RSPAMD_URIBL is not checked on incoming mail?

[skerit]

system info

Haraka	Haraka.js — Version: 2.8.25
Node	v12.16.3
OS	Linux calamity 4.15.0-99-generic #100-Ubuntu SMP Wed Apr 22 20:32:56 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux
openssl	OpenSSL 1.1.1 11 Sep 2018

Expected behavior

Scanning a spam message through rspamd's "scan" tab on its web interface reports a RSPAMD_URIBL symbol (with weight of 4.5).
I would expect incoming mail to also be tested on this, so it could be rejected. Here's the full list from the scan result:

ABUSE_SURBL (5.5)
RSPAMD_URIBL (4.5) 
HTML_SHORT_LINK_IMG_1 (2)
RBL_MAILSPIKE_WORST (2)
FROM_EXCESS_BASE64 (1.5)
SUBJECT_HAS_CURRENCY (1)
MIME_HTML_ONLY (0.2)
BAD_REP_POLICIES (0.1)
RCVD_NO_TLS_LAST (0.1)

Observed behavior

This RSPAMD_URIBL test is not applied to actual, incoming mail (it is not added to the X-Rspamd-Report header, its value is not added to the score.) This allows the spam to be accepted.

Here's the header of the actual received mail:

X-Rspamd-Bar: ++++++++++++
X-Rspamd-Report: ABUSE_SURBL(5.5) FROM_EXCESS_BASE64(1.5) HTML_SHORT_LINK_IMG_1(2) RBL_MAILSPIKE_WORST(2) BAD_REP_POLICIES(0.1) SUBJECT_HAS_CURRENCY(1) MIME_HTML_ONLY(0.2) FORGED_SENDER(0.3) RCVD_NO_TLS_LAST(0.1)
X-Rspamd-Score: 12.699999

Steps to reproduce

Test incoming spam messages?
Do I have to enable this test somewhere?