Hi, I'm writing because I need help, I can't find a solution to the problem myself. If I do something wrong I apologize in advance is my first post. I also want to thank you for the great work behind Ispconfig and the possibility of using it freely. My installation is Debian GNU / Linux 9.13 (stretch), Ispconfig 3.2.5. single server. Following the tutorials: The Perfect Server - Debian 9 (Stretch) with Apache, BIND, Dovecot, PureFTPD and ISPConfig 3.1 Replacing Amavisd with Rspamd in ISPConfig 3.1 on Debian and Ubuntu apache2 2.4.25-3+deb9u9 postfix 3.1.15-0+deb9u1 dovecot-core 1:2.2.27-3+deb9u7 dovecot-sieve 1:2.2.27-3+ rspamd 2.7-42~stretch The problem, there are some email accounts that have configured forwarding a copy to external providers, and the emails marked as *** SPAM *** by rspmad are also being sent to the final destination. This is the configuration that I have in the email account in the control panel I have a custom rule for an antispam proxy placed in front of ispconfig Code: # Move spam to spam folder if exists "X-Assp-Spam" { if header :contains "X-Assp-Spam" "NO" { } else { fileinto "Junk"; stop; } } This is the content generated in sieve filters: /var/vmail/mydomain.es/pepito.perez/.ispconfig-before.sieve Code: # This sieve script is generated by ISPConfig, any changes made will be overwritten. # You can create and activate a per-user sieve script (manually or via managesieve), # which will execute after this. require ["fileinto", "mailbox", "regex", "date", "relational", "vacation", "imap4flags", "envelope", "subaddress", "copy", "reject"]; # Move spam to spam folder if anyof (header :is ["X-Spam", "X-Spam-Flag"] "Yes", header :matches "X-Spam-Status" "Yes, *") { fileinto :create "Junk"; # Stop here so that we do not reply on spams stop; } # Move spam to spam folder if exists "X-Assp-Spam" { if header :contains "X-Assp-Spam" "NO" { } else { fileinto "Junk"; stop; } } # Send a copy of email to redirect :copy "[email protected]"; There is nothing in: /var/vmail/mydomain.es/pepito.perez/.ispconfig.sieve An example rspamd history: This is the email received in the final account ([email protected]): Header in final destination: Code: Received: from AM5EUR03HT191.eop-EUR03.prod.protection.outlook.com (2603:10a6:203:69::29) by AM7PR09MB4246.eurprd09.prod.outlook.com with HTTPS via AM5PR0202CA0019.EURPRD02.PROD.OUTLOOK.COM; Wed, 1 Sep 2021 20:32:20 +0000 Received: from AM5EUR03FT010.eop-EUR03.prod.protection.outlook.com (2a01:111:e400:7e08::41) by AM5EUR03HT191.eop-EUR03.prod.protection.outlook.com (2a01:111:e400:7e08::457) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4478.19; Wed, 1 Sep 2021 20:32:19 +0000 Authentication-Results: spf=softfail (sender IP is xxx.xxx.xxx.xxx) smtp.mailfrom=scoutcamp.bounces.google.com; mydomain.es; dkim=fail (signature did not verify) header.d=google.com;mydomain.es; dmarc=fail action=oreject header.from=google.com;compauth=fail reason=000 Received-SPF: SoftFail (protection.outlook.com: domain of transitioning scoutcamp.bounces.google.com discourages use of xxx.xxx.xxx.xxx as permitted sender) Received: from mail.mydomain.es (xxx.xxx.xxx.xxx) by AM5EUR03FT010.mail.protection.outlook.com (10.152.16.134) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4478.19 via Frontend Transport; Wed, 1 Sep 2021 20:32:18 +0000 X-IncomingTopHeaderMarker: OriginalChecksum:73B379666FBF749489CA071BC4A240EE8303D48CA94F0EB758B0568AB184BD1F;UpperCasedChecksum:862EC2BD5CD93E3B25EF31D04E4A3493FA3A66CB03F8A54FABE899FF6E5AB6A4;SizeAsReceived:4169;Count:32 