Hi,
Poorly crafted emails coming from the domain smart.coop and relayed (smarthost or something) by mandrillapp.com were regularly filtered out by rsmaps and I decided to whitelist the whole domain. Still, those emails are marked as spam.
Headers :
Return-Path: bounce-md_30241231.69753969.v1-4f61dbed37ec447288a7ccb2410d0d0b@mandrillapp.com
Delivered-To: recipient@domain.tld.localhost
Received: from mail.domain.tld
by mail.your-server.de with LMTP
id cAACJJQ9dWmloAkACApylw
(envelope-from bounce-md_30241231.69753969.v1-4f61dbed37ec447288a7ccb2410d0d0b@mandrillapp.com)
for recipient@domain.tld.localhost; Sat, 24 Jan 2026 21:45:56 +0000
Received: from mail135-6.atl141.mandrillapp.com (mail135-6.atl141.mandrillapp.com [198.2.135.6])
(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
(No client certificate requested)
by mail.domain.tld (Postfix) with ESMTPS id B799F130068F
for recipient@domain.tld; Sat, 24 Jan 2026 21:45:55 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mandrillapp.com;
s=mte1; t=1769290089; x=1769560089;
bh=LWzxcj1sMOW8MiVOZsvS5LGSIehxmKu6BRfAucgHHzQ=;
h=From:Subject:To:Feedback-ID:Message-Id:Date:MIME-Version:
Content-Type:Content-Transfer-Encoding:CC:Date:Subject:From;
b=jdHMVQi3S6givF4XSON1JJUcCGSjSbgUJe8sWdiS0TmYb3kw7EougeUFbnDnVzx1Q
grCNqRDNLXuhJu+WhhTIPaWrJpciutMpyYYJKZA8qdmbzEjfh45dL8fhr/lSSt4BFI
EWXm8EE2pM21hmxjgMl2tIE1NLSk0YYjli/vPsn00/pJUHk04Ws2FQ4vMuM3w0dyXy
cv/YiILSGPmV1M4Fqa32azjsWVMMEp2zGEoK7DHG7Az4vcLAf553AZAA61CcA1VDrk
NfHKetQEx75hiy3sbm7sPH/YYk8f0gPr/MGI5JAzhm17Laih/XKs2frPjwOfv4knZl
5h0v0jp6pVo9A==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smart.coop; s=mte1;
t=1769290089; x=1769550589; i=invoice@smart.coop;
bh=LWzxcj1sMOW8MiVOZsvS5LGSIehxmKu6BRfAucgHHzQ=;
h=From:Subject:To:Feedback-ID:Message-Id:Date:MIME-Version:
Content-Type:Content-Transfer-Encoding:CC:Date:Subject:From;
b=nuk8b7XmoiwH7KShkLKp4ykhn6SYEC32MdYbKqzOiG/Beb9bOhLEk2DetheB52P49
zAxUtcoJqt0OlEdcDrE3wdt5MszUpWUSb/lsEs+rJlHOIS1oMhu9PJnbqMGN0WCLcd
IxZJBdV8kozwblRsUSzBKPxFMnaZUHCD+7ynslUUa5RLZ0lsJAlxPsmguzVbHliEeS
6sr2QfbwCwo+H6H4ZGXhZZedWrwu91tRXGc4nyVJ76yNbDp4NWWAiT7vJslhght2W3
RuXWm9gFc7i1Riz9z1TC7g8oaYxOjI4vbzscGSo2W1q4YrG8qJiyBS32znpSdQvdtL
hi8dys+RoLfpQ==
Received: from pmta14.mandrill.prod.atl01.rsglab.com (localhost [127.0.0.1])
by mail135-6.atl141.mandrillapp.com (Mailchimp) with ESMTP id 4dz7FP3Vn3z2K4Qcp
for recipient@domain.tld; Sat, 24 Jan 2026 21:28:09 +0000 (GMT)
From: invoice@smart.coop
