Rspamd: Fast, free and open-source spam filtering system

Discuss your pilot or production implementation with other Zimbra admins or our engineers.
MisterM75
Advanced member
Advanced member
Posts: 77
Joined: Sat Aug 05, 2017 7:10 am

Re: Rspamd: A replacement for Spamassassin & Postscreen

Post by MisterM75 »

Is there a particular manipulation perform?

Concerning my story, I noticed that when a server this attacked via the Postscreen configuration, the processor rises to a maximum speed and that via RSPAMD this problem is not ...

Mz
phoenix
Ambassador
Ambassador
Posts: 27272
Joined: Fri Sep 12, 2014 9:56 pm
Location: Liverpool, England

Re: Rspamd: A replacement for Spamassassin & Postscreen

Post by phoenix »

Just to make sure I'm understanding your question. In your first post you were asking if you could enable Postscreen again, is that correct? The default configuration is in this wiki article: https://wiki.zimbra.com/wiki/Zimbra_Col ... Postscreen - it is, effectively, disabled. If you had previously made changes and then you can just reintroduce those changes and you will have Postscreen working again, or you could read the wiki article and implement some of those changes mentioned in there.
MisterM75 wrote:Concerning my story, I noticed that when a server this attacked via the Postscreen configuration, the processor rises to a maximum speed and that via RSPAMD this problem is not ...
If there is such an increase in CPU usage I don't really understand why you want to reintroduce Postscreen - even in my small server it's heavy on CPU usage even for a small number of inbound mail and, as you mention, Rspamd doesn't have this problem.
Regards

Bill

Rspamd: A high performance spamassassin replacement

Per ardua ad astra
MisterM75
Advanced member
Advanced member
Posts: 77
Joined: Sat Aug 05, 2017 7:10 am

Re: Rspamd: A replacement for Spamassassin & Postscreen

Post by MisterM75 »

Just to make sure I'm understanding your question. In your first post you were asking if you could enable Postscreen again, is that correct?
Yes
Ok, I probably did not express myself correctly but how to delete what I add with Postscreen

Mz
phoenix
Ambassador
Ambassador
Posts: 27272
Joined: Fri Sep 12, 2014 9:56 pm
Location: Liverpool, England

Re: Rspamd: A replacement for Spamassassin & Postscreen

Post by phoenix »

MisterM75 wrote:Ok, I probably did not express myself correctly but how to delete what I add with Postscreen
Just in case you want to go back to Postscreen, dump the settings. The command listed below will dump all the relevant setting of your current config for Postscreen and the settings I've listed are my (default) settings from the wiki article and will pass everything through ZCS and it will get dealt with by Rspamd:

Code: Select all

zmprov gacf | grep zimbraMtaPostscreen

zimbraMtaPostscreenAccessList: permit_mynetworks, cidr:/opt/zimbra/conf/postfix_postscreen_wblist
zimbraMtaPostscreenBareNewlineAction: ignore
zimbraMtaPostscreenBareNewlineEnable: no
zimbraMtaPostscreenBareNewlineTTL: 30d
zimbraMtaPostscreenBlacklistAction: enforce
zimbraMtaPostscreenCacheCleanupInterval: 12h
zimbraMtaPostscreenCacheRetentionTime: 7d
zimbraMtaPostscreenCommandCountLimit: 20
zimbraMtaPostscreenDnsblAction: ignore
zimbraMtaPostscreenDnsblMaxTTL: ${postscreen_dnsbl_ttl?{$postscreen_dnsbl_ttl}:{1}}h
zimbraMtaPostscreenDnsblMinTTL: 60s
zimbraMtaPostscreenDnsblTTL: 1h
zimbraMtaPostscreenDnsblThreshold: 1
zimbraMtaPostscreenDnsblTimeout: 10s
zimbraMtaPostscreenDnsblWhitelistThreshold: 0
zimbraMtaPostscreenGreetAction: ignore
zimbraMtaPostscreenGreetTTL: 1d
zimbraMtaPostscreenNonSmtpCommandAction: drop
zimbraMtaPostscreenNonSmtpCommandEnable: no
zimbraMtaPostscreenNonSmtpCommandTTL: 30d
zimbraMtaPostscreenPipeliningAction: enforce
zimbraMtaPostscreenPipeliningEnable: no
zimbraMtaPostscreenPipeliningTTL: 30d
zimbraMtaPostscreenWatchdogTimeout: 10s
zimbraMtaPostscreenWhitelistInterfaces: static:all
Regards

