header FUZZY_DENIED high score
Emanuel Gonzalez
Philip Paeps
If you're using the default fuzzy_check configuration, hashes are checked against fuzzy?.rspamd.com (confirm with rspamadm configdump fuzzy_check).
You can whitelist that hash on https://bl.rspamd.com/.
Philip
--
Philip Paeps
Senior Reality Engineer
Ministry of Information
Emanuel Gonzalez
retransmits = 1;
rule {
rspamd.com {
symbol = "FUZZY_UNKNOWN";
mime_types [
"*",
]
encryption_key = "icy63itbhhni8bq15ntp5n5symuixf73s1kpjh6skaq4e7nx5fiy";
read_only = true;
fuzzy_map {
FUZZY_PROB {
flag = 2;
max_score = 10;
}
FUZZY_DENIED {
flag = 1;
max_score = 20;
}
FUZZY_WHITE {
flag = 3;
max_score = 2;
}
}
max_score = 20;
short_text_direct_hash = true;
skip_unknown = true;
algorithm = "mumhash";
servers = "round-robin:fuzzy1.rspamd.com:11335,fuzzy2.rspamd.com:11335";
}
}
timeout = 2;
min_bytes = 1000;
*** End of section fuzzy_check ***
--
You received this message because you are subscribed to the Google Groups "rspamd" group.
To unsubscribe from this group and stop receiving emails from it, send an email to rspamd+un...@googlegroups.com.
Visit this group at https://groups.google.com/group/rspamd.
Philip Paeps
On 2018-08-29 13:44:20 (+0200), Emanuel Gonzalez wrote:
El mar., 28 de ago. de 2018 a la(s) 17:44, Philip Paeps escribió:
On 2018-08-28 21:00:21 (+0200), Emanuel Gonzalez wrote:
Hello, I have a question regarding an email that is not spam, in the analysis I see this:
[FUZZY_DENIED(11.99){1:2462e1bc90:1.00:bin;}
Would they help me find the cause of the problem?ç
If you're using the default fuzzy_check configuration, hashes are checked against fuzzy?.rspamd.com (confirm with `rspamadm configdump fuzzy_check`).
You can whitelist that hash on https://bl.rspamd.com/.
Here I detail the result of the command
*** Section fuzzy_check ***
[...]
mime_types [ "*", ]
[...]
servers = "round-robin:fuzzy1.rspamd.com:11335,fuzzy2.rspamd.com:11335";
[...]
*** End of section fuzzy_check ***
That is indeed the default configuration. You are checking against fuzzy?.rspamd.com.
Is it just an email that has images in the body of the message, can images be the problem?
The documentation of the fuzzy_check module describes in detail what is checked. The entire message is checked, including attachments.
Can false positives exist through this module?
Every module can have false positives.
You can improve the module by whitelisting the hash on https://bl.rspamd.com/.
You could exclude images if your users are interested in spammy images by adjusting the mime_types array.
Alexander Moisseev
> Is it just an email that has images in the body of the message, can images be the problem?
>
>
Raphael Schneider
Alexander Moisseev
> Hello Philip,
> as I have the same Problem with some emails.
> I want to whitelist the hash but I don't find out how to get it in the first place.
> It is not listed in webui.
>
> Can you help me there?
>
Another option is to add the "X-Rspamd-Fuzzy" header to messages: https://rspamd.com/doc/modules/milter_headers.html#fuzzy-hashes-175