In order to tighten mail security, I’m increasing several rspamd symbol scores. Today I increased MX_MISSING and MX_INVALID to 20. However, I found several mail servers unable to send to send mails to my server due to MX_INVALID. I checked for MX record using dig @127.0.0.1 -p 10053 server.domain mx +short on my NS Mail server and I got a response. Is there something I’m missing?
I am not sure to set hight score for MX or any SYMBOLS is a good idea. Firstable you can be sure that a spammer will set better dns fields that any skilled system administrator, so you will reject all valuable email and accept only spam email.
A good email and a spam email cannot be decided like this, only on one SYMBOL but on an accumulation of different SYMBOLS
I would advise to reset the dynamic map (if you modified by the rspamd UI) and add tiny score, not huge score on a symbol
Actually I have change the score on several SYMBOLS. So far all of them have behaved as expected. Problem is that MX_INVALID is getting activated and I don’t know why. On what conditions does this symbol triggers?
MX_INVALID(0.50){} this is the default scoring, it makes me think that it is not something that you can rely on, else the score will be higher in my opinion
I had no choice, since January 2020, Cuba has received a bunch of emails having virus (Mainly EMOTED). Due to this, I had to increase the score on several SYMBOLS to avoid an infection.
BTW, I want to congratulate NS crew once again, thanks to fail2ban, suricata, clamav and rspamd, the company I work for was unscathed, all those mails were kept at bay.