Bill

Rspamd: A high performance spamassassin replacement

Per ardua ad astra
MisterM75
Advanced member
Advanced member
Posts: 77
Joined: Sat Aug 05, 2017 7:10 am

Re: Rspamd: A replacement for Spamassassin & Postscreen

Post by MisterM75 »

This config you set up at the beginning of your subject works for any OS?
Yours sincerely
Mz
phoenix
Ambassador
Ambassador
Posts: 27272
Joined: Fri Sep 12, 2014 9:56 pm
Location: Liverpool, England

Re: Rspamd: A replacement for Spamassassin & Postscreen

Post by phoenix »

It should work on any O/S with the proviso that I only use CentOS, if you use any other distribution then you'll have to verify the location of the rspamd directories after install and obviously the integration with ZCS should be the same.

EDIT: I forgot to add the usual proviso - make sure you take a backup of any files before you modify them. :)
Regards

Bill

Rspamd: A high performance spamassassin replacement

Per ardua ad astra
MisterM75
Advanced member
Advanced member
Posts: 77
Joined: Sat Aug 05, 2017 7:10 am

Re: Rspamd: A replacement for Spamassassin & Postscreen

Post by MisterM75 »

I use ubuntu, it should go?
Mz
phoenix
Ambassador
Ambassador
Posts: 27272
Joined: Fri Sep 12, 2014 9:56 pm
Location: Liverpool, England

Re: Rspamd: A replacement for Spamassassin & Postscreen

Post by phoenix »

MisterM75 wrote:I use ubuntu, it should go?
It should do, just confirm the location of the rspamd files that I mention in my first post and see if they're at the same location and you should be good to go.
Regards

Bill

Rspamd: A high performance spamassassin replacement

Per ardua ad astra
MisterM75
Advanced member
Advanced member
Posts: 77
Joined: Sat Aug 05, 2017 7:10 am

Re: Rspamd: A replacement for Spamassassin & Postscreen

Post by MisterM75 »

We have a problem, your command does not work, this one, I'm talking ...

