I noticed today, that informational messages from my FritzBox still arive in my INBOX, but messages with call-recordings get rejected. I have done some research, but can't find anything in the config, that might be responsible for this behavior....so, maybe anybody can give me a hint? Ubuntu 20.04.4, latest ISPConfig Code: MAIL.LOG May 3 09:05:17 cloud postfix/smtps/smtpd[251895]: 4EE2C6362442: client=unknown[194.163.57.72], sasl_method=LOGIN, [email protected] May 3 09:05:17 cloud postfix/cleanup[273358]: 4EE2C6362442: message-id=<[email protected]> May 3 09:05:18 cloud postfix/cleanup[273358]: 4EE2C6362442: milter-reject: END-OF-MESSAGE from unknown[194.163.57.72]: 5.7.1 Spam message rejected; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<fritzbox> May 3 09:05:18 cloud postfix/smtps/smtpd[251895]: disconnect from unknown[194.163.57.72] ehlo=1 auth=1 mail=1 rcpt=1 data=0/1 quit=1 commands=5/6 May 3 09:14:43 cloud postfix/smtps/smtpd[275082]: 39FEA6360290: client=unknown[194.163.57.72], sasl_method=LOGIN, [email protected] May 3 09:14:43 cloud postfix/cleanup[275089]: 39FEA6360290: message-id=<[email protected]> May 3 09:14:43 cloud postfix/qmgr[2434]: 39FEA6360290: from=<[email protected]>, size=9578, nrcpt=1 (queue active) May 3 09:14:43 cloud postfix/smtps/smtpd[275082]: disconnect from unknown[194.163.57.72] ehlo=1 auth=1 mail=1 rcpt=1 data=1 quit=1 commands=6 May 3 09:14:43 cloud dovecot: lmtp(275091): Connect from local May 3 09:14:43 cloud dovecot: lmtp([email protected])<275091><0PKBMmPWcGKTMgQAUn83YA>: sieve: msgid=<[email protected]>: stored mail into mailbox 'INBOX' May 3 09:14:43 cloud postfix/lmtp[275090]: 39FEA6360290: to=<[email protected]>, relay=mail.server.de[private/dovecot-lmtp], delay=0.65, delays=0.62/0.01/0.01/0.01, dsn=2.0.0, status=sent (250 2.0.0 <[email protected]> 0PKBMmPWcGKTMgQAUn83YA Saved) May 3 09:14:43 cloud dovecot: lmtp(275091): Disconnect from local: Client has quit the connection (state=READY) May 3 09:14:43 cloud postfix/qmgr[2434]: 39FEA6360290: removed May 3 09:38:18 cloud postfix/smtps/smtpd[280836]: 019336362331: client=unknown[194.163.57.72], sasl_method=LOGIN, [email protected] May 3 09:38:18 cloud postfix/cleanup[280839]: 019336362331: message-id=<[email protected]> May 3 09:38:18 cloud postfix/cleanup[280839]: 019336362331: milter-reject: END-OF-MESSAGE from unknown[194.163.57.72]: 5.7.1 Spam message rejected; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<fritzbox> May 3 09:38:18 cloud postfix/smtps/smtpd[280836]: disconnect from unknown[194.163.57.72] ehlo=1 auth=1 mail=1 rcpt=1 data=0/1 quit=1 commands=5/6 --- May 3 09:46:14 cloud postfix/submission/smtpd[283381]: CC3506362331: client=unknown[194.163.57.72], sasl_method=LOGIN, [email protected] May 3 09:46:14 cloud postfix/cleanup[283390]: CC3506362331: message-id=<[email protected]> May 3 09:46:15 cloud postfix/cleanup[283390]: CC3506362331: milter-reject: END-OF-MESSAGE from unknown[194.163.57.72]: 5.7.1 Spam message rejected; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<fritzbox> May 3 09:46:15 cloud postfix/submission/smtpd[283381]: disconnect from unknown[194.163.57.72] ehlo=2 starttls=1 auth=1 mail=1 rcpt=1 data=0/1 quit=1 commands=7/8 Code: RSPAMD ID IP address [Envelope From] From [Envelope To] To/Cc/Bcc Subject Action Score Msg size Scan time Time Authenticated user [email protected] 194.163.57.72 [email protected] [email protected] Nachricht von Max Mustermann (0123456789) reject 10.20 / 6 74.5k 0.546 3.5.2022, 09:46:14 [email protected] BAYES_SPAM (5.097619) [99.99%] MIME_BAD_ATTACHMENT (1.6) [wav:audio/x-wav] SUBJ_EXCESS_BASE64 (1.5) FROM_EXCESS_BASE64 (1.5) MV_CASE (0.5) MIME_GOOD (-0.1) [multipart/mixed,multipart/alternative,text/plain] MIME_UNKNOWN (0.1) [audio/x-wav] TO_MATCH_ENVRCPT_ALL (0) RCPT_COUNT_ONE (0) [1] DKIM_SIGNED (0) [mailadresse.de:s=default] HAS_ATTACHMENT (0) FROM_HAS_DN (0) TO_DN_NONE (0) RCVD_COUNT_ZERO (0) [0] FROM_EQ_ENVFROM (0) ASN (0) [asn:197637, ipnet:194.163.48.0/20, country:DE] TO_EQ_FROM (0) ARC_NA (0) MIME_TRACE (0) [0:+,1:+,2:+,3:~,4:~] Code: MAIN.CF # See /usr/share/postfix/main.cf.dist for a commented, more complete version # Debian specific: Specifying a file name will