Rspamd: Fast, free and open-source spam filtering system
Re: Rspamd: A replacement for Spamassassin & Postscreen
I've noticed that when I mark something as 'SPAM' from a regular email account, the transfer to the spam training account is caught/soft rejected by RSpamd - so it never makes it to the training account.
Whitelisting the IP address won't really work, i.e the server IP address, as this would then whitelist outbound email from the web mail. Is there a way to ignore the training accounts ( zmprov -l gacf zimbraAmavisQuarantineAccount zimbraSpamIsSpamAccount zimbraSpamIsNotSpamAccount) that I've missed?
I ran a search through this thread, but didn't find anything. I guess I'll start reading the 22+ pages....
Whitelisting the IP address won't really work, i.e the server IP address, as this would then whitelist outbound email from the web mail. Is there a way to ignore the training accounts ( zmprov -l gacf zimbraAmavisQuarantineAccount zimbraSpamIsSpamAccount zimbraSpamIsNotSpamAccount) that I've missed?
I ran a search through this thread, but didn't find anything. I guess I'll start reading the 22+ pages....
Re: Rspamd: A replacement for Spamassassin & Postscreen
https://rspamd.com/doc/configuration/settings.html
Presumably a local settings override for the training accounts:
Yup, then it works as it should:
vi /etc/rspamd/local.d/settings.conf
... then restart rspam
Presumably a local settings override for the training accounts:
Code: Select all
whitelist {
priority = low;
rcpt = "postmaster@example.com";
want_spam = yes;
}
EDIT:.....want_spam option. This option disable ALL Rspamd rules, even history or data exporting. Actually, it is a full bypass of all Rspamd processing
Yup, then it works as it should:
Code: Select all
20220726105705 Starting spam/ham extraction from system accounts.
2022-07-26 10:57:07,642 [main] INFO : Total messages processed: 1
2022-07-26 10:57:09,828 [main] INFO : Total messages processed: 1
Code: Select all
su - zimbra
zmprov -l gacf zimbraAmavisQuarantineAccount zimbraSpamIsSpamAccount zimbraSpamIsNotSpamAccount
Code: Select all
training_spam {
priority = low;
rcpt = "spam.xxxxxxx@mail.xxxxx.com";
want_spam = yes;
}
training_ham {
priority = low;
rcpt = "ham.xxxxxx@mail.xxxxxx.com";
want_spam = yes;
}
virus_quarantine {
priority = low;
rcpt = "virus-quarantine.xxxxx@mail.xxxxxx.com";
want_spam = yes;
}
Code: Select all
rspamadm configtest
syntax OK
Re: Rspamd: A replacement for Spamassassin & Postscreen
I don't use that file and I've never had any problem sending an email to the Junk folder. For marking domains and individual email addresses as spam I use the following:
https://gist.github.com/kvaps/25507a87d ... ec2d60ebc1
https://gist.github.com/kvaps/25507a87d ... ec2d60ebc1
Re: Rspamd: A replacement for Spamassassin & Postscreen
I suspect you would with HAM training, i.e the reverse, if it's already been caught as spam, ending up in the junk folder, its not going to let you redirect/mark as HAM... I would suspect.phoenix wrote:I don't use that file and I've never had any problem sending an email to the Junk folder. Ffor marking domains and individual email addresses as spam I use the following:
https://gist.github.com/kvaps/25507a87d ... ec2d60ebc1
Anyway, it's there if anyone else needs/wants it. Seems silly to NOT tell it to skip the training accounts, in my view.
Re: Rspamd: A replacement for Spamassassin & Postscreen
No, the reverse is possible and, again, marking something as not spam doesn't have any effect other than moving it to the Inbox, ham training account etc.imx wrote:I suspect you would with HAM training, i.e the reverse, if it's already been caught as spam, ending up in the junk folder, its not going to let you redirect/mark as HAM... I would suspect.
AFAIK, the settings file is for applying more/different settings to inbound mail other than it's just "spam" and, as I mentioned, I don't use that feature as it's not applicable to my inbound email but I can see why it would be useful in a larger environment.imx wrote:Anyway, it's there if anyone else needs/wants it. Seems silly to NOT tell it to skip the training accounts, in my view.
