rspamd still intercepts and processes mail after reverting to amavisd

Discussion in 'ISPConfig 3 Priority Support' started by Etcetera, May 28, 2020.

Tags:
  1. Etcetera

    Etcetera Member HowtoForge Supporter

    Reverting to amavisd is turning out trickier than I hoped, as rspamd still intercepts and processes mail after re-enabling the amavisd-new service and changing the 'Content filter' setting in ISPConfig's 'Server Config' section back to 'Amavisd'.

    Now I thought I need to stop the rspamd service, but when I do so, no mail comes through to the mailboxes anymore. It seems to get queued instead. Only when I re-start rspamd, mail is being delivered to the recipients again (including the previously queued mail).

    Then I've changed all rspamd policies configured in ISPConfig to the settings I found for 'Uncensored', which now lets through all mail which is to be delivered into the same machine's mailboxes. Not so the incoming mail which is to be redirected somewhere else by Sieve scripts (as reported before). Before such mail is going out again, it is processed one more time by rspamd, with what I guess are rspamd's default settings, which still may change the message's subject or even completely reject the message. Which is the major issue I had with rspamd that made me want to change back in the first place... ;-)

    The effects of this issue become most obvious in the spam routine I have in place for my own personal e-mail, which filters out suspected spam for all my personal e-mail accounts on the server by checking spam headers and then redirects it to another server's 'spam' account to be looked over later.

    For now I have created a local.d/actions.conf file as per the rspamd quickstart manual and for now it looks like the mail server is in a kind-of-working-as-expected state, but I'd surely like to get this sorted out, optimally with rspamd as the only spamfilter :)
     
  2. Croydon

    Croydon ISPConfig Developer ISPConfig Developer

    Are you using the latest ISPConfig version? The mail config is reverted by removing the milter entry for rspamd from postfix main.cf. So this seems to have failed in your case and it normally is the only place where rspamd is triggered.

    So if I get it right you want all outgoing mails to be kind of whitelisted, which equals to enabling spam-sending from the server to the outside.
     
  3. Etcetera

    Etcetera Member HowtoForge Supporter

    Disabling rspamd:

    Yes, latest ISPConfig version. (Just reinstalled it today to have it "reconfigure services" after needing to apt remove amavisd and apt install amavisd before systemctl enable amavisd would work again.) There's the following line in my postfix main.cf, would that be it?
    Code:
    non_smtpd_milters = inet:localhost:11332

    Mails filtered twice:

    I never cared to look too closely at how amavisd was doing this, because my spam collecting and all the redirecting just somehow worked. Except, of course, that lately there was more and more spam getting through. It's just now with rspamd that I realize it not only filters incoming e-mail, but also outgoing e-mail.

    Sending spam to the outside is not the point (although obviously that's exactly what I've been doing for years with the spam I get in my personal accounts and I don't see why I shouldn't), the main issue here is that regular mail gets filtered twice when being redirected, getting a worse score along the way, possibly being tagged as spam and getting a subject-modification although it normally wouldn't (and shouldn't).

    Of course I see the reasons to spam-check outgoing mail by default, but somehow I need to resolve these issues to be able to use rspamd; the more so as rspamd as it gets installed by ISPConfig seems to be more aggressive than the corresponding amavisd policies. Being able to whitelist those accounts which are using redirection for outbound spam checking, for example, would be enough (I guess that would mean whitelisting the e-mail addresses as the sender envelope of outgoing mail), but I can't see how I could do that through ISPConfig.
     
    Last edited: May 28, 2020
  4. Croydon

    Croydon ISPConfig Developer ISPConfig Developer

    Have you checked the "global Postfix whitelist" in the Mail tab? This should be able to be defined for your address as type "sender".
     
  5. Etcetera

    Etcetera Member HowtoForge Supporter

    I was hoping so, too, but for the global Postfix Whitelist the ISPConfig manual says "the whitelist feature must be seen in conjunction with the blacklist feature. If you use the blacklist to block whole domains, for example, you can use the whitelist to allow certain email addresses (for example) from that domain". So it's rather not what I would need.
     
  6. Croydon

    Croydon ISPConfig Developer ISPConfig Developer

    The manual does not yet contain rspamd at all I think. I would try giving it a shot.
     
  7. Etcetera

    Etcetera Member HowtoForge Supporter

    Looks good! Now the rspamd web frontend notes "0.00 / -nan" for the "score" of a redirected mail whereas it was "13.75 / 15" before whitelisting. I guess I can work with that now. Thanks for the help so far!
     
    Croydon likes this.

Share This Page