Rspamd: Fast, free and open-source spam filtering system

Discuss your pilot or production implementation with other Zimbra admins or our engineers.
imx
Advanced member
Advanced member
Posts: 147
Joined: Sat Sep 13, 2014 12:30 am

Re: Rspamd: A replacement for Spamassassin & Postscreen

Post by imx »

I've noticed that when I mark something as 'SPAM' from a regular email account, the transfer to the spam training account is caught/soft rejected by RSpamd - so it never makes it to the training account.

Whitelisting the IP address won't really work, i.e the server IP address, as this would then whitelist outbound email from the web mail. Is there a way to ignore the training accounts ( zmprov -l gacf zimbraAmavisQuarantineAccount zimbraSpamIsSpamAccount zimbraSpamIsNotSpamAccount) that I've missed?

I ran a search through this thread, but didn't find anything. I guess I'll start reading the 22+ pages....
imx
Advanced member
Advanced member
Posts: 147
Joined: Sat Sep 13, 2014 12:30 am

Re: Rspamd: A replacement for Spamassassin & Postscreen

Post by imx »

https://rspamd.com/doc/configuration/settings.html

Presumably a local settings override for the training accounts:

Code: Select all

whitelist {
	priority = low;
	rcpt = "postmaster@example.com";
	want_spam = yes;
}
.....want_spam option. This option disable ALL Rspamd rules, even history or data exporting. Actually, it is a full bypass of all Rspamd processing
EDIT:

Yup, then it works as it should:

Code: Select all

20220726105705 Starting spam/ham extraction from system accounts.
2022-07-26 10:57:07,642 [main] INFO : Total messages processed: 1
2022-07-26 10:57:09,828 [main] INFO : Total messages processed: 1

Code: Select all

su - zimbra
zmprov -l gacf zimbraAmavisQuarantineAccount zimbraSpamIsSpamAccount zimbraSpamIsNotSpamAccount
vi /etc/rspamd/local.d/settings.conf

Code: Select all

training_spam {
   priority = low;
   rcpt = "spam.xxxxxxx@mail.xxxxx.com";
   want_spam = yes;
}

training_ham {
   priority = low;
   rcpt = "ham.xxxxxx@mail.xxxxxx.com";
   want_spam = yes;
}

virus_quarantine {
   priority = low;
   rcpt = "virus-quarantine.xxxxx@mail.xxxxxx.com";
   want_spam = yes;
}

Code: Select all

rspamadm configtest
syntax OK
... then restart rspam
phoenix
Ambassador
Ambassador
Posts: 27272
Joined: Fri Sep 12, 2014 9:56 pm
Location: Liverpool, England

Re: Rspamd: A replacement for Spamassassin & Postscreen

Post by phoenix »

I don't use that file and I've never had any problem sending an email to the Junk folder. For marking domains and individual email addresses as spam I use the following:

https://gist.github.com/kvaps/25507a87d ... ec2d60ebc1
Regards

Bill

Rspamd: A high performance spamassassin replacement

Per ardua ad astra
imx
Advanced member
Advanced member
Posts: 147
Joined: Sat Sep 13, 2014 12:30 am

Re: Rspamd: A replacement for Spamassassin & Postscreen

Post by imx »

phoenix wrote:I don't use that file and I've never had any problem sending an email to the Junk folder. Ffor marking domains and individual email addresses as spam I use the following:

https://gist.github.com/kvaps/25507a87d ... ec2d60ebc1
I suspect you would with HAM training, i.e the reverse, if it's already been caught as spam, ending up in the junk folder, its not going to let you redirect/mark as HAM... I would suspect.