Code: Select all

zmprov gacf | grep zimbraMtaPostscreen

zimbraMtaPostscreenAccessList: permit_mynetworks, cidr:/opt/zimbra/conf/postfix_postscreen_wblist
zimbraMtaPostscreenBareNewlineAction: ignore
zimbraMtaPostscreenBareNewlineEnable: no
zimbraMtaPostscreenBareNewlineTTL: 30d
zimbraMtaPostscreenBlacklistAction: enforce
zimbraMtaPostscreenCacheCleanupInterval: 12h
zimbraMtaPostscreenCacheRetentionTime: 7d
zimbraMtaPostscreenCommandCountLimit: 20
zimbraMtaPostscreenDnsblAction: ignore
zimbraMtaPostscreenDnsblMaxTTL: ${postscreen_dnsbl_ttl?{$postscreen_dnsbl_ttl}:{1}}h
zimbraMtaPostscreenDnsblMinTTL: 60s
zimbraMtaPostscreenDnsblTTL: 1h
zimbraMtaPostscreenDnsblThreshold: 1
zimbraMtaPostscreenDnsblTimeout: 10s
zimbraMtaPostscreenDnsblWhitelistThreshold: 0
zimbraMtaPostscreenGreetAction: ignore
zimbraMtaPostscreenGreetTTL: 1d
zimbraMtaPostscreenNonSmtpCommandAction: drop
zimbraMtaPostscreenNonSmtpCommandEnable: no
zimbraMtaPostscreenNonSmtpCommandTTL: 30d
zimbraMtaPostscreenPipeliningAction: enforce
zimbraMtaPostscreenPipeliningEnable: no
zimbraMtaPostscreenPipeliningTTL: 30d
zimbraMtaPostscreenWatchdogTimeout: 10s
zimbraMtaPostscreenWhitelistInterfaces: static:all
Because in my main.cf file, all if found ...
meta_directory = /opt/zimbra/common/conf
shlib_directory = no
postscreen_dnsbl_min_ttl = 60s
in_flow_delay = 1s
postscreen_dnsbl_whitelist_threshold = 0
postscreen_command_count_limit = 20
smtp_dns_support_level = enabled
smtpd_sasl_security_options = noanonymous
address_verify_positive_refresh_time = 12h
postscreen_pipelining_ttl = 30d
default_process_limit = 100
smtpd_tls_ask_ccert = no
smtpd_tls_ccert_verifydepth = 9
smtpd_error_sleep_time = 1s
lmtp_tls_security_level = may
smtp_tls_CApath =
smtpd_reject_unlisted_sender = no
hopcount_limit = 50
address_verify_poll_delay = 3s
lmtp_host_lookup = dns
lmtp_tls_loglevel = 0
smtpd_banner = smtp.foxsys.be
lmtp_tls_ciphers = export
postscreen_greet_action = enforce
smtp_sasl_security_options = noplaintext,noanonymous
postscreen_blacklist_action = ignore
smtp_tls_ciphers = export
postscreen_pipelining_enable = no
delay_warning_time = 0h
bounce_queue_lifetime = 5d
smtpd_tls_auth_only = yes
local_header_rewrite_clients = permit_mynetworks,permit_sasl_authenticated
postscreen_watchdog_timeout = 10s
postscreen_access_list = permit_mynetworks
mailbox_size_limit = 0
notify_classes = resource, software
bounce_notice_recipient = postmaster
lmtp_tls_protocols = !SSLv2, !SSLv3
smtp_sasl_auth_enable = no
mynetworks = 127.0.0.0/8 [::1]/128 163.172.212.0/24
message_size_limit = 1024000000
smtpd_relay_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination
smtp_helo_name = $myhostname
address_verify_poll_count = ${stress?3}${stress:5}
maximal_queue_lifetime = 5d
postscreen_whitelist_interfaces = static:all
smtp_tls_loglevel = 0
myhostname = smtp.foxsys.be
smtpd_sasl_auth_enable = yes
postscreen_dnsbl_reply_map =
virtual_alias_expansion_limit = 10000
postscreen_non_smtp_command_ttl = 30d
smtpd_client_port_logging = no
relayhost =
postscreen_greet_ttl = 1d
smtp_sasl_password_maps =
smtpd_tls_CAfile =
smtpd_tls_security_level = may
postscreen_bare_newline_enable = no
import_environment =
max_use = 100
milter_content_timeout = 300s
minimal_backoff_time = 300s
postscreen_dnsbl_sites = b.barracudacentral.org=127.0.0.2*7 dnsbl.inps.de=127.0.0.2*7 zen.spamhaus.org=127.0.0.[10;11]*8 zen.spamhaus.org=127.0.0.[4..7]*6 zen.spamhaus.org=127.0.0.3*4 zen.spamhaus.org=127.0.0.2*3 list.dnswl.org=127.0.[0..255].0*-2 list.dnswl.org=127.0.[0..255].1*-3 list.dnswl.org=127.0.[0..255].2*-4 list.dnswl.org=127.0.[0..255].3*-5 bl.mailspike.net=127.0.0.2*5 bl.mailspike.net=127.0.0.[10;11;12]*4 wl.mailspike.net=127.0.0.[18;19;20]*-2 dnsbl.sorbs.net=127.0.0.10*8 dnsbl.sorbs.net=127.0.0.5*6 dnsbl.sorbs.net=127.0.0.7*3 dnsbl.sorbs.net=127.0.0.8*2 dnsbl.sorbs.net=127.0.0.6*2 dnsbl.sorbs.net=127.0.0.9*2
