_BASE64_TEXT_BOGUS - true for attachment "dolezali.css" - but it
> is as mail client (SOGo webmail) attached it)
> R_MIXED_CHARSET - ?WHY penalty? For "Subject:" header value? But it is only in ASCII!
> MID_RHS_NOT_FQDN - IMO this is because of internal mail within our domain...
>
> Please, what is best solution for email reliable delivery in cases as
> these?
>
> Non-delivery of an email with a student's completed homework is
> a serious problem for us...
>
> Attached are email source as 'postcat -q $MID' output and from base64
> decoded attachments (mail addresses and domain are very slightly changed).
>
> RSPAMD classification is as follows:
>
> 2025-04-01 09:14:00 #23604(rspamd_proxy) <ae75e7>; proxy; rspamd_task_write_log:
> id: <22a0-67eb9200-97-199599a0 at 203688857>, qid: <>, ip: 127.0.0.1,
> FROM: <dolezali at spseplzen.cy>, RCPT: <soukuo at spseplzen.cy>,
> CFrom:Iakub Doležal <dolezali at spseplzen.cy>, CTo: Matěj Soukuo (vyučující) <soukuo at spseplzen.cy>, CCc:nil,
> CSubj:dolezali - test,
> (default: T (quarantine): [12.14/16.00] [
> MIME_BAD_EXTENSION(8.00){js;html;} # 1/20 : Bad extension
> MIME_BAD_ATTACHMENT(1.60){js:text/javascript;} # 2/20 : Invalid attachment mime type
> MIME_BASE64_TEXT_BOGUS(1.00){} # 3/20 : Has text part encoded in base64 that does not contain any 8bit characters
> R_MIXED_CHARSET(1.00){subject;} # 4/20 : Mixed characters in a message
> MID_RHS_NOT_FQDN(0.50){} # 5/20 : the Message-ID does not contain a fully qualified domain name (fqdn).
> MIME_BASE64_TEXT(0.10){} # 6/20 : Has text part encoded in base64
> BAYES_SPAM(0.04){52.89%;} # 8/20 : Message probably spam, probability
> MIME_GOOD(-0.10){multipart/mixed;multipart/alternative;text/plain;text/javascript;} # 7/20 : Known content-type
> ...
> --
I forgot to mention: we are using RSPAMD version 3.8.4 on Centos 7 x86_64.
Regarding the MIME_BAD_ATTACHMENT penalty, I tried to report a bug
to RSPAMD (#5429), but V.Stakhov has a different opinion.
Personally, as the best solution to my problem I would like an
algorithm like:
if (mail_from_mydomain && mail_to_mydomain) then not_penalize_some generally dangerous attachments
But is it possible to implement something similar in RSPAMD easily?
Thanks in advance, Franta Hanzlík
More information about the Users
mailing list