Hello I have multiserver setup with Debian Bullseye and ISPConfig 3.2.7p1 I notice that my mail blacklist and whitelist not working. I checked rspamd logs and they are fine. We can see that mail are market by settings_id: ispc_spamfilter_user_182 (mail have spam score > that is needed for spam tag ) or settings_id: spamfilter_wblist-16 (mail in blacklist) we have in all mail (default: F (no action) too. But mails are always delivered to mailbox without any spam tag. Some log from one mail: 2022-06-07 20:14:09 #125698(normal) <c47ad2>; task; rspamd_task_write_log: id: <AM9P189MB16501A77F7E06FC5ED3625DDF3A59@AM9P189MB1650.EURP189.PROD.OUTLOOK.COM>, qid: <EDD0E4401F3>, ip: 209.85.208.XX, from: <[email protected]>, (default: F (no action): [-0.51/0.10] [DMARC_POLICY_ALLOW(-0.50){gmail.com;none;},R_PARTS_DIFFER(0.50){100.0%;},R_DKIM_ALLOW(-0.20){gmail.com:s=20210112;},R_SPF_ALLOW(-0.20){+ip4:2XXXX0/17;},MIME_GOOD(-0.10){multipart/alternative;text/plain;},MX_GOOD(-0.01){},ARC_NA(0.00){},ASN(0.00){asn:15X69, ipnet:20XXX28.0/17, country:US;},DKIM_TRACE(0.00){gmail.com:+;},DWL_DNSWL_NONE(0.00){gmail.com:dkim;},FREEMAIL_ENVFROM(0.00){gmail.com;},FREEMAIL_FROM(0.00){gmail.com;},FROM_EQ_ENVFROM(0.00){},FROM_HAS_DN(0.00){},MIME_TRACE(0.00){0:+;1:+;2:~;},PREVIOUSLY_DELIVERED(0.00){[email protected];},RCPT_COUNT_ONE(0.00){1;},RCVD_COUNT_THREE(0.00){3;},RCVD_IN_DNSWL_NONE(0.00){209.85.208.51:from;},RCVD_TLS_LAST(0.00){},RCVD_VIA_SMTP_AUTH(0.00){},RWL_MAILSPIKE_POSSIBLE(0.00){209.85.208.51:from;},TO_DN_EQ_ADDR_ALL(0.00){},TO_MATCH_ENVRCPT_ALL(0.00){}]), len: 4781, time: 504.942ms, dns req: 24, digest: <3b0ab8254435718cff7e42bda627a927>, rcpts: <[email protected]>, mime_rcpts: <[email protected]>, settings_id: spamfilter_wblist-16 I dont know where to look for :/ Btw: i configured domain and mailboxes for spam filter active. Policies are fine too Any ideas? Best regards Konrad
Sure I make policy for testing Trigger happy with args: Gl=0.50 STl=1 STM=add subject SPAM tag Next i added all domain to trigger happy, and check that us mail has activate rspamd and policy inherit from domain. After that i sended from external mail to us mail with random text like ahsdbkajshdkajshdkasdh Log from rspamd: 2022-06-09 22:21:00 #381792(rspamd_proxy) <60963b>; milter; rspamd_milter_process_command: got connection from 212.77.101.5:39362 2022-06-09 22:21:00 #381794(normal) <435f78>; task; rspamd_worker_body_handler: accepted connection from ::1 port 58520, task ptr: 00007F5FF6FA34A0 2022-06-09 22:21:00 #381794(normal) <435f78>; task; rspamd_message_parse: loaded message; id: <9D9723D2-57DD-484A-86DB-D6A1A9A7C896@wppl>; queue-id: <2698344005F>; size: 3344; checksum: <e14e91c43f37f4f372b536ecefad109a> 2022-06-09 22:21:00 #381794(normal) <435f78>; lua; settings.lua:379: <9D9723D2-57DD-484A-86DB-D6A1A9A7C896@wppl> apply static settings ispc_spamfilter_user_182 (id = 544552810); rcpt matched; priority high 2022-06-09 22:21:00 #381794(normal) <435f78>; task; lua_task_set_settings: disabled action add header due to settings 2022-06-09 22:21:00 #381794(normal) <435f78>; task; lua_task_set_settings: disabled action greylist due to settings 2022-06-09 22:21:00 #381794(normal) <435f78>; task; dkim_module_key_handler: stored DKIM key for 1024a._domainkey.wppl in LRU cache for 3600 seconds, 3/2000 elements in the cache 2022-06-09 22:21:00 #381794(normal) <435f78>; task; rspamd_spf_maybe_return: stored SPF record for wppl (0x830ed053f5a98f1f) in LRU cache for 3600 seconds, 3/2000 elements in the cache 2022-06-09 22:21:00 #381794(normal) <435f78>; bayes; bayes_classify: no tokens found in bayes database (29 total tokens, 1 text tokens), ignore stats 2022-06-09 22:21:00 #381794(normal) <435f78>; lua; greylist.lua:331: Score too low - skip greylisting 2022-06-09 22:21:00 #381794(normal) <435f78>; task; rspamd_task_write_log: id: <9D9723D2-57DD-484A-86DB-D6A1A9A7C896@wppl>, qid: <2698344005F>, ip: 212.77.101.5, from: <XXXXXXX@wppl>, (default: F (no action): [-0.51/1.00] [DMARC_POLICY_ALLOW(-0.50){wppl;none;},R_PARTS_DIFFER(0.50){100.0%;},R_DKIM_ALLOW(-0.20){wppl:s=1024a;},R_SPF_ALLOW(-0.20){+ip4:212.77.96.0/19;},MIME_GOOD(-0.10){multipart/alternative;text/plain;},MX_GOOD(-0.01){},ARC_NA(0.00){},ASN(0.00){asn:12827, ipnet:212.77.101.0/24, countryL;},DKIM_TRACE(0.00){wppl:+;},DWL_DNSWL_NONE(0.00){wp.pl:dkim;},FREEMAIL_ENVFROM(0.00){wp.pl;},FREEMAIL_FROM(0.00){wp.pl;},FROM_EQ_ENVFROM(0.00){},FROM_HAS_DN(0.00){},MID_RHS_MATCH_FROM(0.00){},MIME_TRACE(0.00){0:+;1:+;2:~;},PREVIOUSLY_DELIVERED(0.00){biuro@XXXXXXX;},RCPT_COUNT_ONE(0.00){1;},RCVD_COUNT_TWO(0.00){2;},RCVD_IN_DNSWL_NONE(0.00){212.77.101.5:from;},RCVD_TLS_LAST(0.00){},RWL_MAILSPIKE_GOOD(0.00){212.77.101.5:from;},TO_DN_NONE(0.00){},TO_MATCH_ENVRCPT_ALL(0.00){}]), len: 3344, time: 698.412ms, dns req: 32, digest: <e14e91c43f37f4f372b536ecefad109a>, rcpts: <biuro@XXXXXXX>, mime_rcpts: <biuro@XXXXXXX>, settings_id: ispc_spamfilter_user_182 2022-06-09 22:21:00 #381794(normal) <435f78>; task; rspamd_protocol_http_reply: regexp statistics: 0 pcre regexps scanned, 2 regexps matched, 172 regexps total, 68 regexps cached, 0B scanned using pcre, 2.90KiB scanned total And cutted mail source: Subject: Alksjjkshfkdlfhgldkjsfghlksdfhgkljdsfhgkldshfglkjdsfhgk .. Message-ID: <9D9723D2-57DD-484A-86DB-D6A1A9A7C896@wppl> Thread-Topic: Alksjjkshfkdlfhgldkjsfghlksdfhgkljdsfhgkldshfglkjdsfhgk Mime-version: 1.0 Content-type: multipart/alternative; boundary="B_3737658058_3099823205" X-WP-MailID: 8a4fc7e7213da967684480ad2b262d50 X-WP-AV: skaner antywirusowy Poczty Wirtualnej Polski X-WP-SPAM: NO 0M00003 [oaAA] X-Spam-Status: No, score=-0.51 Authentication-Results: mail01.XXX.XXX; dkim=pass header.d=wppl header.s=1024a header.b=ymm0PyLc; spf=pass (mail01.XXX.XXX: domain of XXXXXX@wppl designates 212.77.101.5 as permitted sender) smtp.mailfrom=XXXXXX@wppl; dmarc=pass (policy=none) header.from=wppl X-Spamd-Bar: / I see that we have -0,51 score but i have the same with blacklist mails.. rspamd for blacklisted mail: 2022-06-09 22:41:32 #383369(rspamd_proxy) <7973b0>; proxy; proxy_accept_socket: accepted milter connection from ::1 port 57038 2022-06-09 22:41:32 #383369(rspamd_proxy) <7973b0>; milter; rspamd_milter_process_command: got connection from 212.77.101.5:24508 2022-06-09 22:41:32 #383371(normal) <9fb5e4>; task; rspamd_worker_body_handler: accepted connection from 127.0.0.1 port 41058, task ptr: 00007F5FF3D994A0 2022-06-09 22:41:32 #383371(normal) <9fb5e4>; task; rspamd_message_parse: loaded message; id: <16A69383-CBAF-4CFB-AE17-71FE91DA9619@wppl>; queue-id: <30C5C44005F>; size: 3254; checksum: <1a58cce4413e740e2bc61c819be9b5b1> 2022-06-09 22:41:32 #383371(normal) <9fb5e4>; lua; settings.lua:379: <16A69383-CBAF-4CFB-AE17-71FE91DA9619@wppl> apply