From 399951509e5a3e99018e5dbc80b085dd33c5cf0d Mon Sep 17 00:00:00 2001
From: andryyy <andre.peters@debinux.de>
Date: Thu, 19 Nov 2020 09:37:02 +0100
Subject: [PATCH] [Rspamd] Exclude DMARC_POLICY_SOFTFAIL from SPOOFED_UNAUTH

---
 data/conf/rspamd/local.d/composites.conf | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/data/conf/rspamd/local.d/composites.conf b/data/conf/rspamd/local.d/composites.conf
index e2f6f9d3..c149eb67 100644
--- a/data/conf/rspamd/local.d/composites.conf
+++ b/data/conf/rspamd/local.d/composites.conf
@@ -12,8 +12,9 @@ SOGO_CONTACT_EXCLUDE {
   expression = "(-WHITELISTED_FWD_HOST | -g+:policies) & ^SOGO_CONTACT & !DMARC_POLICY_ALLOW";
 }
 # Spoofed header from and broken policy (excluding sieve host, rspamd host, whitelisted senders, authenticated senders and forward hosts)
+# DMARC_POLICY_SOFTFAIL indicates a "none" policy, which we don't want to punish
 SPOOFED_UNAUTH {
-  expression = "!MAILCOW_AUTH & !MAILCOW_WHITE & !RSPAMD_HOST & !SIEVE_HOST & MAILCOW_DOMAIN_HEADER_FROM & !WHITELISTED_FWD_HOST & -g+:policies";
+  expression = "!MAILCOW_AUTH & !MAILCOW_WHITE & !RSPAMD_HOST & !SIEVE_HOST & MAILCOW_DOMAIN_HEADER_FROM & !WHITELISTED_FWD_HOST & -g+:policies & !DMARC_POLICY_SOFTFAIL";
   score = 50.0;
 }
 # Only apply to inbound unauthed and not whitelisted