Blocking Google Forms spam with rspamd
Christian Kruse,
First we create a new multimap entry:
# local.d/multimap.conf
BAD_CONTENT {
type = "content";
filter = "oneline";
map = "/etc/rspamd/local.d/bad_content.map";
symbols = ["IS_GOOGLE_FORM"];
regexp = true;
}
Next we create a regex entry in the bad_content.map file for Google Form mails and assign the IS_GOOGLE_FORM symbol:
# local.d/bad_content.map
/Create your own Google Form/ IS_GOOGLE_FORM
And last we assign a score:
# local.d/composites.conf
GOOGLE_FORMS_SPAM {
expression = "FREEMAIL_FROM & IS_GOOGLE_FORM";
description = "Google Forms spam mails via a free mailer (e.g. Gmail)";
score = 6.0;
policy = "leave";
}
In this case we assign a score or 6.0; for me this is the score a message gets the „this is spam” header. You might want to customize this value, depending on if you have users which use Google Forms.