Anyway, it's there if anyone else needs/wants it. Seems silly to NOT tell it to skip the training accounts, in my view.
phoenix
Ambassador
Ambassador
Posts: 27272
Joined: Fri Sep 12, 2014 9:56 pm
Location: Liverpool, England

Re: Rspamd: A replacement for Spamassassin & Postscreen

Post by phoenix »

imx wrote:I suspect you would with HAM training, i.e the reverse, if it's already been caught as spam, ending up in the junk folder, its not going to let you redirect/mark as HAM... I would suspect.
No, the reverse is possible and, again, marking something as not spam doesn't have any effect other than moving it to the Inbox, ham training account etc.
imx wrote:Anyway, it's there if anyone else needs/wants it. Seems silly to NOT tell it to skip the training accounts, in my view.
AFAIK, the settings file is for applying more/different settings to inbound mail other than it's just "spam" and, as I mentioned, I don't use that feature as it's not applicable to my inbound email but I can see why it would be useful in a larger environment.
Regards

Bill

Rspamd: A high performance spamassassin replacement

Per ardua ad astra
imx
Advanced member
Advanced member
Posts: 147
Joined: Sat Sep 13, 2014 12:30 am

Re: Rspamd: A replacement for Spamassassin & Postscreen

Post by imx »

phoenix wrote:No, the reverse is possible and, again, marking something as not spam doesn't have any effect other than moving it to the Inbox, ham training account etc.
If I click 'Not Spam' from the Junk folder in the web UI it automatically forwards the email to the ham training account - as well as moving it to the Inbox - also if I just move an email out of the Junk box, it does the same. I can see it in the rspam history logs.

... but hey, perhaps my deployment is just some weird exception.
imx
Advanced member
Advanced member
Posts: 147
Joined: Sat Sep 13, 2014 12:30 am

Re: Rspamd: Fast, free and open-source spam filtering system

Post by imx »

Also adding this here, just in case.

I had problems with a working rspam setup, becoming a non-working setup after installing 8.8.15 patch 41 - nothing was going through rspam, after checking the milter/postconf configuration.

For me, I *think* disabling FIPs in the 8.8.15 patch 41 release notes, then restarting Zimbra, fixed it:

https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/P41

I now see 'stuff' going through the rspam and the mail headers are back.
imx
Advanced member
Advanced member
Posts: 147
Joined: Sat Sep 13, 2014 12:30 am

Re: Rspamd: Fast, free and open-source spam filtering system

Post by imx »

I have tested again this morning with the FIPS OpenSSL enabled - and all appears well.

I suspect my issues was not restarting Zimbra, after re-applying the custom postconf (those not stored in LDAP) - as this patch 41 included an updated Postfix package.
User avatar
LAB3W.ORJ
Advanced member
Advanced member
Posts: 76
Joined: Sat Feb 19, 2022 3:16 pm
Location: InterNet
ZCS/ZD Version: 8.8.15.GA.4179.UBUNTU20.64 FOSS P44
Contact:

Re: Rspamd: Fast, free and open-source spam filtering system

Post by LAB3W.ORJ »

Hi,

Thank you very much for developing Rspamd !!

I'm trying to understand how to take an "action" if the email is not completely valid DMARC - either on the DKIM signature or on the SPF. Do I have to introduce one or more “munging” restrictions ?
https://rspamd.com/doc/modules/dmarc.html#dmarc-munging

And for reporting how to do with several recipient domains ?
https://rspamd.com/doc/modules/dmarc.html#reporting

My configuration :

Code: Select all

$ su - zimbra -c 'zmcontrol -v'
Release 8.8.15.GA.4179.UBUNTU20.64 UBUNTU20_64 FOSS edition, Patch 8.8.15_P44.

Code: Select all

$ rspamadm --version
Rspamadm 3.7.4

Code: Select all

$ vim /etc/rspamd/local.d/milter_headers.conf
extended_spam_headers = true;

Code: Select all

$ vim /etc/rspamd/local.d/spf.conf
spf_cache_size = 1k; # cache up to 1000 of the most recent SPF records
spf_cache_expire = 1d; # default max expire for an element in this cache
max_dns_nesting = 10; # maximum number of recursive DNS subrequests
max_dns_requests = 30; # maximum count of DNS requests per record
min_cache_ttl = 5m; # minimum TTL enforced for all elements in SPF records
disable_ipv6 = false; # disable all IPv6 lookups
#whitelist = "/path/to/some/file"; # whitelist IPs from checks

