MULTIMAP -content filter
619 views
Skip to first unread message
Karáth Attila
Sep 16, 2018, 5:55:21 AM9/16/18
to rspamd
Dear All,
I would like to make a very simple content filter. (it is just a test) I would handle tree different case :
case (body contains "tartalom10") -- score should be 10
case (body contains "tartalom5") -- score should be 5
case (body contains "tartalom0") -- score should be 1 (default)
In order to achieve this I did the following configuration.
cat /etc/rspamd/local.d/multimap.conf
CONTENT_BLACKLISTED {
type = "content";
filter = "body"; # can be headers, full, oneline, text, rawtext
map = "file:///etc/rspamd/maps/content.map";
symbols = ["CONTENT_BLACKLISTED1", "CONTENT_BLACKLISTED2"];
regexp = true;
type = "content";
filter = "body"; # can be headers, full, oneline, text, rawtext
map = "file:///etc/rspamd/maps/content.map";
symbols = ["CONTENT_BLACKLISTED1", "CONTENT_BLACKLISTED2"];
regexp = true;
}
cat /etc/rspamd/maps/content.map:
#content filter
# Symbol + score
/re1/ CONTENT_BLACKLISTED1:10
tartalom10
/re2/ CONTENT_BLACKLISTED2:5
tartalom5
/re3/
tartalom0
# Symbol + score
/re1/ CONTENT_BLACKLISTED1:10
tartalom10
/re2/ CONTENT_BLACKLISTED2:5
tartalom5
/re3/
tartalom0
If I change the content of the content.map i can see the rspamd recognize the change but the content filtering is still not working. I suppose there is a issue with the syntax of the content.map.
2018-09-16 11:07:36 #20303(normal) <yuec6e>; map; rspamd_map_file_check_callback: old mtime is 1537088569, new mtime is 1537088833 for map file /etc/rspamd/maps/content.map
2018-09-16 11:07:36 #20303(normal) <yuec6e>; map; rspamd_map_file_read_callback: rereading map file /etc/rspamd/maps/content.map
2018-09-16 11:07:36 #20303(normal) <yuec6e>; map; read_map_file_chunks: /etc/rspamd/maps/content.map: read map chunk, 133 bytes
2018-09-16 11:07:36 #20303(normal) <yuec6e>; map; rspamd_regexp_list_fin: read regexp list of 6 elements
2018-09-16 11:07:36 #20303(normal) <yuec6e>; map; rspamd_map_file_read_callback: rereading map file /etc/rspamd/maps/content.map
2018-09-16 11:07:36 #20303(normal) <yuec6e>; map; read_map_file_chunks: /etc/rspamd/maps/content.map: read map chunk, 133 bytes
2018-09-16 11:07:36 #20303(normal) <yuec6e>; map; rspamd_regexp_list_fin: read regexp list of 6 elements
I f i send a test mail with "tartalom5" in the body from the google to my domain the received mail contains the symbols, what means the rspamd not recognize the "tartalom5" in the body:
X-Spamd-Result: default: False [0.69 / 15.00]; ARC_NA(0.00)[]; R_DKIM_ALLOW(-0.20)[YYYYYYY.20150623.gappssmtp.com]; FROM_HAS_DN(0.00)[]; R_SPF_ALLOW(-0.20)[+ip4:209.85.128.0/17]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MIME_GOOD(-0.10)[multipart/alternative,text/plain]; PREVIOUSLY_DELIVERED(0.00)[kar...@XXXXX.hu]; PN_COUNTRY_SUSP(6.00)[US]; RCPT_COUNT_ONE(0.00)[1]; DMARC_NA(0.00)[YYYYY.hu]; TO_DN_ALL(0.00)[]; DKIM_TRACE(0.00)[YYYYY-hu.20150623.gappssmtp.com:+]; CONTENT_BLACKLISTED(0.00)[]; FROM_EQ_ENVFROM(0.00)[]; RCVD_TLS_LAST(0.00)[]; IP_SCORE(-1.88)[ipnet: 209.85.128.0/17(-5.44), asn: 15169(-3.57), country: US(-0.38)]; ASN(0.00)[asn:15169, ipnet:209.85.128.0/17, country:US]; RCVD_COUNT_TWO(0.00)[2]; BAYES_HAM(-2.93)[99.71%] X-Rspamd-Server: mail
So I hope you can tell me what did i wrong.
Thank you very much.
Emanuel Gonzalez
Sep 19, 2018, 9:32:06 AM9/19/18
to a...@karath.hu, rspamd
In the metrics.conf file, you add the score for the symbol?
--
You received this message because you are subscribed to the Google Groups "rspamd" group.
To unsubscribe from this group and stop receiving emails from it, send an email to rspamd+un...@googlegroups.com.
Visit this group at https://groups.google.com/group/rspamd.
Reply all
Reply to author
Forward
0 new messages