Roundcube - Blacklist / Whitelist (spamfilter_wblist)

Discussion in 'General' started by pyte, Oct 12, 2022.

  1. pyte

    pyte Well-Known Member HowtoForge Supporter

    Hi!
    I've installed roundcube and the ispconfig plugins on my mailservers, everything is working so far. However as i'm trying to setup a usable white/blacklisting functionality for our users, i tried using the "ispconfig3_wblist" Plugin. It seems to work, but there is some internal stuff to ISPConfig again which i can seem to figure out.
    I've logged into roundcube with [email protected] and added a whitelist-rule for "@testing.com", after that i checked the DB Table spamfilter_wblist:

    Code:
    +-----------+------------+-------------+---------------+----------------+----------------+-----------+----+-----+------------------+----------+--------+
    | wblist_id | sys_userid | sys_groupid | sys_perm_user | sys_perm_group | sys_perm_other | server_id | wb | rid | email            | priority | active |
    +-----------+------------+-------------+---------------+----------------+----------------+-----------+----+-----+------------------+----------+--------+
    |         4 |          1 |           1 | riud          | riud           |                |         7 | W  |  11 | [email protected] |        5 | y      |
    |         5 |          1 |           1 | riud          | riud           |                |         7 | W  |   9 | @testing.com     |        5 | y      |
    +-----------+------------+-------------+---------------+----------------+----------------+-----------+----+-----+------------------+----------+--------+
    As expected the rule in question is there. But how does it decide that this rule is only applied to only the mailuser ([email protected]) and not every mailuser of sys_userid "1". Is there another table that plays into this?

    //EDIT: Ahh got it, it is RID with correlates to spamfilter_users;
     
    Last edited: Oct 12, 2022
  2. pyte

    pyte Well-Known Member HowtoForge Supporter

    Is it intentional that if i log into ISPConfig as customer or reseller, i cannot see the Blacklist/Whitelist Settings for my own Maildomains/Mailusers under the E-Mail section? Is this really only editable as admin or while logged into roundcube with that specific mailuser?
     
  3. till

    till Super Moderator Staff Member ISPConfig Developer

    Yes, it is. the reason is that postfix white/blacklists affect all mail domains on your server. Think what would happen if a 'funny' client blacklists gmail.com globally for the whole server. Therefore only the spamfilter white/blacklist is available to the client and reseller (configurable in client limits) as this feature takes the recipient domain in account, means the user would only be able to blacklist gmail for his own domain but not for other users.
     
    Last edited: Oct 12, 2022
  4. till

    till Super Moderator Staff Member ISPConfig Developer

    Ok, just saw that you only refer to spamfilter_wblist, this is available to clients and resellers in ISPConfig GUI, you just have to take care to allow access to it in client and reseller limits. What's not available is the global postfix blacklist, which exists in the email module as well.
     
    pyte likes this.
  5. pyte

    pyte Well-Known Member HowtoForge Supporter

    Sure Postfix Whitelisting and Blacklisting might sound the same but is a totally different functionality :)
    So i just was to stupid to find it! Thank you again for helping me out!
     
  6. pyte

    pyte Well-Known Member HowtoForge Supporter

    Is there a way to set a Whitelist/Blacklist rule for the whole domain?

    Like:
    from = "[email protected]";
    rcpt = "@mydomain.com";

    The webinterface forces me to specify an user and creating it with the "mail_spamfilter_whitelist_add" function and leaving the "rid" empty results in no file created in the /etc/rspam.d/local.d/users/ folder.
     
  7. till

    till Super Moderator Staff Member ISPConfig Developer

    rid is a reference to spamfilter_users table and spamfilter_users can contain either an email address or a domain (activate a spamfilter policy in email domain in ISPConfig GUI and check what gets added to see how it works), so you can apply white/blacklists to a whole domain.
     
    pyte likes this.
  8. pyte

    pyte Well-Known Member HowtoForge Supporter

    As i'm unsure and cannot test this fully right now:
    Code:
    +----+------------+-------------+---------------+----------------+----------------+-----------+----------+-----------+-------------------------+-------------------------+-------+
    | id | sys_userid | sys_groupid | sys_perm_user | sys_perm_group | sys_perm_other | server_id | priority | policy_id | email                   | fullname                | local |
    +----+------------+-------------+---------------+----------------+----------------+-----------+----------+-----------+-------------------------+-------------------------+-------+
    | 16 |          1 |           1 | riud          | riud           |                |         7 |        5 |         0 | @domain.com             | @domain.com             | Y     |
    | 17 |          1 |           1 | riud          | riud           |                |         7 |        5 |         0 | domain.com              | domain.com              | Y     |
    +----+------------+-------------+---------------+----------------+----------------+-----------+----------+-----------+-------------------------+-------------------------+-------+
    
    the spamfilter_wblist_XX.conf contains rcpt="XXXX", unsure if this is using the regex filter or not, as i'm to stupid to find the appropriate config. So does both work with the "@" and without or does it have to be "@domain.tld"?
     
  9. till

    till Super Moderator Staff Member ISPConfig Developer

    It is @domain.com. You can see that by logging into ISPConfig, there you go to an email domain, select a spamfilter policy and press save. Then go to Spamfilter user/domain and check what the GUI inserted as that's what you have to replicate to apply a domain-wide spamfilter user. It is also described in the ISPConfig manual on page 198.
     
    pyte likes this.
  10. pyte

    pyte Well-Known Member HowtoForge Supporter

    I've red the manual and missed that completly... Thank you for clearing this up again.
     
  11. pyte

    pyte Well-Known Member HowtoForge Supporter

    Ok i've figured out some stuff. However i still have an issue with the spamfilter_users.
    When i create them via the API everything works fine, when i create them as admin the sys_userid and sys_groupid is "1", which is OK i guess. But i can't create them as customer, even though the limit for "Max. Anzahl an Spamfilter Benutzern" is -1. There is no Option in the menu regarding the spamfilter users.

    Am i doing something wrong again?
     
  12. till

    till Super Moderator Staff Member ISPConfig Developer

    No, there seems to be an issue in the code. I did a quick look and it seems that the menu file does not obey the limit. But this means on the other hand that the spamfilter user form might also not 'client use safe' yet, so we will have to check that. I'll add an issue for it on our git system.
     
    pyte likes this.
  13. till

    till Super Moderator Staff Member ISPConfig Developer

  14. pyte

    pyte Well-Known Member HowtoForge Supporter

    Thank you for checking and creating the issue! :) I'll work around that for now, i have to import each maildomain so i'll just create an @domain.tld user for each domain that i import and assign it to the correct customer.
     

Share This Page