Received: from proxyantispam.mydomain.es (unknown [192.168.1.8]) by mail.mydomain.es (Postfix) with ESMTPS id C2A452224F for <[email protected]>; Wed, 1 Sep 2021 22:32:16 +0200 (CEST) Received: from mail-qv1-f71.google.com (unknown [192.168.1.8]) by mail.mydomain.es (Postfix) with ESMTPS id 93DD9435E5 for <[email protected]>; Wed, 1 Sep 2021 22:24:10 +0200 (CEST) X-Assp-ID: proxyantispam.mydomain.es m1-27850-05938 X-Assp-Session: AF78439C (mail 1) X-Assp-Client-TLS: yes X-Assp-Server-TLS: yes X-ASSP-DKIMidentity: @google.com X-Original-Authentication-Results: proxyantispam.mydomain.es; dkim=pass; spf=pass; dmarc=pass X-Assp-DKIM: verified-OK Received: from mail-qv1-f71.google.com ([209.85.219.71] helo=mail-qv1-f71.google.com) by proxyantispam.mydomain.es with SMTPS(TLSv1_2 ECDHE-RSA-AES128-GCM-SHA256) (2.6.1); 1 Sep 2021 22:24:09 +0200 Received: by mail-qv1-f71.google.com with SMTP id t12-20020ad45bcc000000b003772069d04aso856636qvt.19 for <[email protected]>; Wed, 01 Sep 2021 13:24:11 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:date:reply-to:feedback-id:message-id:subject:from:to; bh=8uLry/qT2z840R+ZHlGgCUdVD9Sk+PpqdyyKOyoLPqE=; b=FxRSbUmXZDvx3kaFFuLRciuljnePqZI4nJuv7Ux3Oe4OhkLBfS2UQiyLIcRTWgwx8C FRkXaSmexoJF629uD8VxGbW6htKJhAVfZYXCBjJ/rsAVMwioJsiMleA+NAaRgOAG7w9+ 3LmvluqiFot04xyY68YATu8gnKghPpCKAmILbijw+xkcAk4gJ9a2X9xAt+HdJcaWTlhP 1MiCaoJlSCNsLoXaLnQ2NW/ogfLEX0yC50JK7hACrBXMiuswf79NCdh5XyBr6SbVpXil y428r1RqBbvH6DblmlkmtTR7SJ4VUt8oJdVxeEuZ5ygdUTpjUgRs8hT3QSUI3n8GSLa/ CE6A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:date:reply-to:feedback-id :message-id:subject:from:to; bh=8uLry/qT2z840R+ZHlGgCUdVD9Sk+PpqdyyKOyoLPqE=; b=Fc31Vj2uhnjrQ3hn6eUKl6ntPqoXjZpK1VdIbuI5aB25ze3ru2JDbRC3ykk3H4+Twp FQu5gBwYssTwTZ/fqHBlV3Pr14z0/p0U0/0u2PjsECFnf7epymImaSe+7mds0rjdNXeO cOYwOlQPKg1J5TbzszDJKKOHmBjRw7tDi9IsY+WBunIyTCtuO1wggQB4jx9IBSkqhF81 ggmuE5RTdQniUGIv5ayolJ8QMKZeYw2hek/WugQytWm/551U9m9oCK9qStrQ0oycXZyP CaXlt3R2Ryp5Pvchr/vA4td2GeyXVV4UwMIP0M7N7UAjC7LfAfzlcJifi3SNFd3bmHmV DdcQ== X-Gm-Message-State: AOAM5316xJfGXccix/7fZkiDEUJ7jT6mZkRWumIvowoBWthTtW+PUZgn MRwmPAYoKL7kVH4= X-Google-Smtp-Source: ABdhPJx6Ulh4zK5/SridKhLsGnjeMg6MoOFCNi6HDE9RK7dvends8VkhXGKr0Ew4e2HB+e7kN2oXKcc= MIME-Version: 1.0 X-Received: by 2002:ae9:e915:: with SMTP id x21mr1445644qkf.183.1630527849407; Wed, 01 Sep 2021 13:24:09 -0700 (PDT) Date: Wed, 01 Sep 2021 13:24:09 -0700 Reply-To: Google Payments <[email protected]> X-Google-Id: 4063240 Feedback-ID: P1901-0:C20145220:M110398249-es:gamma X-Notifications: GAMMA:<8471421ae0860c36ed7ca993165a9586164a8bd4-20145220-110889784@google.com> X-Notifications-Bounce-Info: AXvZQxdSiul_2iq2iO0IBjD-ngUdcpK0PUEJmqaHtjdROS9FGaUtQsBkwU5MkwoMN1488emsLYsYEmIkf8E_EEEqpGTFFqKaMtUAYuhfABfkW8qUcFfJFcJZsGJ20u-oo1IeSFPFECu-n7nPGexnWMN35TQdZNGyDRfnNAhUaQp6QRYD0UBcgRCkaRKq4I5bjfE7xKDeu1a-ggvTynWPTEkwmPXuNW5RKxqHNTbxkXCKzCCgsRP25eXrhFqnHLwRxBeQWgLi99W5DXSnEb7B_59KnUwNjAwNjA0MDQxNTM1NTk2OTMzMg Message-ID: <8471421ae0860c36ed7ca993165a9586164a8bd4-20145220-110889784@google.com> Subject: *** SPAM *** Tus cuentas y contratos de Google Cloud y Google Workspace se han migrado a Google Cloud EMEA Ltd. From: Google Payments <[email protected]> To: [email protected] Content-Type: multipart/alternative; boundary="00000000000042a40f05caf4d9d1" Authentication-Results-Original: mail.mydomain.es; dkim=pass header.d=google.com header.s=20161025 header.b=FxRSbUmX; spf=softfail (mail.mydomain.es: 192.168.1.8 is neither permitted nor denied by domain of 3aeEvYRAKCforc0ogpvu-pqtgrn0iqqing.eqoceqttcngufqxxce.eqo@scoutcamp.bounces.google.com) smtp.mailfrom=3aeEvYRAKCforc0ogpvu-pqtgrn0iqqing.eqoceqttcngufqxxce.eqo@scoutcamp.bounces.google.com; dmarc=pass (policy=reject) header.from=google.com X-Spamd-Bar: +++++++++ X-Spam-Level: ********* X-Spam-Status: Yes, score=9.34 X-IncomingHeaderCount: 32 Return-Path: 3aeEvYRAKCforc0ogpvu-pqtgrn0iqqing.eqoceqttcngufqxxce.eqo@scoutcamp.bounces.google.com ... X-Sender-IP: xxx.xxx.xxx.xxx ... X-Message-Info: ... 