[Rspamd-Users] yet more confusion on multimap whitelisting
Randy Bush
randy at psg.com
Mon Sep 8 20:27:10 UTC 2025
debian12
Rspamd daemon version 3.4
desirable email from a source behind a firewall where we do not control
dns and there is no SPF, DKIM, ... is being classified as spam
# cat /etc/rspamd/local.d/multimap.conf
# https://gist.github.com/ThomasLeister/f41adad98bb46d0c8418de50b5efb4a0
WHITELIST_IP {
type = "ip";
prefilter = true;
map = "/etc/rspamd/local.d/whitelist_ip.map";
action = "accept";
score = -12.0
}
WHITELIST_SENDER_DOMAIN {
type = "from";
filter = "email:domain";
map = [ ".*\.ord\.feen\.com" ];
regex = true;
action = "accept";
score = -12.0
}
WHITELIST_FROM {
type = "from";
filter = "email";
map = [ "forwardingalgorithm at ietf.org",
"root at catcher.rg.net",
"root at rg.net"
];
action = "accept";
score = -12.0;
}
[ we tried with and without both action and score, all four combos ]
and
# cat /etc/rspamd/local.d/whitelist_ip.map
127.0.0.0/24
::1/128
# other stuff
83.99.120.194
yet this is classified as spam (some names and addresses hacked to
protect the innocent)
From root at stash0.ord.feen.com Sun Sep 7 00:00:02 2025
Return-Path: <root at stash0.ord.feen.com>
X-Original-To: randy at psg.com
Delivered-To: spambox at catcher.rg.net
Received: from stash0.ord.feen.com (unknown [83.99.120.194])
by catcher.rg.net (Postfix) with SMTP id 2EDB4100025
for <randy at psg.com>; Sun, 7 Sep 2025 00:00:02 +0000 (UTC)
Authentication-Results: catcher.rg.net;
dkim=none;
dmarc=fail reason="No valid SPF, No valid DKIM" header.from=feen.com
(policy=reject);
spf=none (catcher.rg.net: domain of root at stash0.ord.feen.com has no SPF
policy when checking 83.99.120.194)
smtp.mailfrom=root at stash0.ord.feen.com
Received: by stash0.ord.feen.com (Postfix, from userid 0)
id 653B96C09B7; Sun, 7 Sep 2025 00:00:01 +0000 (UTC)
To: randy at psg.com
Subject: /var/log/syslog.1
MIME-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
Message-Id: <20250907000001.653B96C09B7 at stash0.ord.feen.com>
Date: Sun, 7 Sep 2025 00:00:01 +0000 (UTC)
From: root <root at stash0.ord.feen.com>
Content-Transfer-Encoding: quoted-printable
X-Spamd-Bar: ++++++++
X-Spamd-Result: default: False [8.30 / 15.00];
HFILTER_HOSTNAME_UNKNOWN(2.50)[];
DMARC_POLICY_REJECT(2.00)[feen.com : No valid SPF, No valid
DKIM,reject];
HFILTER_FROMHOST_NORES_A_OR_MX(1.50)[stash0.ord.feen.com];
RDNS_NONE(1.00)[];
HFILTER_HELO_IP_A(1.00)[stash0.ord.feen.com];
HFILTER_HELO_NORES_A_OR_MX(0.30)[stash0.ord.feen.com];
RCVD_NO_TLS_LAST(0.10)[];
MIME_GOOD(-0.10)[text/plain];
ASN(0.00)[asn:174, ipnet:83.0.0.0/8, country:US];
MID_RHS_MATCH_FROM(0.00)[];
R_DKIM_NA(0.00)[];
FROM_EQ_ENVFROM(0.00)[];
MIME_TRACE(0.00)[0:+];
TO_DN_NONE(0.00)[];
R_SPF_NA(0.00)[no SPF record];
TO_MATCH_ENVRCPT_ALL(0.00)[];
ARC_NA(0.00)[];
RCPT_COUNT_ONE(0.00)[1];
FROM_HAS_DN(0.00)[];
RCVD_COUNT_TWO(0.00)[2]
X-Spam-Level: ********
X-Rspamd-Action: add header
X-Rspamd-Server: catcher.rg.net
X-Rspamd-Queue-Id: 2EDB4100025
X-Spam: Yes
clue bat?
randy
More information about the Users
mailing list