Mail received as spam despite bypass rule defined

Support
1

Despite my attempts to add bypass rules for a newsletter we receive from 1440 dailydigest@email.join1440.com, the mail is delivered to our junk mailbox. I have the following rules in my bypass:
|Allow from|email.join1440.com|Domain
|Allow from|join1440.com|Domain
|Allow from|dailydigest@email.join1440.com|Email address

Have also tried to upload as ham in the rspamd page to no avail, also moving the mail to inbox from junk is ineffective.

Any ideas? What can I provide to assist in correcting this?

2

Please check the history in rspamd to find out why the mail was moved to junk.
It should also show if your bybass rules are applied. The rspamd webinterface can be accessed via the NS8 mail app, see Mail — NS8 documentation

grafik
grafik2117Ă—1685 347 KB

3

I don’t see a section where the bypass was applied…

Symbols

Sort by: URIBL_GREY (2.5) [sailthru.com:mid]
MIME_MA_MISSING_TEXT (2)
PHISHING (2) [pacaso.com->join1440.com]
MANY_INVISIBLE_PARTS (1) [10]
RBL_SENDERSCORE_REPUT_9 (-1) [192.64.236.51:from]
ZERO_FONT (1) [14]
FORGED_SENDER (0.3) [dailydigest@email.join1440.com,delivery_20250721042646.40768528.2084714@bouncest.email.join1440.com]
ONCE_RECEIVED (0.2)
MIME_HTML_ONLY (0.2)
MIME_GOOD (-0.1) [multipart/alternative]
BAD_REP_POLICIES (0.1)
MX_GOOD (-0.01)
HAS_LIST_UNSUB (-0.01)
XM_UA_NO_VERSION (0.01)
RCPT_COUNT_ONE (0) [1]
R_SPF_ALLOW (0) [+ip4:192.64.236.0/24]
FROM_HAS_DN (0)
RCVD_COUNT_ONE (0) [1]
FROM_NEQ_ENVFROM (0) [dailydigest@email.join1440.com,delivery_20250721042646.40768528.2084714@bouncest.email.join1440.com]
DMARC_POLICY_ALLOW (0) [email.join1440.com,reject]
PREVIOUSLY_DELIVERED (0) [mfolk@qzoneinc.com]
RCVD_TLS_LAST (0)
DKIM_TRACE (0) [email.join1440.com:+]
RCVD_IN_DNSWL_NONE (0) [192.64.236.51:from]
REPLYTO_DOM_NEQ_FROM_DOM (0)
PRECEDENCE_BULK (0)
ASN (0) [asn:14618, ipnet:192.64.236.0/24, country:US]
MIME_TRACE (0) [0:+,1:~]
TO_DN_NONE (0)
TO_MATCH_ENVRCPT_ALL (0)
REPLYTO_DOM_NEQ_TO_DOM (0)
ARC_NA (0)
R_DKIM_ALLOW (0) [email.join1440.com:s=sailthru]
HAS_REPLYTO (0) [admin@join1440.com]

4

Strange, usually if a bypass sender rule applies there should be a symbol like

BYPASS_SENDER (0)

Let’s check the bypass rules:

api-cli run module/mail1/list-bypass-rules | jq

Please check if the bypass rules are applied to rspamd, you should find the mail address to allow in the bypass_sender.map:

grafik
grafik2074Ă—1672 363 KB

5

The sender address, as often happens with mailing lists, is “forged”. In the bypass rule try with the envelope domain above.

1 Like
6

Yes, thanks. I added that as a test last night and it worked. I had also tried to enter a rule with a wildcard, but it wasn’t accepted.

Jeff

1 Like
7

Thank you for the feedback, I tried to improve the manual page.

2 Likes