5vMbyqxGkddbHVl68g2w37GKbXYzHnlHlMGpsZ8T8ztYIoCuBEHNT5+/F3R3WaLvXapKSTmP/LPOwabS2ZISl1aE09vAcZU6tu9ASFPhHjbXUl4AZ1Wjef/RdCdZtH4d+KSZM6sxBKbTLE+XnTWoVFSQDqEgeJiJxS1aZQcdR+3A3YYhJnLu+d4geyYD+CmZzwZQPRocEGDzXeGQSzqO5w== X-Message-Delivery: Vj0xLjE7dXM9MDtsPTA7YT0xO0Q9MTtHRD0xO1NDTD0tMQ== X-Microsoft-Antispam-Mailbox-Delivery: rwl:1;ucf:0;jmr:0;ex:0;psp:0;auth:0;dest:I;OFR:TrustedRecipientList;ENG:(5062000282)(90000117)(90005022)(91005020)(91035115)(91044021)(91045095)(9050020)(9100335)(5061607266)(5061608174)(4900115)(2008001114)(2008000189)(2008010094)(2008120379)(2008019284)(2008020189)(2008130189)(2008160189)(2008021020)(2021050001)(58390106)(98390106)(8390246)(8377080)(8386120)(8376100)(8391040)(210498285)(210499095)(210410095)(4920090)(6355004)(4950131)(510107); In mail.log Code: Sep 1 22:24:13 mail postfix/cleanup[2565]: 4D6162224F: message-id=<8471421ae0860c36ed7ca993165a9586164a8bd4-20145220-110889784@google.com> Sep 1 22:32:16 mail postfix/cleanup[2963]: C2A452224F: message-id=<8471421ae0860c36ed7ca993165a9586164a8bd4-20145220-110889784@google.com> Sep 1 22:32:17 mail dovecot: lmtp([email protected]): yAlKFlHjL2GXCwAAB1iHmQ: sieve: msgid=<8471421ae0860c36ed7ca993165a9586164a8bd4-20145220-110889784@google.com>: stored mail into mailbox 'Junk' Sep 1 22:32:19 mail postfix/smtp[2966]: C2A452224F: to=<[email protected]>, orig_to=<[email protected]>, relay=303034526.pamx1.hotmail.com[104.47.8.33]:25, delay=2.5, delays=0.64/0.01/1.5/0.35, dsn=2.6.0, status=sent (250 2.6.0 <8471421ae0860c36ed7ca993165a9586164a8bd4-20145220-110889784@google.com> [InternalId=135832635713351, Hostname=AM5EUR03HT191.eop-EUR03.prod.protection.outlook.com] 82797 bytes in 0.203, 397.503 KB/sec Queued mail for delivery -> 250 2.1.5) In postfix main.cf Code: smtpd_banner = $myhostname ESMTP $mail_name biff = no append_dot_mydomain = no readme_directory = /usr/share/doc/postfix compatibility_level = 2 smtpd_tls_cert_file = /etc/postfix/smtpd.cert smtpd_tls_key_file = /etc/postfix/smtpd.key smtpd_use_tls = yes smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination myhostname = mail.mydomain.es alias_maps = hash:/etc/aliases, hash:/var/lib/mailman/data/aliases alias_database = hash:/etc/aliases, hash:/var/lib/mailman/data/aliases myorigin = /etc/mailname mydestination = mail.mydomain.es, localhost, localhost.localdomain relayhost = mynetworks = 127.0.0.0/8 [::1]/128 mailbox_size_limit = 0 recipient_delimiter = + inet_interfaces = all inet_protocols = all html_directory = /usr/share/doc/postfix/html virtual_alias_domains = proxy:mysql:/etc/postfix/mysql-virtual_alias_domains.cf virtual_alias_maps = hash:/var/lib/mailman/data/virtual-mailman, proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf, proxy:mysql:/etc/postfix/mysql-virtual_alias_maps.cf, proxy:mysql:/etc/postfix/mysql-virtual_email2email.cf virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains.cf virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf virtual_mailbox_base = /var/vmail virtual_uid_maps = proxy:mysql:/etc/postfix/mysql-virtual_uids.cf