Rspamd working to good? (looking for best configuration)

jeffer

Verified User
Joined
Jul 23, 2017
Messages
22
Since a week or so i changed some servers from spamassassin to rspamd.
The reason for this is because alott of clients are complaining about spam.

All build and setup, even a plugin. Very nice.
However, pretty soon i saw alott of mails being blocked that should not be blocked (false positives).
I changed configuration over 20 times, changed client user settings (old spamassassin menu) and did alott of tests.
It seems Rspamd gives some pretty high scores to mails, that are obvoiously not spam.
These mails have perfect spf and dkim and no strange content, still they are being blocked.
It seems that the penalty score given is just to high to be able to let mails thru.

I am working on improving the settings and some emails that are being blocked.
Some are solvable, but some are not.

For instance:
HTTP_TO_HTTPS: 2.00
I get this when sending mails with sendgrid and use a tracking link that is not https but http.
(mails arrive just fine in any email client i use but not filtered with rspamd).

I also get alott of these, and haven't found the cause yet.
HFILTER_HOSTNAME_UNKNOWN: 2.50


These examples are just to show that these scores together already causes mails to be blocked.
So, i changed the configuration settings alott higher, but still alott of emails are being blocked.

It almost looks like i have to set custom penalty scores for this, shich causes more spam to come thru aswell...but mainly, i would have to do this for all my webservers and keep an eye of this after updates if it is all still okay.

Because of all the time spend and all the hustle that comes with it. I would like to ask you gellof rspamd users how you have this.
Are you running okay out of the box? What is the configuration that works best for you (rspamd scores and spamassassin user lvl scores), did you have to do alott to get thinks working as you want?
How do you maintain these custom configs when running alott of servers.

So many question, i hope you have some answers.
Rspamd is working really well, maybe just a little but to well.

Thanks for your time and effort, looking forward to your messages.
 
I also get a lot of these, and haven't found the cause yet.
HFILTER_HOSTNAME_UNKNOWN: 2.50

[FONT=Arial, Helvetica, sans-serif]This rule fires when HELO is absent. It could mean the connection host cannot be resolved. [/FONT]description = "Unknown client hostname (PTR or FCrDNS verification failed)" .


Do you have some examples of inbound hosts that fail?

You could check them against https://intodns.com
 
I have my defaults set at
probable spam 5
rewrite subject 10
reject at 16 and although some legit mass mails from business get sent to spamfolder it is minimal.
 
Have you found a goot setting for it? I am also looking at moment for a good one.
Any recommendations?

Greets
 
Not sure why you wouldn't want to block emails completely with HFILTER_HOSTNAME_UNKNOWN
HFILTER_HOSTNAME_UNKNOWN = that there is no ptr. Its common for spammers to have no ptr.
sendgrid servers do have ptrs so they wont get blocked. So you must be seeing something else.
 
Back
Top