Subject: =?utf-8?Q?Ref=20client=20FOR044=20-=20Devis=20du=2024-01-2026=20de=20500,00=E2=80=AF=E2=82=AC=20-=20=C3=A0=20confirmer=20-=20Song=20for=20the=20Muse=20(M.=20Micha=C3=ABl=20Gr=C3=A9bil)?=
Received: from [94.104.28.29] by mandrillapp.com id 4f61dbed37ec447288a7ccb2410d0d0b; Sat, 24 Jan 2026 21:28:09 +0000
To: “Frederic Fournes” recipient@domain.tld
X-Native-Encoded: 1
X-Report-Abuse: =?UTF-8?Q?Please=20forward=20a=20copy=20of=20this=20message,=20including=20all=20headers,=20to=20abuse@mandrill.com.=20You=20can=20also=20report=20abuse=20here:=20https://mandrillapp.com/contact/abuse=3Fid=3D30241231.4f61dbed37ec447288a7ccb2410d0d0b?=
X-Mandrill-User: md_30241231
Feedback-ID: 30241231:30241231.20260124:md
Message-Id: 30241231.20260124212809.697539696e9ab0.85349107@mail135-6.atl141.mandrillapp.com
Date: Sat, 24 Jan 2026 21:28:09 +0000
MIME-Version: 1.0
Content-Type: text/html; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Rspamd-Server: mail
X-Rspamd-Flag-Threshold: 6
X-Rspamd-Queue-Id: B799F130068F
X-Spamd-Result: default: False [6.63 / 20.00];
RSPAMD_URIBL(4.50)[smart.coop:dkim,smart.coop:email];
BAYES_HAM(-3.66)[98.88%];
URIBL_GREY(2.50)[mandrillapp.com:dkim,mandrillapp.com:url];
SUSPICIOUS_URL_IN_SUSPICIOUS_MESSAGE(1.00);
FORGED_SENDER(1.00)[invoice@smart.coop,bounce-md_30241231.69753969.v1-4f61dbed37ec447288a7ccb2410d0d0b@mandrillapp.com];
SUBJECT_HAS_CURRENCY(1.00);
MIME_HTML_ONLY(0.20);
BAD_REP_POLICIES(0.10);
MX_GOOD(-0.01);
RCVD_TLS_LAST(0.00);
TO_DN_ALL(0.00);
FROM_NEQ_ENVFROM(0.00)[invoice@smart.coop,bounce-md_30241231.69753969.v1-4f61dbed37ec447288a7ccb2410d0d0b@mandrillapp.com];
GREYLIST(0.00)[pass,body];
MIME_TRACE(0.00)[0:~];
R_DKIM_ALLOW(0.00)[mandrillapp.com:s=mte1,smart.coop:s=mte1];
ARC_NA(0.00);
RCPT_COUNT_ONE(0.00)[1];
TO_MATCH_ENVRCPT_ALL(0.00);
DMARC_POLICY_ALLOW(0.00)[smart.coop,quarantine];
DKIM_TRACE(0.00)[mandrillapp.com:+,smart.coop:+];
NEURAL_HAM(0.00)[-0.493];
PREVIOUSLY_DELIVERED(0.00)[recipient@domain.tld];
RCVD_COUNT_TWO(0.00)[2];
RCVD_IN_DNSWL_NONE(0.00)[198.2.135.6:from];
R_SPF_ALLOW(0.00)[+ip4:198.2.132.0/22:c];
FROM_NO_DN(0.00);
REDIRECTOR_URL(0.00)[mandrillapp.com];
MISSING_XM_UA(0.00);
DBL_BLOCKED_OPENRESOLVER(0.00)[mail135-6.atl141.mandrillapp.com:helo,mail135-6.atl141.mandrillapp.com:mid,mail135-6.atl141.mandrillapp.com:rdns,mandrillapp.com:dkim,mandrillapp.com:url,smart.coop:dkim,smart.coop:email]
X-Rspamd-Action: add header
X-Spam: Yes
I guess that’s because of the smarthost ? What can I do to whitelist those emails ?
Thanks
Matthieu
