I am slowly becoming more familiar with rspamd, but I have difficulties to get my head around it. I want to change the score of R_SPF_FAIL When I send a mail that failes SPF, rspamd/gui->History says the total score is 0.44 and Code: R_SPF_FAIL (0) [-all] The mail as such says Code: X-Spam-Status: No, score=0.44 that is, the same as the rspam gui. However, in the GUI->Symbols I have set R_SPF_FAIL to 3, but the result is the same, as above. I have reloaded and restarted rspamd, the same. I created my own policies_group.conf in override.d and did set R_SPF_FAIL to 4. The GUI still shows 3, and mail sent shows 0. rspamc shows Code: root@mail1:/etc/rspamd# rspamc counters|grep R_SPF_FA | 224 | R_SPF_FAIL | 4.0 | 0.000(0.000) | 0 | that is, from the override file. What am I doing wrong here?
I just tested this, and R_SPF_FAIL showed 1.2 score on the next hit: Code: # cat /etc/rspamd/local.d/policies_group.conf symbols = { # SPF "R_SPF_FAIL" { #weight = 1.0; score = 1.2; } } You should be able to use override.d as well; maybe you have a syntax error if it's not working? Restart rpsamd and watch rspamd.log for info/clues.
Thanks for your reply Jesse. Now I know where to configure Rspamd. I did create the same file as you to local.d and removed the override.d file. rspamc says Code: root@mail1:/etc/rspamd/local.d# rspamc counters|grep R_SPF_FA | 224 | R_SPF_FAIL | 1.2 | 0.000(0.000) | 0 | so the setting seems to been taken. However, still when I send an email that failes SPF it does not trigger any score for R_SPF_FAIL. The email header Code: X-Spam-Status: No, score=0.44 X-Spamd-Bar: / Authentication-Results: mail1.ic.dadada.com; dkim=pass header.d=forward.foo.com header.s=x header.b=WdlbmIYq; dmarc=pass (policy=none) header.from=foo.com; spf=fail (mail1.ic.dadada.com: domain of [email protected] does not designate xxx.yyy.108.49 as permitted sender) [email protected] clearly stated SPF fails, but rspamd log says different (well not different, it catches it but the score is zero) Code: 2021-06-17 16:37:00 #21184(normal) <b84af9>; task; rspamd_task_write_log: id: <[email protected]>, qid: <F366F42AF7>, ip: xxx.yyy.108.49, from: <[email protected]>, (default: F (no action): [0.44/4.00] [R_MIXED_CHARSET(1.25){subject;}, DMARC_POLICY_ALLOW_WITH_FAILURES(-0.50){}, R_DKIM_ALLOW(-0.20){forward.foo.com:s=x;}, MIME_GOOD(-0.10){text/plain;}, MX_GOOD(-0.01){}, ARC_NA(0.00){}, ASN(0.00){asn:24940, ipnet:xxx.yyy.0.0/16, country:DE;}, DKIM_TRACE(0.00){forward.foo.com:+;}, DMARC_POLICY_ALLOW(0.00){foo.com;none;}, FORGED_RECIPIENTS(0.00){m:[email protected];s:[email protected];}, FORGED_RECIPIENTS_FORWARDING(0.00){}, FORWARDED(0.00){[email protected];}, FROM_EQ_ENVFROM(0.00){}, FROM_NO_DN(0.00){}, HAS_X_ANTIABUSE(0.00){}, HAS_X_AS(0.00){}, HAS_X_GMSV(0.00){}, HAS_X_SOURCE(0.00){}, MID_RHS_MATCH_FROM(0.00){}, MIME_TRACE(0.00){0:+;}, RCPT_COUNT_ONE(0.00){1;}, RCVD_COUNT_THREE(0.00){3;}, RCVD_IN_DNSWL_NONE(0.00){xxx.yyy.108.49:from;aaa.bbb.205.5:received;}, RCVD_TLS_LAST(0.00){}, RCVD_VIA_SMTP_AUTH(0.00){}, R_SPF_FAIL(0.00){-all;}, SPF_FAIL_FORWARDING(0.00){}, TO_DN_NONE(0.00){}]), len: 2430, time: 210.187ms, dns req: 32, digest: <a2dc805f745bf77a534e26ab0a2eecd2>, rcpts: <[email protected]>, mime_rcpts: <[email protected]>, settings_id: ispc_mail_user_56 2021-06-17 16:37:00 #21184(normal) <b84af9>; task; rspamd_protocol_http_reply: regexp statistics: 0 pcre regexps scanned, 4 regexps matched, 174 regexps total, 68 regexps cached, 0B scanned using pcre, 1.41KiB scanned total Now I know where the settings are to be set, so I can dig into this further.
I don't know what that indicates, but maybe since the message passed dkim/dmarc, rspamd does not penalize it for failing SPF?
Yes, I will do cleaner tests. I do tests with srs and arc for different control panels, and this is a test with none of them. Interesting if it turns out rspamd accepts forwarding that do not fulfil spf.