[Bug 8332] New: TxRep blocklisting does not work properly

Thu, 15 May 2025 00:54:55 -0700 

https://bz.apache.org/SpamAssassin/show_bug.cgi?id=8332

            Bug ID: 8332
           Summary: TxRep blocklisting does not work properly
           Product: Spamassassin
           Version: 4.0.1
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: P2
         Component: Plugins
          Assignee: dev@spamassassin.apache.org
          Reporter: marcel.even...@gmail.com
  Target Milestone: Undefined

After some testing it seems like the TxRep blocklisting does not work properly
if I don't pass the DKIM selector. 

I blocklist an email with:

spamassassin --add-addr-to-blocklist=u...@gmail.com

In the txrep database I see this:

select * from txrep;
+----------+--------------------------+------+----------+----------+----------+---------------------+
| username | email                    | ip   | msgcount | totscore | signedby |
last_hit            |
+----------+--------------------------+------+----------+----------+----------+---------------------+
| amavis   | u...@gmail.com | none |        1 |      650 |          |
2025-05-15 01:40:38 |
+----------+--------------------------+------+----------+----------+----------+---------------------+

Now if I send an email to the server from that address the txrep blocklist is
not applied to the email. Instead extra txrep records are added:

select * from txrep;
+----------+-------------------------------------------------------+------+----------+----------+------------+---------------------+
| username | email                                                 | ip   |
msgcount | totscore | signedby   | last_hit            |
+----------+-------------------------------------------------------+------+----------+----------+------------+---------------------+
| amavis   | ?ipv6:::ffff:192.168.1.XXX?                           | none |    
   1 |    0.905 | helo       | 2025-05-15 01:41:22 |
| amavis   | 1fc544a55878f2e5e7b670abbec8e99c94554922@sa_generated | none |    
   1 |    0.905 | 1747294882 | 2025-05-15 01:41:22 |
| amavis   | 205.250.XXX.XXX                                       | none |    
   1 |    0.905 |            | 2025-05-15 01:41:22 |
| amavis   | gmail.com                                             | none |    
   1 |    0.905 | gmail.com  | 2025-05-15 01:41:22 |
| amavis   | u...@gmail.com                                        | none |    
   1 |      650 |            | 2025-05-15 01:40:38 |
| amavis   | u...@gmail.com                                        | none |    
   1 |    0.905 | gmail.com  | 2025-05-15 01:41:22 |
+----------+-------------------------------------------------------+------+----------+----------+------------+---------------------+


The only way I've been able to get this to match is to pass the DKIM selector
like:

spamassassin --add-addr-to-blocklist=u...@gmail.com,gmail.com

But that's not how the documentation says it should work. From the docs:

Please note that when blacklisting/whitelisting an email address or domain, all
records of the address or domain bound to certain IP address, DKIM signature,
or an SPF pass, will be removed from the database, and only the plain record
(not bound to any specific IP address) is kept.

Is this a bug or am I missing something here?

-- 
You are receiving this mail because:
You are the assignee for the bug.

Reply via email to