cause the first # line of that file to be used as the name. The Debian default # is /etc/mailname. #myorigin = /etc/mailname smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu) biff = no # appending .domain is the MUA's job. append_dot_mydomain = no # prevend bounces from older servers, modern standard would be yes smtputf8_enable = no # activate and set personal bounce-messages (german) bounce_template_file = /etc/postfix/bounce.cf delay_warning_time = 1h bounce_queue_lifetime = 3d maximal_queue_lifetime = 3d disable_vrfy_command = yes strict_rfc821_envelopes = yes readme_directory = /usr/share/doc/postfix # See http://www.postfix.org/COMPATIBILITY_README.html -- default to 2 on # fresh installs. compatibility_level = 2 # TLS parameters smtpd_tls_cert_file = /etc/postfix/smtpd.cert smtpd_tls_key_file = /etc/postfix/smtpd.key smtpd_tls_security_level = may smtp_tls_CApath=/etc/ssl/certs smtp_tls_security_level = dane smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination myhostname = mail.server.de alias_maps = hash:/etc/aliases, hash:/var/lib/mailman/data/aliases alias_database = hash:/etc/aliases, hash:/var/lib/mailman/data/aliases myorigin = /etc/mailname mydestination = mail.server.de, localhost, localhost.localdomain relayhost = mynetworks = 127.0.0.0/8 [::1]/128 mailbox_size_limit = 10485760000 recipient_delimiter = + inet_interfaces = all inet_protocols = all html_directory = /usr/share/doc/postfix/html virtual_alias_domains = proxy:mysql:/etc/postfix/mysql-virtual_alias_domains.cf virtual_alias_maps = hash:/var/lib/mailman/data/virtual-mailman, proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf, proxy:mysql:/etc/postfix/mysql-virtual_alias_maps.cf, proxy:mysql:/etc/postfix/mysql-virtual_email2email.cf virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains.cf virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf virtual_mailbox_base = /var/vmail virtual_uid_maps = proxy:mysql:/etc/postfix/mysql-virtual_uids.cf virtual_gid_maps = proxy:mysql:/etc/postfix/mysql-virtual_gids.cf sender_bcc_maps = proxy:mysql:/etc/postfix/mysql-virtual_outgoing_bcc.cf smtpd_sasl_auth_enable = yes broken_sasl_auth_clients = yes smtpd_sasl_authenticated_header = yes smtpd_restriction_classes = greylisting greylisting = check_policy_service inet:127.0.0.1:10023 smtpd_recipient_restrictions = permit_mynetworks, reject_unknown_recipient_domain, reject_unlisted_recipient, permit_sasl_authenticated, reject_non_fqdn_recipient, reject_unauth_destination, check_recipient_access proxy:mysql:/etc/postfix/mysql-virtual_recipient.cf, check_recipient_access mysql:/etc/postfix/mysql-virtual_policy_greylist.cf, check_policy_service unix:private/quota-status smtpd_use_tls = yes transport_maps = hash:/var/lib/mailman/data/transport-mailman, proxy:mysql:/etc/postfix/mysql-virtual_transports.cf relay_domains = proxy:mysql:/etc/postfix/mysql-virtual_relaydomains.cf relay_recipient_maps = proxy:mysql:/etc/postfix/mysql-virtual_relayrecipientmaps.cf smtpd_sender_login_maps = proxy:mysql:/etc/postfix/mysql-virtual_sender_login_maps.cf proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $sender_bcc_maps $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $smtpd_sender_login_maps $virtual_uid_maps $virtual_gid_maps $smtpd_client_restrictions $smtpd_sender_restrictions $smtpd_recipient_restrictions $smtp_sasl_password_maps $sender_dependent_relayhost_maps smtpd_helo_required = yes smtpd_helo_restrictions = permit_mynetworks, check_helo_access regexp:/etc/postfix/helo_access, permit_sasl_authenticated, reject_invalid_helo_hostname, reject_non_fqdn_helo_hostname, check_helo_access regexp:/etc/postfix/blacklist_helo, reject_unknown_helo_hostname, permit smtpd_sender_restrictions = check_sender_access proxy:mysql:/etc/postfix/mysql-virtual_sender.cf, permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_sender, reject_unlisted_sender smtpd_client_restrictions = check_client_access proxy:mysql:/etc/postfix/mysql-virtual_client.cf, permit_inet_interfaces, permit_mynetworks, permit_sasl_authenticated, reject_rbl_client zen.spamhaus.org, reject_rbl_client ix.dnsbl.manitu.net, reject_rbl_client combined.njabl.org, reject_unauth_pipelining, permit