virtual_gid_maps = proxy:mysql:/etc/postfix/mysql-virtual_gids.cf sender_bcc_maps = proxy:mysql:/etc/postfix/mysql-virtual_outgoing_bcc.cf smtpd_sasl_auth_enable = yes broken_sasl_auth_clients = yes smtpd_sasl_authenticated_header = yes smtpd_restriction_classes = greylisting greylisting = check_policy_service inet:127.0.0.1:10023 smtpd_recipient_restrictions = permit_mynetworks, reject_unknown_recipient_domain, reject_unlisted_recipient, check_recipient_access proxy:mysql:/etc/postfix/mysql-verify_recipients.cf, permit_sasl_authenticated, reject_non_fqdn_recipient, reject_unauth_destination, check_recipient_access proxy:mysql:/etc/postfix/mysql-virtual_recipient.cf, check_recipient_access mysql:/etc/postfix/mysql-virtual_policy_greylist.cf, check_policy_service unix:private/quota-status smtpd_tls_security_level = may transport_maps = hash:/var/lib/mailman/data/transport-mailman, proxy:mysql:/etc/postfix/mysql-virtual_transports.cf relay_domains = proxy:mysql:/etc/postfix/mysql-virtual_relaydomains.cf relay_recipient_maps = proxy:mysql:/etc/postfix/mysql-virtual_relayrecipientmaps.cf smtpd_sender_login_maps = proxy:mysql:/etc/postfix/mysql-virtual_sender_login_maps.cf proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $sender_bcc_maps $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $smtpd_sender_login_maps $virtual_uid_maps $virtual_gid_maps $smtpd_client_restrictions $smtpd_sender_restrictions $smtpd_recipient_restrictions $smtp_sasl_password_maps $sender_dependent_relayhost_maps smtpd_helo_required = yes smtpd_helo_restrictions = permit_mynetworks, check_helo_access regexp:/etc/postfix/helo_access, permit_sasl_authenticated, reject_invalid_helo_hostname, reject_non_fqdn_helo_hostname, check_helo_access regexp:/etc/postfix/blacklist_helo, reject_unknown_helo_hostname, permit smtpd_sender_restrictions = check_sender_access proxy:mysql:/etc/postfix/mysql-virtual_sender.cf, permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_sender, reject_unlisted_sender smtpd_client_restrictions = check_client_access proxy:mysql:/etc/postfix/mysql-virtual_client.cf, permit_inet_interfaces, permit_mynetworks, permit_sasl_authenticated, reject_rbl_client zen.spamhaus.org, reject_unauth_pipelining, permit smtpd_client_message_rate_limit = 100 maildrop_destination_concurrency_limit = 1 maildrop_destination_recipient_limit = 1 virtual_transport = lmtp:unix:private/dovecot-lmtp header_checks = regexp:/etc/postfix/header_checks mime_header_checks = regexp:/etc/postfix/mime_header_checks nested_header_checks = regexp:/etc/postfix/nested_header_checks body_checks = regexp:/etc/postfix/body_checks owner_request_special = no smtp_tls_security_level = dane smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3 smtpd_tls_protocols = !SSLv2,!SSLv3 smtp_tls_protocols = !SSLv2,!SSLv3 smtpd_tls_exclude_ciphers = RC4, aNULL smtp_tls_exclude_ciphers = RC4, aNULL dovecot_destination_recipient_limit = 1 smtpd_sasl_type = dovecot smtpd_sasl_path = private/auth message_size_limit = 0 smtpd_milters = inet:localhost:11332 non_smtpd_milters = inet:localhost:11332 milter_protocol = 6 milter_mail_macros = i {mail_addr} {client_addr} {client_name} {auth_authen} milter_default_action = accept smtpd_etrn_restrictions = permit_mynetworks, reject smtpd_data_restrictions = permit_mynetworks, reject_unauth_pipelining, reject_multi_recipient_bounce, permit smtpd_tls_mandatory_ciphers = medium tls_medium_cipherlist = ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA tls_preempt_cipherlist = yes