Code: Select all

$ vim /etc/rspamd/local.d/dkim.conf
symbol_allow = "R_DKIM_ALLOW"; # (string): symbol to insert in case of allow (default: ‘R_DKIM_ALLOW’)
symbol_reject = "R_DKIM_REJECT"; # (string): symbol to insert (default: ‘R_DKIM_REJECT’)
symbol_tempfail = "R_DKIM_TEMPFAIL"; # (string): symbol to insert in case of temporary fail (default: ‘R_DKIM_TEMPFAIL’)
symbol_permfail = "R_DKIM_PERMFAIL"; #(string): symbol to insert in case of permanent failure (default: ‘R_DKIM_PERMFAIL’)
symbol_na = "R_DKIM_NA"; # (string): symbol to insert in case of no signing (default: ‘R_DKIM_NA’)
#whitelist = ""; # (map): map of whitelisted networks
#domains = ""; # (map): map of domains to check
#strict_multiplier = ""; # (number): multiplier for strict domains
#time_jitter = ""; # (number): jitter in seconds to allow time diff while checking
trusted_only = false; # (boolean): check signatures only for domains in ‘domains’ map
dkim_cache_size = "1000"; # (number): cache up to 1000 of the most recent DKIM records
dkim_cache_expire = "1000"; # (time): default max expire for an element in this cache
skip_multi = false; # (boolean): skip DKIM check for messages with multiple signatures

Code: Select all

$ vim /etc/rspamd/local.d/dmarc.conf
dmarc {

}
If you can help me it would be a powerful strength ;)

Thanks.

Message sent from Gmail in receipt filtered by Rspamd:

Code: Select all

X-Rspamd-Action: no action
X-Spamd-Result: default: False [2.00 / 15.00];
	SUBJ_ALL_CAPS(3.00)[40];
	DMARC_POLICY_ALLOW(-0.50)[gmail.com,none];
	R_DKIM_ALLOW(-0.20)[gmail.com:s=20230601];
	R_SPF_ALLOW(-0.20)[+ip6:2607:f8b0:4000::/36:c];
	MIME_GOOD(-0.10)[multipart/alternative,text/plain];
	RCPT_COUNT_ONE(0.00)[1];
	ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US];
	RCVD_COUNT_ONE(0.00)[1];
	MIME_TRACE(0.00)[0:+,1:+,2:~];
	REDIRECTOR_URL(0.00)[twitter.com];
	FREEMAIL_FROM(0.00)[gmail.com];
	MISSING_XM_UA(0.00)[];
	DWL_DNSWL_BLOCKED(0.00)[gmail.com:dkim];
	ARC_NA(0.00)[];
	FREEMAIL_ENVFROM(0.00)[gmail.com];
	TAGGED_FROM(0.00)[];
	FROM_EQ_ENVFROM(0.00)[];
	FROM_HAS_DN(0.00)[];
	RCVD_TLS_LAST(0.00)[];
	PREVIOUSLY_DELIVERED(0.00)[lab3w.orj (AT) zw3b (DOT) eu];
	TO_MATCH_ENVRCPT_ALL(0.00)[];
	TO_DN_ALL(0.00)[];
	MID_RHS_MATCH_FROMTLD(0.00)[];
	DKIM_TRACE(0.00)[gmail.com:+]
Rspamd doc configuration : Composite symbols, Symbols scores and metrics setup
Rspamd doc modules; Whitelist ?

Serverfault : rspamd Whitelis/Blacklist per domain before filtering
Direct Admin : Enable Greylist and block domain
NethServer : Rspamd whitelist

I'll get away with that ;)

Rspamd (conf) by @vstakhov (Vsevolod Stakhov)

:D

For les frenchies : Rspamd est plus qu’un simple antispam..

Greets,
Romain.
LAB3W : O.R.J
Freelance | LAMP Consultant (W3C.Master: Analyst.SSI/Dev.OpS/WebDev)
Web and Networks Lab - Internet Engineering - Creator ZW3B [EU|FR|TV|NET|COM|SITE|BLOG]
FoxStudio
Posts: 6
Joined: Thu Nov 30, 2023 6:58 pm
ZCS/ZD Version: Release 10.0.6.GA.4518.UBUNTU20_64

Re: Rspamd: Fast, free and open-source spam filtering system

Post by FoxStudio »

Hello , Yes , here I am again @phoenix
Is your Rspamd config compatible with the latest version of Zimbra?
IF so, how do I reset the previous configuration I set up with this?
https://www.missioncriticalemail.com/20 ... practices/
FoxStudio
With RSPamd
Post Reply