smtpd_etrn_restrictions = permit_mynetworks, reject smtpd_data_restrictions = permit_mynetworks, reject_unauth_pipelining, reject_multi_recipient_bounce, permit smtpd_client_message_rate_limit = 100 maildrop_destination_concurrency_limit = 1 maildrop_destination_recipient_limit = 1 virtual_transport = lmtp:unix:private/dovecot-lmtp header_checks = regexp:/etc/postfix/header_checks mime_header_checks = regexp:/etc/postfix/mime_header_checks nested_header_checks = regexp:/etc/postfix/nested_header_checks body_checks = regexp:/etc/postfix/body_checks owner_request_special = no smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3 smtpd_tls_protocols = !SSLv2,!SSLv3 smtp_tls_protocols = !SSLv2,!SSLv3 smtpd_tls_exclude_ciphers = RC4, aNULL smtp_tls_exclude_ciphers = RC4, aNULL smtpd_tls_mandatory_ciphers = medium tls_medium_cipherlist = ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA tls_preempt_cipherlist = yes address_verify_negative_refresh_time = 60s enable_original_recipient = no smtpd_forbidden_commands = CONNECT,GET,POST,USER,PASS address_verify_sender_ttl = 15686s smtp_dns_support_level = dnssec dovecot_destination_recipient_limit = 1 smtpd_sasl_type = dovecot smtpd_sasl_path = private/auth message_size_limit = 104857600 smtpd_reject_unlisted_sender = no sender_dependent_relayhost_maps = proxy:mysql:/etc/postfix/mysql-virtual_sender-relayhost.cf smtp_sasl_password_maps = proxy:mysql:/etc/postfix/mysql-virtual_sender-relayauth.cf, texthash:/etc/postfix/sasl_passwd smtp_sender_dependent_authentication = yes smtp_sasl_auth_enable = yes smtp_sasl_security_options = noanonymous, noplaintext smtp_sasl_tls_security_options = noanonymous smtpd_milters = inet:localhost:11332 non_smtpd_milters = inet:localhost:11332 milter_protocol = 6 milter_mail_macros = i {mail_addr} {client_addr} {client_name} {auth_authen} milter_default_action = accept in_flow_delay = ${stress?{3}:{1}}s smtp_connect_timeout = ${stress?{10}:{30}}s smtp_helo_timeout = ${stress?{10}:{60}}s smtp_mail_timeout = ${stress?{10}:{60}}s smtpd_error_sleep_time = ${stress?{1}:{2}}s smtpd_hard_error_limit = ${stress?{1}:{10}} smtpd_recipient_overshoot_limit = ${stress?{60}:{600}} smtpd_soft_error_limit = ${stress?{2}:{5}} smtpd_timeout = ${stress?{10}:{60}}s authorized_flush_users = authorized_mailq_users = nagios, icinga
I'd recommend setting up the Fritz!Box so it uses a SMTP account on a valid SMTP server - or have you already done that?
Hi Th0m, thanks for your reply...yes I already did that of course, but somehow I guess, the FritzBox seems to authenticate itself differently when sending an test- or informational-mail and when sending a message with an audio-attachement...
For false positives, look at the rules that match and see what things you can fix, eg. The first one indicates your Bayes database needs trained, and if you fixed that single issue, the message would score well below the spam threshold of 6.
Hi Jesse, thanks, that's my first server running with rspamd...so, where can I train the Bayes database and how should I do that, when the message gets rejected (in rspamd I only find the option to learn the filter by putting in the mail-header, etc.)
Ok, after playing a bit around with the HTML-Interface and it's possibilities, I guess, putting up the score for being able to receive and HAM these mails once in a while is the only way!? However, I changed the given value to reject mails in rspamd from 15 to 25 and did another call to the FritzBox. The message could be delivered and could be learned. After that I changed the value back to 15 (and even put in 10 for rewrite subject...was empty before) and now I can receive these mails again (right now they get a score between 3 and 5). Is this the only way or would there be an easier/safer way to do this?
There are various approaches to training, I collect spam and non-spam messages to have a corpus of actual mail to train the scanner with, using https://github.com/jnorell/train-spam-scanner. You can probably do that safely with your own mail, and can use training by all users based on them placing mail in training folders, but do ensure your laws allow you to moderate/view other users' email if you use that.
