Hey all, thank you in advance. Ispconfig 3.2.7p1, Debian Bullseye. I have a inbound email thats keeps getting this message, it is from a legitimate source (customer is expecting it) Code: Mar 22 18:00:35 mx1 postfix/smtpd[437461]: connect from ms03.cv-library.co.uk[109.169.5.19] Mar 22 18:00:36 mx1 postfix/smtpd[437461]: 57361580C2F: client=ms03.cv-library.co.uk[109.169.5.19] Mar 22 18:00:36 mx1 postfix/cleanup[437471]: 57361580C2F: message-id=<> Mar 22 18:00:36 mx1 postfix/cleanup[437471]: 57361580C2F: milter-reject: END-OF-MESSAGE from ms03.cv-library.co.uk[109.169.5.19]: 4.7.1 Try again later; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<ms03.cv-library.co.uk> Mar 22 18:00:36 mx1 postfix/smtpd[437461]: disconnect from ms03.cv-library.co.uk[109.169.5.19] ehlo=2 starttls=1 mail=1 rcpt=1 data=0/1 quit=1 commands=6/7 I have others which also fail, but if this leads me to a answer where i need to alter then i hopefully can solve those.. thanks dave
That is a temporary reject from one of your milters, which would be the greylisting function of rspamd on an uncustomized system (ie. if you haven't added any additional milters yourself). You can disable greylisting or configure different thresholds if you don't like the current settings, or either add some rspamd config to reduce the score (dkim/spf/dmarc whitelisting for their domain is a good place to start) or even whitelist the sender if it's a problem with one specific sender.
You really have to look at the messages they send and see what you have to work with. Eg. if they properly DKIM sign all their mail, and/or use SPF, and/or use DMARC, you could add their domain to one or more of the default whitelist files: Code: # grep LOCAL_CONF.*whitelist.inc.local /etc/rspamd/modules.d/whitelist.conf "$LOCAL_CONFDIR/local.d/maps.d/spf_whitelist.inc.local", "$LOCAL_CONFDIR/local.d/maps.d/dkim_whitelist.inc.local", "$LOCAL_CONFDIR/local.d/maps.d/spf_dkim_whitelist.inc.local", "$LOCAL_CONFDIR/local.d/maps.d/dmarc_whitelist.inc.local", Documentation for that is at https://www.rspamd.com/doc/modules/whitelist.html
Thanks Jesse but i cannot look at the message Code: Mar 22 18:00:36 mx1 postfix/cleanup[437471]: 57361580C2F: message-id=<> Mar 22 18:00:36 mx1 postfix/cleanup[437471]: 57361580C2F: milter-reject: END-OF-MESSAGE from ms03.cv-library.co.uk[109.169.5.19]: 4.7.1 Try again later; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<ms03.cv-library.co.uk>] spcifically this bit[code]Try again later; from=<[email protected]> it sends it back to sender, so i cannot receive it
In my configuration page of RSPAMD, when i click Code: Dynamic configuration map it shows Code: [ { "metric": "default", "actions": [ { "name": "reject", "value": 15.0 }, { "name": "rewrite subject", "value": nan }, { "name": "add header", "value": 6.0 }, { "name": "greylist", "value": 4.0 } ], "symbols": [] } ] , but when i click each of the others below they error, like this one.. Code: /var/lib/rspamd/spf_dkim_whitelist.inc.local - Whitelist map for WHITELIST_SPF_DKIM , it shows line no. 1 with nothin inside it, when i click save changes etc it errors Code: error > Save map error: Bad request Request failed
Correct, you would need to either configure enough to allow them to deliver to you or have them send to another address (gmail or whatever) so you can see what headers they add, etc. As for why they are scoring, you can check the rspamd.log file for the message delivery attempt and it will list the symbols which matched and their scores; that can give you a pretty good indication of what to look at first. As for the the .local whitelist files (/var/lib/rspamd/spf_dkim_whitelist.inc.local, etc.), they don't exist by default, just edit them as root and add the domain there (further config options are in the documentation, but just listing the domain usually suffices). Eg. 'vi /var/lib/rspamd/spf_dkim_whitelist.inc.local' (use your favorite editor), or even just 'echo somedomain.com >> /var/lib/rspamd/spf_dkim_whitelist.inc.local'.
Thank you Jesse, I created them, but couldnt edit in rspamd webpage, so i had to Code: chown _rspamd:rspamd *.local All other files in that location are owned by Code: _rspamd Then it worked.. another question.. If we have in ispconfig > email > email whitelist and rspamd interface.. do both do different things? why would i need to add it to email whitelist if i can by pass and do it in rspamd? or do they work differently and are different levels of spam fighting? whats the difference or what is recommended action for allowing domain email in... thanks in advance.. dave
That whitelist in ISPConfig will create custom settings currently, eg. Code: # cat /etc/rspamd/local.d/users/global_wblist_11.conf global_wblist-11 { priority = 30; rcpt = "[email protected]"; want_spam = yes; apply { actions { reject = null; "add header" = null; greylist = null; "rewrite subject" = null; } } } Note that will change in the future to a whitelist in the multimap module which adjusts the score, rather than disable all further rspamd processing (which is what want_spam=yes does). I'm not familiar with the rspamd web interface.
No, I just explained what that whitelist is doing; I really don't know what the rspamd interface does if you change things there, so can't really say one is better than the other.