Re: Rspamd: A replacement for Spamassassin & Postscreen
If I click 'Not Spam' from the Junk folder in the web UI it automatically forwards the email to the ham training account - as well as moving it to the Inbox - also if I just move an email out of the Junk box, it does the same. I can see it in the rspam history logs.phoenix wrote:No, the reverse is possible and, again, marking something as not spam doesn't have any effect other than moving it to the Inbox, ham training account etc.
... but hey, perhaps my deployment is just some weird exception.
Re: Rspamd: Fast, free and open-source spam filtering system
Also adding this here, just in case.
I had problems with a working rspam setup, becoming a non-working setup after installing 8.8.15 patch 41 - nothing was going through rspam, after checking the milter/postconf configuration.
For me, I *think* disabling FIPs in the 8.8.15 patch 41 release notes, then restarting Zimbra, fixed it:
https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/P41
I now see 'stuff' going through the rspam and the mail headers are back.
I had problems with a working rspam setup, becoming a non-working setup after installing 8.8.15 patch 41 - nothing was going through rspam, after checking the milter/postconf configuration.
For me, I *think* disabling FIPs in the 8.8.15 patch 41 release notes, then restarting Zimbra, fixed it:
https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/P41
I now see 'stuff' going through the rspam and the mail headers are back.
Re: Rspamd: Fast, free and open-source spam filtering system
I have tested again this morning with the FIPS OpenSSL enabled - and all appears well.
I suspect my issues was not restarting Zimbra, after re-applying the custom postconf (those not stored in LDAP) - as this patch 41 included an updated Postfix package.
I suspect my issues was not restarting Zimbra, after re-applying the custom postconf (those not stored in LDAP) - as this patch 41 included an updated Postfix package.
- LAB3W.ORJ
- Advanced member
- Posts: 76
- Joined: Sat Feb 19, 2022 3:16 pm
- Location: InterNet
- ZCS/ZD Version: 8.8.15.GA.4179.UBUNTU20.64 FOSS P44
- Contact:
Re: Rspamd: Fast, free and open-source spam filtering system
Hi,
Thank you very much for developing Rspamd !!
I'm trying to understand how to take an "action" if the email is not completely valid DMARC - either on the DKIM signature or on the SPF. Do I have to introduce one or more “munging” restrictions ?
https://rspamd.com/doc/modules/dmarc.html#dmarc-munging
And for reporting how to do with several recipient domains ?
https://rspamd.com/doc/modules/dmarc.html#reporting
My configuration :
If you can help me it would be a powerful strength
Thanks.
Message sent from Gmail in receipt filtered by Rspamd:
Rspamd doc configuration : Composite symbols, Symbols scores and metrics setup
Rspamd doc modules; Whitelist ?
Serverfault : rspamd Whitelis/Blacklist per domain before filtering
Direct Admin : Enable Greylist and block domain
NethServer : Rspamd whitelist
I'll get away with that
Rspamd (conf) by @vstakhov (Vsevolod Stakhov)
For les frenchies : Rspamd est plus qu’un simple antispam..
Greets,
Romain.
Thank you very much for developing Rspamd !!
I'm trying to understand how to take an "action" if the email is not completely valid DMARC - either on the DKIM signature or on the SPF. Do I have to introduce one or more “munging” restrictions ?
https://rspamd.com/doc/modules/dmarc.html#dmarc-munging
And for reporting how to do with several recipient domains ?
https://rspamd.com/doc/modules/dmarc.html#reporting
My configuration :
Code: Select all
$ su - zimbra -c 'zmcontrol -v'
Release 8.8.15.GA.4179.UBUNTU20.64 UBUNTU20_64 FOSS edition, Patch 8.8.15_P44.