recipient_delimiter =
unverified_recipient_defer_code = 250
postscreen_upstream_proxy_protocol =
postscreen_non_smtp_command_action = drop
smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
postscreen_dnsbl_ttl = 5m
smtp_tls_mandatory_ciphers = medium
smtpd_sender_login_maps =
lmtp_connection_cache_destinations =
content_filter = smtp-amavis:[127.0.0.1]:10024
queue_run_delay = 300s
lmtp_tls_mandatory_ciphers = medium
smtp_generic_maps =
milter_connect_timeout = 30s
milter_default_action = tempfail
address_verify_negative_refresh_time = 10m
lmtp_tls_exclude_ciphers =
smtpd_end_of_data_restrictions =
smtp_tls_security_level = may
smtpd_tls_mandatory_ciphers = medium
postscreen_non_smtp_command_enable = no
lmtp_tls_CAfile =
lmtp_tls_mandatory_protocols = !SSLv2, !SSLv3
postscreen_bare_newline_action = ignore
postscreen_cache_retention_time = 7d
smtpd_milters = inet:127.0.0.1:7026
smtpd_sender_restrictions = check_sender_access regexp:/opt/zimbra/common/conf/tag_as_originating.re, permit_mynetworks, permit_sasl_authenticated, permit_tls_clientcerts, check_sender_access regexp:/opt/zimbra/common/conf/tag_as_foreign.re
smtp_tls_protocols = !SSLv2, !SSLv3
smtpd_sasl_tls_security_options = $smtpd_sasl_security_options
smtpd_tls_CApath =
smtpd_soft_error_limit = 10
postscreen_dnsbl_action = enforce
postscreen_pipelining_action = enforce
smtp_transport_rate_delay = $default_transport_rate_delay
smtp_fallback_relay =
lmtp_tls_CApath =
smtp_cname_overrides_servername = no
postscreen_dnsbl_threshold = 8
postscreen_bare_newline_ttl = 30d
smtpd_proxy_timeout = 100s
smtpd_tls_dh1024_param_file = /opt/zimbra/conf/dhparam.pem
postscreen_cache_cleanup_interval = 12h
propagate_unmatched_extensions = canonical
smtp_sasl_mechanism_filter =
milter_command_timeout = 30s
smtpd_client_auth_rate_limit = 0
non_smtpd_milters =
smtpd_tls_ciphers = export
lmdb_map_size = 16777216
smtpd_sasl_authenticated_header = no
smtpd_hard_error_limit = 20
maximal_backoff_time = 4000s
smtp_tls_CAfile =
smtpd_reject_unlisted_recipient = no
smtpd_tls_protocols = !SSLv2, !SSLv3
tls_append_default_CA = no
smtp_tls_dane_insecure_mx_policy = dane
smtp_tls_mandatory_protocols =
postscreen_dnsbl_max_ttl = ${postscreen_dnsbl_ttl?{$postscreen_dnsbl_ttl}:{1}}h
sender_canonical_maps =
smtpd_tls_received_header = no
always_add_missing_headers = yes
lmtp_connection_cache_time_limit = 4s
smtpd_tls_exclude_ciphers =
Mz
phoenix
Ambassador
Ambassador
Posts: 27272
Joined: Fri Sep 12, 2014 9:56 pm
Location: Liverpool, England

Re: Rspamd: A replacement for Spamassassin & Postscreen

Post by phoenix »

The command I gave you (this one: zmprov gacf | grep zimbraMtaPostscreen) does not modify the Postscreen settings, it merely lists your current Postscreen configuration. You'll have to modify each of those listed entries to match their default values in the list - the settings are all listed in the wiki article I gave you the link for in an earlier post. Do tell me that you're testing this install on a test server and not a live one - I don't want you to break your server. You should set-up a new server just to practice the install and configuration of the components in ZCS.
Regards

Bill

Rspamd: A high performance spamassassin replacement

Per ardua ad astra
Post Reply