On 2022/02/18 16:26, Alexander Hall wrote:
>
>
> On February 18, 2022 3:44:08 PM GMT+01:00, Stuart Henderson
> <[email protected]> wrote:
> >On 2022/02/18 15:26, Mark Patruck wrote:
> >> On 18.02.2022 10:11, Alexander Hall wrote:
> >> > Hi!
> >> >
> >> > Lately I've seen ports@ email in my spam folder, if they contain
> >> > "bad.port.mk", since apparently "port.mk" is considered a domain name,
> >> > and a harmful such, too.
> >> >
> >> > I've tried to whitelist "bad.port.mk" but it does not seem to help.
> >> >
> >> > I'm assuming this might be a common issue for other ports@ subscribers,
> >> > so if anyone has any suggested remedy, is be happy to hear it.
> >> >
> >> > /Alexander
> >>
> >> No issues here with ports@ mails. I've also checked the symbol table
> >> for scanned mails (rspamc analyse), but didn't find a bigger increase
> >> of the final score due to potential spam.
> >>
> >> Out of interest...what does your scan results say for relevant mails?
> >
> >It hit gonzalo's nextcloud updates the other day. Relevant bit on mine
> >was URIBL_BLACK(7.50)[port.mk:url];
>
> Yup, exactly that.
>
> While seemingly self-healed now, it would be nice to know how to avoid or
> workaround this in the future.
>
> /Alexander
Couple of examples of things pulled from my config; you can adjust the
score for a symbol in local.d/metrics.conf:
$ cat metrics.conf
symbol "R_MISSING_CHARSET" {
score = 0.75;
}
symbol "MISSING_MIME_VERSION" {
score = 0.50;
}
Or disable a symbol when messages match something in local.d/settings.conf
mssql_lacking_messageid {
id = "mssql_lacking_messageid"
priority = high;
ip = "10.14.41.128/29";
apply {
symbols_disabled [
"MISSING_MID", "MIME_BASE64_TEXT_BOGUS"
]
}
symbols [
"mssql"
]
}
https://rspamd.com/doc/configuration/settings.html has more things you can
match on (various ways to match on header, SMTP addresses, etc) and so on
(you can also change spam/greylist thresholds depending on these matches
too)
I have only scratched the surface of what's possible, it does work fairly
well left to itself in many cases.