static settings spamfilter_wblist-18 (id = 2184761346); from,rcpt matched; priority high 2022-06-09 22:41:32 #383371(normal) <9fb5e4>; task; dkim_module_key_handler: stored DKIM key for 1024a._domainkey.wppl in LRU cache for 2368 seconds, 1/2000 elements in the cache 2022-06-09 22:41:32 #383371(normal) <9fb5e4>; spf; spf_record_dns_callback: spf error for domain wppl: cannot find MX record for wp.l: requested record is not found 2022-06-09 22:41:32 #383371(normal) <9fb5e4>; task; rspamd_spf_maybe_return: stored SPF record for wppl (0xf6b5ddb4aafcbb8c) in LRU cache for 2368 seconds, 2/2000 elements in the cache 2022-06-09 22:41:32 #383371(normal) <9fb5e4>; bayes; bayes_classify: no tokens found in bayes database (29 total tokens, 1 text tokens), ignore stats 2022-06-09 22:41:32 #383371(normal) <9fb5e4>; lua; greylist.lua:331: Score too low - skip greylisting 2022-06-09 22:41:32 #383371(normal) <9fb5e4>; task; rspamd_task_write_log: id: <16A69383-CBAF-4CFB-AE17-71FE91DA9619@wppl>, qid: <30C5C44005F>, ip: 212.77.101.5, from: <XXXX@wppl>, (default: F (no action): [-0.51/0.10] [DMARC_POLICY_ALLOW(-0.50){wppl;none;},R_PARTS_DIFFER(0.50){100.0%;},R_DKIM_ALLOW(-0.20){wppl:s=1024a;},R_SPF_ALLOW(-0.20){+ip4:212.77.96.0/19;},MIME_GOOD(-0.10){multipart/alternative;text/plain;},MX_GOOD(-0.01){},ARC_NA(0.00){},ASN(0.00){asn:12827, ipnet:212.77.101.0/24, countryL;},DKIM_TRACE(0.00){wppl:+;},DWL_DNSWL_NONE(0.00){wppl:dkim;},FREEMAIL_ENVFROM(0.00){wppl;},FREEMAIL_FROM(0.00){wppl;},FROM_EQ_ENVFROM(0.00){},FROM_HAS_DN(0.00){},MID_RHS_MATCH_FROM(0.00){},MIME_TRACE(0.00){0:+;1:+;2:~;},PREVIOUSLY_DELIVERED(0.00){[email protected];},RCPT_COUNT_ONE(0.00){1;},RCVD_COUNT_TWO(0.00){2;},RCVD_IN_DNSWL_NONE(0.00){212.77.101.5:from;},RCVD_TLS_LAST(0.00){},RWL_MAILSPIKE_GOOD(0.00){212.77.101.5:from;},TO_DN_ALL(0.00){},TO_MATCH_ENVRCPT_ALL(0.00){}]), len: 3254, time: 489.947ms, dns req: 32, digest: <1a58cce4413e740e2bc61c819be9b5b1>, rcpts: <[email protected]>, mime_rcpts: <[email protected]>, settings_id: spamfilter_wblist-18 2022-06-09 22:41:32 #383371(normal) <9fb5e4>; task; rspamd_protocol_htt_reply: regexp statistics: 0 pcre regexps scanned, 2 regexps matched, 172 regexps total, 68 regexps cached, 0B scanned using pcre, 2.71KiB scanned total 2022-06-09 22:41:32 #383369(rspamd_proxy) <2f604c>; proxy; proxy_milter_finish_handler: finished milter connection And the message Message-ID: <16A69383-CBAF-4CFB-AE17-71FE91DA9619@wppl> Thread-Topic: Kjsdfhjksdhfkjsdhfkjsdhfkjsdf Mime-version: 1.0 Content-type: multipart/alternative; boundary="B_3737659291_1461798404" X-WP-MailID: 47b3b137947d5e83015451e179cba941 X-WP-AV: skaner antywirusowy Poczty Wirtualnej Polski X-WP-SPAM: NO 0M00000 [8aPH] X-Spam-Status: No, score=-0.51 Authentication-Results: mail01.XXXX.XXX; dkim=pass header.d=wppl header.s=1024a header.b=AakEcGY8; spf=pass (mail01.XXXX.XXX: domain of XXXX@wppl designates 212.77.101.5 as permitted sender) smtp.mailfrom=XXXX@wppl; dmarc=pass (policy=none) header.from=wppl X-Spamd-Bar: / BTW my wblist file: spamfilter_wblist-19 { priority = 45; from = "XXX@XXX"; rcpt = "@XXX"; apply { R_DUMMY = 999.0; actions { reject = 0.2; "add header" = 0.1; greylist = 0.1; "rewrite subject" = 0.1; } } }
I think that i finded a couse of the problem here https://www.howtoforge.com/community/threads/rspamd-whitelist.84552/#post-435205
