Blocking Google Forms spam with rspamd

Christian Kruse

First we create a new multimap entry:

# local.d/multimap.conf

  type = "content";
  filter = "oneline";
  map = "/etc/rspamd/local.d/";
  symbols = ["IS_GOOGLE_FORM"];
  regexp = true;

Next we create a regex entry in the file for Google Form mails and assign the IS_GOOGLE_FORM symbol:

# local.d/
/Create your own Google Form/ IS_GOOGLE_FORM

And last we assign a score:

# local.d/composites.conf

  expression = "FREEMAIL_FROM & IS_GOOGLE_FORM";
  description = "Google Forms spam mails via a free mailer (e.g. Gmail)";
  score = 6.0;
  policy = "leave";

In this case we assign a score or 6.0; for me this is the score a message gets the „this is spam” header. You might want to customize this value, depending on if you have users which use Google Forms.