I try tuning rspamd to better detect spams my e-mail server gets. I think increasing spammines for e-mails where sending domaind lacks SPF and message is not DKIM saved would help. I found R_SPF_NA and R_DKIM_NA, which I guess mean message does not have SPF/DKIM. I thought I could add one or two spamminess points when that happens. But I can not find useful documentation. Only thing search engines find in website rspamd.com is https://rspamd.com/doc/modules/milter_headers.html which has one line about R_SPF_NA: Code: none = "R_SPF_NA"; That does not help much. Does requiering SPF and DKIM nowadays cause problems? What values are valid for those "variables" and how to set them?
checking a random message here, it has all of: AUTH_NA(1.00){}, ARC_NA(0.00){}, DMARC_NA(0.00){sender.tld;}, RCVD_VIA_SMTP_AUTH(0.00){}, R_DKIM_NA(0.00){}, R_SPF_NA(0.00) Since that indicates the message did indicate smtp auth in headers, I presume that 'AUTH_NA' refers to no sender/domain related authentication (no arc, dmarc, dkim or spf) - so you might already be getting a bump in score due to those traits (1.00 for AUTH_NA). And it seems to be some combination of those for AUTH_NA, as I see other messages with ARC_NA, DMARC_NA, R_DKIM_NA but not R_SPF_NA, and AUTH_NA does not kick in there. As to your question of if it's worth doing, I'll do a quick count in rspamd logs for an indication; this server has a very well trained bayes db (matches won't be perfect, but quite good), so searching for strong bayes match of ham or spam and checking for those symbols, and vice-versa, yields: Code: # grep BAYES_HAM /var/log/rspamd/rspamd.log{,.?} | grep -v BAYES_HAM.-0 | wc -l 21415 # grep BAYES_HAM /var/log/rspamd/rspamd.log{,.?} | grep -v BAYES_HAM.-0 | grep R_DKIM_NA | wc -l 992 # grep BAYES_HAM /var/log/rspamd/rspamd.log{,.?} | grep -v BAYES_HAM.-0 | grep R_SPF_NA | wc -l 205 # grep BAYES_HAM /var/log/rspamd/rspamd.log{,.?} | grep -v BAYES_HAM.-0 | grep R_DKIM_NA | grep R_SPF_NA | wc -l 121 # grep BAYES_HAM /var/log/rspamd/rspamd.log{,.?} | grep -v BAYES_HAM.-0 | grep AUTH_NA | wc -l 99 # grep BAYES_SPAM /var/log/rspamd/rspamd.log{,.?} | grep -v BAYES_SPAM.0 | wc -l 10614 # grep BAYES_SPAM /var/log/rspamd/rspamd.log{,.?} | grep -v BAYES_SPAM.0 | grep R_DKIM_NA | wc -l 1044 # grep BAYES_SPAM /var/log/rspamd/rspamd.log{,.?} | grep -v BAYES_SPAM.0 | grep R_SPF_NA | wc -l 74 # grep BAYES_SPAM /var/log/rspamd/rspamd.log{,.?} | grep -v BAYES_SPAM.0 | grep R_DKIM_NA | grep R_SPF_NA | wc -l 41 # grep BAYES_SPAM /var/log/rspamd/rspamd.log{,.?} | grep -v BAYES_SPAM.0 | grep AUTH_NA | wc -l 36 # grep R_DKIM_NA /var/log/rspamd/rspamd.log{,.?} | wc -l 2883 # grep R_DKIM_NA /var/log/rspamd/rspamd.log{,.?} | grep BAYES_HAM | grep -v BAYES_HAM.-0 | wc -l 998 # grep R_DKIM_NA /var/log/rspamd/rspamd.log{,.?} | grep BAYES_SPAM | grep -v BAYES_SPAM.0 | wc -l 1045 # grep R_DKIM_NA /var/log/rspamd/rspamd.log{,.?} | grep AUTH_NA | wc -l 202 # grep R_SPF_NA /var/log/rspamd/rspamd.log{,.?} | wc -l 535 # grep R_SPF_NA /var/log/rspamd/rspamd.log{,.?} | grep BAYES_HAM | grep -v BAYES_HAM.-0 | wc -l 205 # grep R_SPF_NA /var/log/rspamd/rspamd.log{,.?} | grep BAYES_SPAM | grep -v BAYES_SPAM.0 | wc -l 74 # grep R_SPF_NA /var/log/rspamd/rspamd.log{,.?} | grep AUTH_NA | wc -l 202 So of messages hitting R_DKIM_AU ~35% are strongly identified as ham, ~36% strongly identified as spam; I wouldn't use that in isolation as a spam indicator. R_SPF_NA seems to be more of a ham indicator than spam.
