Confusing rbl usage with rspamd and postfix reject_rbl_client

Discussion in 'ISPConfig 3 Priority Support' started by Taleman, Jul 12, 2022.

  1. Taleman

    Taleman Well-Known Member HowtoForge Supporter

    On ISPConfig 3.2.8p1 on Debian 10 I have RSpamd installed. I see from pflogsum report that postfix directive reject_rbl_client blocks quite a few e-mails:
    blocked using (top 20) (total: 102)
    But RSpamd configuration has modules.d/rbl.conf with enabled. My undestanding is rspamd runs first, then e-mail is delivered to postfix. So how come postfix receives e-mails that are in rbl? Why rspamd let's them arrive instead of rejecting them?
    RSpamd rbl.conf has also another entry for spamhaus, SPAMHAUS_ZEN_URIBL which is not enabled, comment says "Not enabled by default due to privacy concerns!", which I do not understand, but I assume this does not affect the enabled spamhaus entry.
    I can see in rspamd.log zen.spamhaus is mentioned once:
    2022-07-11 15:14:54 #25941(normal) <132cd0>; lua; rbl.lua:242: error looking up server fail
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    In my understanding, Rspamd uses the RBL like other rules to create a spam score for the email while Postfix does a hard reject. So I guess it can be that an email passes Rspamd and then gets hard rejected by Postfix. But @Jesse Norell might be able to give you a deeper insight on this.
  3. Th0m

    Th0m ISPConfig Developer Staff Member ISPConfig Developer

    Email comes in at Postfix, passed to the content filter (in this case rspamd), and then it's passed back to Postfix. So if is in the RBLs for Postfix (configurable through ISPConfig), emails might be blocked before ever reaching rspamd.
  4. Jesse Norell

    Jesse Norell Well-Known Member Staff Member Howtoforge Staff

    The postfix rbl is used in smtpd_client_restrictions, which definitely applies before a content filter like amavis, but I don't know without testing how it would relate to checking a milter CONNECT stage. I would somewhat expect it to reject based on the postfix restriction first, in which case rspamd would never see anything for the connection at all, but that could be wrong. It's also possible that smtpd_delay_reject comes into play there.

Share This Page