address_verify_negative_refresh_time = 60s enable_original_recipient = yes smtpd_forbidden_commands = CONNECT,GET,POST,USER,PASS address_verify_sender_ttl = 15686s smtp_dns_support_level = dnssec smtpd_reject_unlisted_sender = no sender_dependent_relayhost_maps = proxy:mysql:/etc/postfix/mysql-virtual_sender-relayhost.cf smtp_sasl_password_maps = proxy:mysql:/etc/postfix/mysql-virtual_sender-relayauth.cf, texthash:/etc/postfix/sasl_passwd smtp_sender_dependent_authentication = yes smtp_sasl_auth_enable = yes smtp_sasl_security_options = noanonymous, noplaintext smtp_sasl_tls_security_options = noanonymous Thank's
Enable the Copy during delivery checkbox, otherwise postfix forwards the message without it ever going through dovecot, so your sieve filters are not used.
Sorry for my incompetence. I hope not to abuse your patience but I have another question. On the same system I am trying to implement SRS with postsrsd. It is working but the scritp of your post git.ispconfig.org/ispconfig/ispconfig3/-/issues/2551#note_86393 gives an error. Code: #!/bin/bash if [ ! -f /etc/default/postsrsd ]; then exit fi # delete old SRS_EXCLUDE_DOMAINS: sed -i /^SRS_EXCLUDE_DOMAINS/d /etc/default/postsrsd echo SRS_EXCLUDE_DOMAINS=\"$( echo $(hostname -f) \ $(for d in $(postconf -h mydestination | sed s/,//g); do echo $d | grep -v '\$'; done) \ $(mysql --defaults-file=/etc/mysql/debian.cnf --skip-column-names dbispconfig --execute "select domain from mail_domain where active = 'y'") \ | xargs -n1 echo | sort -u | xargs echo )\" >> /etc/default/postsrsd && systemctl restart postsrsd Code: /etc/cron.hourly/postsrsd_exclude_domains: /etc/cron.hourly/postsrsd_exclude_domains: línea 10: error sintáctico: no se esperaba el final del fichero run-parts: /etc/cron.hourly/postsrsd_exclude_domains exited with return code 2 Syntax error: the end of the file was not expected thanks again!
That is a problem with copy & paste, the 'fi' should be on a line by itself, and you might watch for copy & paste errors from the forum to your shell (eg. I have had quotes changed .. but don't know if the same thing happens in gitlab).
Oh, and for what it's worth, I turn off SRS when using rspamd, and enable ARC signing, which helps somewhat (it would help more if more systems checked ARC). I haven't checked the new rspamd 3.0, but in 2.7 SRS and rspamd didn't play nice.
Thank you very much for your help. On my system it seems to be working fine. I have also configured spf, dmarc and dkim for the domain that has the forwarding configured. I have looked up ARC information for rspamd + Ispconfig. But I am not sure how to configure it and if the configuration affects all virtual domains. Nor do I know if I would have to configure dkim for all virtual domains, most of them now I have only put spf. I will investigate it to see if I find any information. Happy weekend!
In ispconfig nightly builds, rspamd should be using arc signing for domains, and does use the same signing keys as dkim, so that must be configured for each.
Piping in late, but I'm also using ARC signing with the DSKIM keys, but, in my case, that was not enough — I had to additionally use postrsrsd to get the whole setup running... Oh, I didn't have a clue on what option meant!! Hopefully, you can review the upcoming, new configurations manual. Mine is still for 3.1, which doesn't mention a thing about the 'copy during delivery' checkbox, much less why it's necessary to get things properly spam-free... (edited: obviously, where I wrote 7.1 I meant ISPConfig 3.1...)
