Blocking Google Forms spam with rspamd

Christian Kruse

First we create a new multimap entry:

# local.d/multimap.conf

BAD_CONTENT {
  type = "content";
  filter = "oneline";
  map = "/etc/rspamd/local.d/bad_content.map";
  symbols = ["IS_GOOGLE_FORM"];
  regexp = true;
}

Next we create a regex entry in the bad_content.map file for Google Form mails and assign the IS_GOOGLE_FORM symbol:

# local.d/bad_content.map
/Create your own Google Form/ IS_GOOGLE_FORM

And last we assign a score:

# local.d/composites.conf

GOOGLE_FORMS_SPAM {
  expression = "FREEMAIL_FROM & IS_GOOGLE_FORM";
  description = "Google Forms spam mails via a free mailer (e.g. Gmail)";
  score = 6.0;
  policy = "leave";
}

In this case we assign a score or 6.0; for me this is the score a message gets the „this is spam” header. You might want to customize this value, depending on if you have users which use Google Forms.