rspamd blocking local user sending to local user

Debian bookworm, ispconfig 3.3.1, multi server cluster.
I updated 2 days ago and said yes to update creating a new rspamd file, didnt think to note what config file was renewed.
Now, i have a local user emailing a doc file out to external mail account and rspamd is blocking it outbound, gives a spam 554 5.7.1 spam message rejected.
in rspamd - history it scores a 15 / 10 - impressive, investigate further and it states:

Code:

 URL_OBFUSCATED_TEXT • Obfuscated URL found in message text (9) [type=word_dot,url=http://btconnect.com,orig=btconnect.com Co. Reg. No. 010101010 some text here]
BAYES_SPAM (5.1) [100.00%]
SUSPICIOUS_URL_IN_SUSPICIOUS_MESSAGE • Message contains redirector, anonymous or IPFS gateway URL and is marked by fuzzy/bayes/SURBL/RBL (1)

I then tried adding

Code:

/etc/rspamd/local.d/multimap.conf
/etc/rspamd/local.d/whitelist_sender_domains.map

But over night he started getting lots of phishing emails from himself, from external IP;s - all scam.
so it looks like rspamd is not checking the originating ip and just blank whitelisting the mail address going in and out.
so, other that getting the client to alter his word doc, how can i add outgoing whitelist for them or another elegant solution

dave

 

also in rpsmand - configuration.
I cannot add a domain to:

Code:

/etc/rspamd/local.d/maps.d/spf_whitelist.inc.local
/var/lib/rspamd/spf_whitelist.inc.local

as they are whited out, states not loaded, and

Code:

/etc/rspamd/local.d/maps.d/spf_dkim_whitelist.inc.local 

is just cached and not writeable.