Hey there I have set up a corresponding environment according to this tut, but am having problems with spam detection and rspamd. I still receive many spam mails that rspamd scores 7.10 points when uploaded via “Scan/Learn” in the web gui and specifies "rewrite subject" as the action, but which still end up in the mailbox and only receive a score of 1.10 points according to the header: rspamd: Code: HFILTER_HOSTNAME_UNKNOWN (7) ARC_ALLOW (-1) [xyz.de:s=default:i=1] CTYPE_MIXED_BOGUS (1) R_DKIM_ALLOW (-0.2) [ilmversity.net:s=wm5ug4p4eyiimepuq5bohs7fephwkryu,amazonses.com:s=uku4taia5b5tsbglxyj6zym32efj7xqv] MIME_HTML_ONLY (0.2) MIME_GOOD (-0.1) [multipart/mixed] MIME_BASE64_TEXT (0.1) RCVD_NO_TLS_LAST (0.1) MX_GOOD (-0.01) [] XM_UA_NO_VERSION (0.01) R_DUMMY (0) FROM_HAS_DN (0) FROM_NEQ_ENVFROM (0) [[email protected],0102019229656b80-1195f309-ad08-48bb-8043-59722eab6e4e-000000@eu-west-1.amazonses.com] RCVD_COUNT_TWO (0) [2] TO_DN_NONE (0) PREVIOUSLY_DELIVERED (0) [[email protected]] DMARC_NA (0) [ilmversity.net] RCPT_COUNT_ONE (0) [1] MIME_TRACE (0) [0:+,1:~] ARC_SIGNED (0) [xyz.de:s=default:i=2] DKIM_TRACE (0) [ilmversity.net:+,amazonses.com:+] Mail-Header: Code: X-Spam-Status: No, score=1.10 X-Spamd-Bar: + X-Spam-Level: * Does anyone know this behavior? Or does anyone have any ideas as to what the problem might be and where I could look? If needed: Code: ##### SERVER ##### IP-address (as per hostname): ***.***.***.*** [WARN] could not determine server's ip address by ifconfig [INFO] OS version is Debian GNU/Linux 12 (bookworm) [INFO] uptime: 14:19:54 up 7 days, 18:27, 1 user, load average: 0.00, 0.00, 0.00 [INFO] memory: total used free shared buff/cache available Mem: 3.7Gi 2.4Gi 208Mi 43Mi 1.4Gi 1.3Gi Swap: 0B 0B 0B [INFO] systemd failed services status: UNIT LOAD ACTIVE SUB DESCRIPTION 0 loaded units listed. [INFO] ISPConfig is installed. ##### ISPCONFIG ##### ISPConfig version is 3.2.12p1 ##### VERSION CHECK ##### [INFO] php (cli) version is 8.2.20 [INFO] php-cgi (used for cgi php in default vhost!) is version 8.2.20 ##### PORT CHECK ##### [WARN] Port 8080 (ISPConfig) seems NOT to be listening ##### MAIL SERVER CHECK ##### [WARN] I found no "smtps" entry in your postfix master.cf [INFO] this is not critical, but if you want to offer SSL for smtp (not TLS) connections you have to enable this. ##### RUNNING SERVER PROCESSES ##### [INFO] I found the following web server(s): Apache 2 (PID 1301) [INFO] I found the following mail server(s): Postfix (PID 1782) [INFO] I found the following pop3 server(s): Dovecot (PID 944) [INFO] I found the following imap server(s): Dovecot (PID 944) [INFO] I found the following ftp server(s): PureFTP (PID 1314) ##### LISTENING PORTS ##### (only () Local (Address) [anywhere]:3306 (1102/mariadbd) [localhost]:11334 (4300/rspamd:) [localhost]:11332 (4300/rspamd:) [localhost]:11333 (4300/rspamd:) [localhost]:10023 (966/postgrey) [anywhere]:465 (1782/master) [anywhere]:143 (944/dovecot) [localhost]:53 (1044/unbound) [localhost]:6379 (969/redis-server) [anywhere]:4190 (944/dovecot) [anywhere]:110 (944/dovecot) [anywhere]:25 (1782/master) [anywhere]:21 (1314/pure-ftpd) [anywhere]:22 (1019/sshd:) [anywhere]:12345 (944/dovecot) [anywhere]:993 (944/dovecot) [anywhere]:995 (944/dovecot) [localhost]:11211 (953/memcached) [anywhere]:587 (1782/master) *:*:*:*::*:3306 (1102/mariadbd) *:*:*:*::*:6379 (969/redis-server) *:*:*:*::*:53 (1044/unbound) *:*:*:*::*:8081 (1301/apache2) *:*:*:*::*:465 (1782/master) *:*:*:*::*:443 (1301/apache2) [localhost]43 (944/dovecot) *:*:*:*::*:4190 (944/dovecot) *:*:*:*::*:80 (1301/apache2) [localhost]10 (944/dovecot) *:*:*:*::*:25 (1782/master) *:*:*:*::*:21 (1314/pure-ftpd) *:*:*:*::*:22 (1019/sshd:) [localhost]2345 (944/dovecot) *:*:*:*::*:11334 (4300/rspamd:) *:*:*:*::*:11333 (4300/rspamd:) *:*:*:*::*:11332 (4300/rspamd:) *:*:*:*::*:993 (944/dovecot) *:*:*:*::*:995 (944/dovecot) *:*:*:*::*:10023 (966/postgrey) *:*:*:*::*:587 (1782/master) ##### IPTABLES ##### Chain INPUT (policy DROP) target prot opt source destination f2b-dovecot 6 -- [anywhere]/0 [anywhere]/0 multiport dports 110,995,143,993,587,465,4190 f2b-postfix 6 -- [anywhere]/0 [anywhere]/0 multiport dports 80,443,25,587,110,995,143,993,4190 f2b-postfix 6 -- [anywhere]/0 [anywhere]/0 multiport dports 25,465,587 f2b-postfix-sasl 6 -- [anywhere]/0 [anywhere]/0 multiport dports 25 f2b-sshd 6 -- [anywhere]/0 [anywhere]/0 multiport dports 22 ufw-before-logging-input 0 -- [anywhere]/0 [anywhere]/0 ufw-before-input 0 -- [anywhere]/0 [anywhere]/0 ufw-after-input 0 -- [anywhere]/0 [anywhere]/0 ufw-after-logging-input 0 -- [anywhere]/0 [anywhere]/0 ufw-reject-input 0 -- [anywhere]/0 [anywhere]/0 ufw-track-input 0 -- [anywhere]/0 [anywhere]/0 Chain FORWARD (policy DROP) target prot opt source destination ufw-before-logging-forward 0 -- [anywhere]/0 [anywhere]/0 ufw-before-forward 0 -- [anywhere]/0 [anywhere]/0 ufw-after-forward 0 -- [anywhere]/0 [anywhere]/0 ufw-after-logging-forward 0 -- [anywhere]/0 [anywhere]/0 ufw-reject-forward 0 -- [anywhere]/0 [anywhere]/0 ufw-track-forward 0 -- [anywhere]/0 [anywhere]/0 Chain OUTPUT (policy ACCEPT) target prot opt source destination ufw-before-logging-output 0 -- [anywhere]/0 [anywhere]/0 ufw-before-output 0 -- [anywhere]/0 [anywhere]/0 ufw-after-output 0 -- [anywhere]/0 [anywhere]/0 ufw-after-logging-output 0 -- [anywhere]/0 [anywhere]/0 ufw-reject-output 0 -- [anywhere]/0 [anywhere]/0 ufw-track-output 0 -- [anywhere]/0 [anywhere]/0 Chain f2b-dovecot (1 references) target prot opt source destination RETURN 0 -- [anywhere]/0 [anywhere]/0 Chain f2b-postfix (2 references) target prot opt source destination RETURN 0 -- [anywhere]/0 [anywhere]/0 Chain f2b-postfix-sasl (1 references) target prot opt source destination RETURN 0 -- [anywhere]/0 [anywhere]/0 Chain f2b-sshd (1 references) target prot opt source destination REJECT 0 -- ***.***.***.*** [anywhere]/0 reject-with icmp-port-unreachable REJECT 0 -- ***.***.***.*** [anywhere]/0 reject-with icmp-port-unreachable REJECT 0 -- ***.***.***.*** [anywhere]/0 reject-with icmp-port-unreachable REJECT 0 -- ***.***.***.*** [anywhere]/0 reject-with icmp-port-unreachable RETURN 0 -- [anywhere]/0 [anywhere]/0 Chain ufw-after-forward (1 references) target prot opt source destination Chain ufw-after-input (1 references) target prot opt source destination ufw-skip-to-policy-input 17 -- [anywhere]/0 [anywhere]/0 udp dpt:137 ufw-skip-to-policy-input 17 -- [anywhere]/0 [anywhere]/0 udp dpt:138 ufw-skip-to-policy-input 6 -- [anywhere]/0 [anywhere]/0 tcp dpt:139 ufw-skip-to-policy-input 6 -- [anywhere]/0 [anywhere]/0 tcp dpt:445 ufw-skip-to-policy-input 17 -- [anywhere]/0 [anywhere]/0 udp dpt:67 ufw-skip-to-policy-input 17 -- [anywhere]/0 [anywhere]/0 udp dpt:68 ufw-skip-to-policy-input 0 -- [anywhere]/0 [anywhere]/0 ADDRTYPE match dst-type BROADCAST Chain ufw-after-logging-forward (1 references) target prot opt source destination LOG 0 -- [anywhere]/0 [anywhere]/0 limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW BLOCK] " Chain ufw-after-logging-input (1 references) target prot opt source destination LOG 0 -- [anywhere]/0 [anywhere]/0 limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW BLOCK] " Chain ufw-after-logging-output (1 references) target prot opt source destination Chain ufw-after-output (1 references) target prot opt source destination Chain ufw-before-forward (1 references) target prot opt source destination ACCEPT 0 -- [anywhere]/0 [anywhere]/0 ctstate RELATED,ESTABLISHED ACCEPT 1 -- [anywhere]/0 [anywhere]/0 icmptype 3 ACCEPT 1 -- [anywhere]/0 [anywhere]/0 icmptype 11 ACCEPT 1 -- [anywhere]/0 [anywhere]/0 icmptype 12 ACCEPT 1 -- [anywhere]/0 [anywhere]/0 icmptype 8 ufw-user-forward 0 -- [anywhere]/0 [anywhere]/0 Chain ufw-before-input (1 references) target prot opt source destination ACCEPT 0 -- [anywhere]/0 [anywhere]/0 ACCEPT 0 -- [anywhere]/0 [anywhere]/0 ctstate RELATED,ESTABLISHED ufw-logging-deny 0 -- [anywhere]/0 [anywhere]/0 ctstate INVALID DROP 0 -- [anywhere]/0 [anywhere]/0 ctstate INVALID ACCEPT 1 -- [anywhere]/0 [anywhere]/0 icmptype 3 ACCEPT 1 -- [anywhere]/0 [anywhere]/0 icmptype 11 ACCEPT 1 -- [anywhere]/0 [anywhere]/0 icmptype 12 ACCEPT 1 -- [anywhere]/0 [anywhere]/0 icmptype 8 ACCEPT 17 -- [anywhere]/0 [anywhere]/0 udp spt:67 dpt:68 ufw-not-local 0 -- [anywhere]/0 [anywhere]/0 ACCEPT 17 -- [anywhere]/0 ***.***.***.*** udp dpt:5353 ACCEPT 17 -- [anywhere]/0 ***.***.***.*** udp dpt:1900 ufw-user-input 0 -- [anywhere]/0 [anywhere]/0 Chain ufw-before-logging-forward (1 references) target prot opt source destination Chain ufw-before-logging-input (1 references) target prot opt source destination Chain ufw-before-logging-output (1 references) target prot opt source destination Chain ufw-before-output (1 references) target prot opt source destination ACCEPT 0 -- [anywhere]/0 [anywhere]/0 ACCEPT 0 -- [anywhere]/0 [anywhere]/0 ctstate RELATED,ESTABLISHED ufw-user-output 0 -- [anywhere]/0 [anywhere]/0 Chain ufw-logging-allow (0 references) target prot opt source destination LOG 0 -- [anywhere]/0 [anywhere]/0 limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW ALLOW] " Chain ufw-logging-deny (2 references) target prot opt source destination RETURN 0 -- [anywhere]/0 [anywhere]/0 ctstate INVALID limit: avg 3/min burst 10 LOG 0 -- [anywhere]/0 [anywhere]/0 limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW BLOCK] " Chain ufw-not-local (1 references) target prot opt source destination RETURN 0 -- [anywhere]/0 [anywhere]/0 ADDRTYPE match dst-type LOCAL RETURN 0 -- [anywhere]/0 [anywhere]/0 ADDRTYPE match dst-type MULTICAST RETURN 0 -- [anywhere]/0 [anywhere]/0 ADDRTYPE match dst-type BROADCAST ufw-logging-deny 0 -- [anywhere]/0 [anywhere]/0 limit: avg 3/min burst 10 DROP 0 -- [anywhere]/0 [anywhere]/0 Chain ufw-reject-forward (1 references) target prot opt source destination Chain ufw-reject-input (1 references) target prot opt source destination Chain ufw-reject-output (1 references) target prot opt source destination Chain ufw-skip-to-policy-forward (0 references) target prot opt source destination DROP 0 -- [anywhere]/0 [anywhere]/0 Chain ufw-skip-to-policy-input (7 references) target prot opt