SPAM_TRAP makes spam delivered to other recipients

[kovacs-andras]

Contribution guidelines

• I've read the contribution guidelines and wholeheartedly agree

I've found a bug and checked that ...

• ... I understand that not following the below instructions will result in immediate closure and/or deletion of my issue.
• ... I have understood that this bug report is dedicated for bugs, and not for support-related inquiries.
• ... I have understood that answers are voluntary and community-driven, and not commercial support.
• ... I have verified that my issue has not been already answered in the past. I also checked previous issues.

Description

Dear Team,

I've tried to use the "Learn Spam" feature with aliases.
When I'm receiving spam for multiple addresses (To) and any of them is a spam trap alias, all the other users will also receive the spam successfully.
If there is no spam trap address in the "To", the spam is getting rejected.

Is it possible to suppress/turn off the spam filtering only for the spam trap mailbox when there are multiple recipients in one (the same email)?

Please, let me know if I forgot something

Best regards / Mit freundlichen Grüßen,

Logs:

# With a spam trap address between the recipients:
Action | [ Score ]
no action | [ 0.00 / 15 ]
    Symbols SPAM_TRAP (0)
    ID 1536903311.54079.1717666989056.JavaMail.zimbra@atacadojoinville.com.br
    Authenticated user unknown


# Without a spam trap address between the recipients:
Action | Score
reject | [ 25.48 / 15 ]

    Symbols LOCAL_FUZZY_DENIED (10.089071) [11:af517b4864:1.00:bin, 11:7961a307eb:1.00:bin]
    HAS_IPFS_GATEWAY_URL (6)
    BAYES_SPAM (4.5) [100.00%]
    MISSING_TO (2)
    BAD_REP_POLICIES (2)
    SUSPICIOUS_URL_IN_SUSPICIOUS_MESSAGE (1)
    MIME_GOOD (-0.1) [multipart/alternative, text/plain]
    MX_GOOD (-0.01) []
    ASN (0) [asn:28343, ipnet:177.101.122.0/23, country:BR]
    RCVD_TLS_LAST (0)
    MID_RHS_MATCH_FROM (0)
    R_SPF_ALLOW (0) [+mx:c]
    NEURAL_HAM (0) [-1.000]
    RCPT_MAILCOW_DOMAIN (0) [REDACTED]
    ARC_SIGNED (0) [REDACTED:s=REDACTED:i=1]
    R_DKIM_NA (0)
    BCC (0)
    RBL_SORBS_FAIL (0) [177.101.123.122:server fail]
    DMARC_POLICY_ALLOW (0) [atacadojoinville.com.br, quarantine]
    RCVD_COUNT_THREE (0) [3]
    FROM_EQ_ENVFROM (0)
    MIME_TRACE (0) [0:+, 1:+, 2:~]
    HAS_XOIP (0)
    ARC_NA (0)
    FROM_HAS_DN (0)
    ID 1064271135.53898.1717666976779.JavaMail.zimbra@atacadojoinville.com.br
    Authenticated user unknown

Steps to reproduce:

1. get a spam for multiple, real mailboxes/aliases
2. rspamd will reject it

1. create a spam trap alias
2. receive the same spam for the spam trap address + multiple real mailboxes/aliases
3. check the mails, the spam will be delivered to everyone

It can be repeated multiple times.
The rspamd UI is super cool to test the mail against the filters.

Which branch are you using?

master

Which architecture are you using?

x86

Operating System:

Ubuntu 22.04 LTS

Server/VM specifications:

15Gi, 4 cores

Is Apparmor, SELinux or similar active?

yes

Virtualization technology:

KVM

Docker version:

26.0.1

docker-compose version or docker compose version:

v2.26.1

mailcow version:

2024-04

Reverse proxy:

Logs of git diff:

private keys, sogo config, etc.
do-ip6: no
enable_ipv6: false

Logs of iptables -L -vn:

default

Logs of ip6tables -L -vn:

default

Logs of iptables -L -vn -t nat:

default

Logs of ip6tables -L -vn -t nat:

no ipv6

DNS check:

104.18.32.7
172.64.155.249

[timwhite]

I'm also having this happen. It took awhile to realise why it was happening, as the headers on the non spam trap users just show SPAM_TRAP as the rules, and a score of 0.

[milkmaker]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs.

[timwhite]

Still an issue

[milkmaker]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs.

[timwhite]

Still an issue