Code: Select all
$ rspamadm --version
Rspamadm 3.7.4
Code: Select all
$ vim /etc/rspamd/local.d/milter_headers.conf
extended_spam_headers = true;
Code: Select all
$ vim /etc/rspamd/local.d/spf.conf
spf_cache_size = 1k; # cache up to 1000 of the most recent SPF records
spf_cache_expire = 1d; # default max expire for an element in this cache
max_dns_nesting = 10; # maximum number of recursive DNS subrequests
max_dns_requests = 30; # maximum count of DNS requests per record
min_cache_ttl = 5m; # minimum TTL enforced for all elements in SPF records
disable_ipv6 = false; # disable all IPv6 lookups
#whitelist = "/path/to/some/file"; # whitelist IPs from checks
Code: Select all
$ vim /etc/rspamd/local.d/dkim.conf
symbol_allow = "R_DKIM_ALLOW"; # (string): symbol to insert in case of allow (default: ‘R_DKIM_ALLOW’)
symbol_reject = "R_DKIM_REJECT"; # (string): symbol to insert (default: ‘R_DKIM_REJECT’)
symbol_tempfail = "R_DKIM_TEMPFAIL"; # (string): symbol to insert in case of temporary fail (default: ‘R_DKIM_TEMPFAIL’)
symbol_permfail = "R_DKIM_PERMFAIL"; #(string): symbol to insert in case of permanent failure (default: ‘R_DKIM_PERMFAIL’)
symbol_na = "R_DKIM_NA"; # (string): symbol to insert in case of no signing (default: ‘R_DKIM_NA’)
#whitelist = ""; # (map): map of whitelisted networks
#domains = ""; # (map): map of domains to check
#strict_multiplier = ""; # (number): multiplier for strict domains
#time_jitter = ""; # (number): jitter in seconds to allow time diff while checking
trusted_only = false; # (boolean): check signatures only for domains in ‘domains’ map
dkim_cache_size = "1000"; # (number): cache up to 1000 of the most recent DKIM records
dkim_cache_expire = "1000"; # (time): default max expire for an element in this cache
skip_multi = false; # (boolean): skip DKIM check for messages with multiple signatures
Code: Select all
$ vim /etc/rspamd/local.d/dmarc.conf
dmarc {
}
Thanks.
Message sent from Gmail in receipt filtered by Rspamd:
Code: Select all
X-Rspamd-Action: no action
X-Spamd-Result: default: False [2.00 / 15.00];
SUBJ_ALL_CAPS(3.00)[40];
DMARC_POLICY_ALLOW(-0.50)[gmail.com,none];
R_DKIM_ALLOW(-0.20)[gmail.com:s=20230601];
R_SPF_ALLOW(-0.20)[+ip6:2607:f8b0:4000::/36:c];
MIME_GOOD(-0.10)[multipart/alternative,text/plain];
RCPT_COUNT_ONE(0.00)[1];
ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US];
RCVD_COUNT_ONE(0.00)[1];
MIME_TRACE(0.00)[0:+,1:+,2:~];
REDIRECTOR_URL(0.00)[twitter.com];
FREEMAIL_FROM(0.00)[gmail.com];
MISSING_XM_UA(0.00)[];
DWL_DNSWL_BLOCKED(0.00)[gmail.com:dkim];
ARC_NA(0.00)[];
FREEMAIL_ENVFROM(0.00)[gmail.com];
TAGGED_FROM(0.00)[];
FROM_EQ_ENVFROM(0.00)[];
FROM_HAS_DN(0.00)[];
RCVD_TLS_LAST(0.00)[];
PREVIOUSLY_DELIVERED(0.00)[lab3w.orj (AT) zw3b (DOT) eu];
TO_MATCH_ENVRCPT_ALL(0.00)[];
TO_DN_ALL(0.00)[];
MID_RHS_MATCH_FROMTLD(0.00)[];
DKIM_TRACE(0.00)[gmail.com:+]
Rspamd doc modules; Whitelist ?
Serverfault : rspamd Whitelis/Blacklist per domain before filtering
Direct Admin : Enable Greylist and block domain
NethServer : Rspamd whitelist
I'll get away with that
Rspamd (conf) by @vstakhov (Vsevolod Stakhov)
For les frenchies : Rspamd est plus qu’un simple antispam..
Greets,
Romain.
-
- Posts: 6
- Joined: Thu Nov 30, 2023 6:58 pm
- ZCS/ZD Version: Release 10.0.6.GA.4518.UBUNTU20_64
Re: Rspamd: Fast, free and open-source spam filtering system
Hello , Yes , here I am again @phoenix
Is your Rspamd config compatible with the latest version of Zimbra?
IF so, how do I reset the previous configuration I set up with this?
https://www.missioncriticalemail.com/20 ... practices/
FoxStudio
Is your Rspamd config compatible with the latest version of Zimbra?
IF so, how do I reset the previous configuration I set up with this?
https://www.missioncriticalemail.com/20 ... practices/
FoxStudio
With RSPamd