Hi, everyone, I'm working on a problem that I can't get any further. If a customer has set up a email redirect to another account, the user filter of the target account is not used. Only the default values of Rspamd are used. If no redirect is used, the user filter is used. Even if the filter is disabled for the domain, Rspamd's default filter is used. This applies to incoming and outgoing e-mail. The problem here is that customers forward emails that are ignored by the target customer's user filters. Does anyone have any tips here? I can't get any further here
How is it you setup the "redirect" and how does that differ to the "customers forward emails"? The latter sounds like the client is forwarding a message in their mail program, just clarifying that, but there are several ways to setup the former. What do you see in mail.log and rspamd.log for each scenario?
Hi Jesse, thank you very much for the reply. In this case I send an email from gmx.de which goes to a forwarding set up in the ISPConfig admin panel: External Sender: [email protected] sends to [email protected] Local Recipient (Account 1): [email protected] fordward to [email protected] (Set in ISPConfig Modul mail_forward_edit) Local Final Recipient (Account 2): [email protected] (Has a Rspamd filter activ with a 6.01 points) No matter what I've tried, it always uses rspamd's default value of 15.0 instead of the user filter of the mailbox with the value 6.01. If i send the mail directly to [email protected] the correct score of 6.01 is used. ---- Rspamd Log ---- 2022-02-09 15:55:13 #17667(normal) <7f1c98>; task; rspamd_task_write_log: id: <trinity-8e54c8da-ebc4-4f79-82b0-5a6d23bfb891-1644418512360@3c-app-gmx-bap56XXX>, qid: <3090E20108DC3>, ip: 212.227.17.XXX, from: <[email protected]>, (default: F (no action): [0.69/15.00] [XPRIO(1.00){__XPRIO_MINFP;},DMARC_POLICY_ALLOW(-0.50){gmx.de;none;},MID_RHS_NOT_FQDN(0.50){},R_DKIM_ALLOW(-0.20){gmx.net:s=badeba3b8450;},R_SPF_ALLOW(-0.20){+ip4:212.227.XXX.0/27;},MIME_HTML_ONLY(0.10){},MX_GOOD(-0.01){},FREEMAIL_FROM(0.00){gmx.de;},ARC_NA(0.00){},ASN(0.00){asn:8560, ipnet:212.227.0.0/16, countryE;},DKIM_TRACE(0.00){gmx.net:+;},DWL_DNSWL_LOW(0.00){gmx.net:dkim;},FREEMAIL_ENVFROM(0.00){gmx.de;},FROM_EQ_ENVFROM(0.00){},FROM_HAS_DN(0.00){},HAS_X_PRIO_THREE(0.00){3;},MIME_TRACE(0.00){0:~;},RCPT_COUNT_ONE(0.00){1;},RCVD_COUNT_TWO(0.00){2;},RCVD_IN_DNSWL_LOW(0.00){212.227.17.XXX:from;},RCVD_TLS_LAST(0.00){},RECEIVED_SPAMHAUS_PBL(0.00){37.201.4.10:received;},TO_DN_NONE(0.00){},TO_MATCH_ENVRCPT_ALL(0.00){},__NOT_SPOOFED(0.00){__DKIM_EXISTS;},__TO_NO_BRKTS_FREEMAIL(0.00){__TO_NO_ARROWS_R;FREEMAIL_FROM;},__XPRIO_MINFP(0.00){__XPRIO;},__XPRIO_SHORT_SUBJ(0.00){__XPRIO;__SUBJ_SHORT;}]), len: 5085, time: 61.698ms, dns req: 30, digest: <1d0e7b3d94baf2bc98553bf7c9d21e4a>, rcpts: <[email protected]>, mime_rcpts: <[email protected]> 2022-02-09 15:55:13 #17667(normal) <7f1c98>; task; rspamd_protocol_http_reply: regexp statistics: 21 pcre regexps scanned, 13 regexps matched, 1422 regexps total, 1003 regexps cached, 14.36KiB scanned using pcre, 25.93KiB scanned total ------------------------ ---- Mail Log ---- Feb 9 15:55:13 dev2 postfix/smtpd[18861]: 3090E20108DC3: client=mout.gmx.net[212.227.17.XXX] Feb 9 15:55:13 dev2 postfix/cleanup[22634]: 3090E20108DC3: message-id=<trinity-8e54c8da-ebc4-4f79-82b0-5a6d23bfb891-1644418512360@3c-app-gmx-bap56XXX> Feb 9 15:55:13 dev2 postfix/qmgr[19147]: 3090E20108DC3: from=<[email protected]>, size=5356, nrcpt=1 (queue active) Feb 9 15:55:13 dev2 postfix/lmtp[22641]: 3090E20108DC3: to=<[email protected]>, orig_to=<[email protected]>, relay=mail2.dev2.XXXdomain.org[private/dovecot-lmtp], delay=0.34, delays=0.27/0.02/0.02/0.03, dsn=2.0.0, status=sent (250 2.0.0 <[email protected]> pvPoFdHVA2JyWAAA0bqxaQ Saved) Feb 9 15:55:13 dev2 postfix/qmgr[19147]: 3090E20108DC3: removed ------------------------ *Edit 16:14* I also add the user filter code below: ------------------------ ispc_spamfilter_user_41 { priority = 30; rcpt = "[email protected]"; apply { CLAM_VIRUS = 1007; JUST_EICAR = 1007; actions { "rewrite subject" = 6.01; "add header" = null; reject = 7; greylist = null; } } } ------------------------
This uses postfix for forwarding, as confirmed by your mail.log; rspamd is called as a milter, which will act on the smtp recipient address, prior to virtual aliasing, so in your example, add spam filter settings for [email protected] and those should be applied. You could change to forwarding via a sieve filter, which will re-inject the message for local delivery and run it through rspamd a second time using the [email protected] settings.
The hint to use the sieve filter helps me a lot. I'll take a close look into it. The spam filter for [email protected] works perfectly and using the sieve filter should solve the problem. Thank you again for your help!