source destination DROP 0 -- [anywhere]/0 [anywhere]/0 Chain ufw-skip-to-policy-output (0 references) target prot opt source destination ACCEPT 0 -- [anywhere]/0 [anywhere]/0 Chain ufw-track-forward (1 references) target prot opt source destination Chain ufw-track-input (1 references) target prot opt source destination Chain ufw-track-output (1 references) target prot opt source destination ACCEPT 6 -- [anywhere]/0 [anywhere]/0 ctstate NEW ACCEPT 17 -- [anywhere]/0 [anywhere]/0 ctstate NEW Chain ufw-user-forward (1 references) target prot opt source destination Chain ufw-user-input (1 references) target prot opt source destination ACCEPT 6 -- [anywhere]/0 [anywhere]/0 tcp dpt:22 ACCEPT 6 -- [anywhere]/0 [anywhere]/0 tcp dpt:25 ACCEPT 6 -- [anywhere]/0 [anywhere]/0 tcp dpt:80 ACCEPT 6 -- [anywhere]/0 [anywhere]/0 tcp dpt:110 ACCEPT 6 -- [anywhere]/0 [anywhere]/0 tcp dpt:143 ACCEPT 6 -- [anywhere]/0 [anywhere]/0 tcp dpt:443 ACCEPT 6 -- ***.***.***.***/16 [anywhere]/0 tcp dpt:3306 ACCEPT 6 -- [anywhere]/0 [anywhere]/0 tcp dpt:465 ACCEPT 6 -- [anywhere]/0 [anywhere]/0 tcp dpt:587 ACCEPT 6 -- [anywhere]/0 [anywhere]/0 tcp dpt:993 ACCEPT 6 -- [anywhere]/0 [anywhere]/0 tcp dpt:995 ACCEPT 6 -- ***.***.***.***/16 [anywhere]/0 tcp dpt:12345 Chain ufw-user-limit (0 references) target prot opt source destination LOG 0 -- [anywhere]/0 [anywhere]/0 limit: avg 3/min burst 5 LOG flags 0 level 4 prefix "[UFW LIMIT BLOCK] " REJECT 0 -- [anywhere]/0 [anywhere]/0 reject-with icmp-port-unreachable Chain ufw-user-limit-accept (0 references) target prot opt source destination ACCEPT 0 -- [anywhere]/0 [anywhere]/0 Chain ufw-user-logging-forward (0 references) target prot opt source destination Chain ufw-user-logging-input (0 references) target prot opt source destination Chain ufw-user-logging-output (0 references) target prot opt source destination Chain ufw-user-output (1 references) target prot opt source destination ##### LET'S ENCRYPT ##### acme.sh is installed in /root/.acme.sh/acme.sh Cheers, Chris
P.S.: wasn't allowed to post a link I followed the tut called "ISPConfig Perfect Multiserver setup on Ubuntu 20.04 and Debian 10"
But you have Debian 12 on that host? Why not use https://www.howtoforge.com/perfect-server-debian-12-buster-apache-bind-dovecot-ispconfig-3-2/ which is meant for Debian 12. You can find the available tutorials on https://www.ispconfig.org/documentation/. Easiest way to install ISPConfig is using the auto installer: https://www.howtoforge.com/ispconfig-autoinstall-debian-ubuntu/. To solve the problem with rspamd, you should read mail log and rspamd log. There should be info on what is happening with the e-mail and why it is scored the way it is.
I would say the guide he used is fine. The tutorial "ISPConfig Perfect Multiserver setup on Ubuntu 20.04 and Debian 10" is the latest multiserver guide and it uses the Auto-installer, so you can use it also on Ubuntu 24.04 and Debian 12.
The problem is that you scanned the mailheader in the rspamd webinterface which does not simulate the whole process of the original message receiving. See the mail you check got the Symbol "HFILTER_HOSTNAME_UNKNOWN" which adds a score of 7 to the mail. But this symbol only got applied because you scanned the message in the webinterface. The hostname is most likly completly valid in the original SMTP transaction thus the original scoring of 1.10 seems fine.
