Don't apply antispoof rules on locally generated emails

core/rspamd/conf/force_actions.conf

@@ -1,17 +1,17 @@
 rules {
   ANTISPOOF_NOAUTH {
     action = "reject";
-    expression = "!MAILLIST & ((IS_LOCAL_DOMAIN_E & MISSING_FROM) | (IS_LOCAL_DOMAIN_H & (R_DKIM_NA & R_SPF_NA & DMARC_NA & ARC_NA)))";
+    expression = "!IS_LOCALLY_GENERATED & !MAILLIST & ((IS_LOCAL_DOMAIN_E & MISSING_FROM) | (IS_LOCAL_DOMAIN_H & (R_DKIM_NA & R_SPF_NA & DMARC_NA & ARC_NA)))";
     message = "Rejected (anti-spoofing: noauth). Please setup DMARC with DKIM or SPF if you want to send emails from your domain from other servers.";
   }
   ANTISPOOF_DMARC_ENFORCE_LOCAL {
     action = "reject";
-    expression = "!MAILLIST & (IS_LOCAL_DOMAIN_H | IS_LOCAL_DOMAIN_E) & (DMARC_POLICY_SOFTFAIL | DMARC_POLICY_REJECT | DMARC_POLICY_QUARANTINE | DMARC_NA)";
+    expression = "!IS_LOCALLY_GENERATED & !MAILLIST & (IS_LOCAL_DOMAIN_H | IS_LOCAL_DOMAIN_E) & (DMARC_POLICY_SOFTFAIL | DMARC_POLICY_REJECT | DMARC_POLICY_QUARANTINE | DMARC_NA)";
     message = "Rejected (anti-spoofing: DMARC compliance is enforced for local domains, regardless of the policy setting)";
   }
   ANTISPOOF_AUTH_FAILED {
     action = "reject";
-    expression = "!MAILLIST & BLACKLIST_ANTISPOOF";
+    expression = "!IS_LOCALLY_GENERATED & !MAILLIST & BLACKLIST_ANTISPOOF";
     message = "Rejected (anti-spoofing: auth-failed)";
   }
 }

core/rspamd/conf/local_subnet.map

@@ -0,0 +1,2 @@
+{{ SUBNET }}
+{{ SUBNET6 }}

core/rspamd/conf/multimap.conf

@@ -10,6 +10,11 @@ IS_LOCAL_DOMAIN_E {
   map = "http://{{ ADMIN_ADDRESS }}/internal/rspamd/local_domains";
 }
 
+IS_LOCALLY_GENERATED {
+  type = "ip"
+  map = ["/etc/rspamd/local.d/local_subnet.map"];
+}
+
 FORBIDDEN_FILE_EXTENSION {
     type = "filename";
     filter = "extension";

towncrier/newsfragments/2632.bugfix

@@ -0,0 +1 @@
+Fix a bug introduced in master whereby anything locally generated (sieve, autoresponder, ...) would be blocked by the anti-spoofing rules