Hello, I have a ispconfig multiserver conf with mail server running Rspamd I face a strange behavior. I whitelisted a domain "@francemarches.com" But, email from this domain are still classified as Spam. First I saw that the sender ovhcloud, is classifying those emails as spam. Here below an example of header Code: X-Ovh-Tracer-Id: 926615624424023748 X-VR-SPAMSTATE: OK X-VR-SPAMSCORE: 50 X-VR-SPAMCAUSE: gggruggvucftvghtrhhoucdtuddrgedviedruddtiedgleegucetufdoteggodetrfdotffvucfrrhhofhhilhgvmecuqfggjfdpvefjgfevmfevgfenuceurghilhhouhhtmecuhedttdenucdntehlvg> X-Spamd-Bar: ++++++++++ X-Spam-Level: ********** X-Spam-Status: No, score=10.92 so that I added to milter_headers.conf, 'remove_upstream_spam_flag = true;' Code: extended_spam_headers = true; skip_authenticated = false; remove_upstream_spam_flag = true; use = ["x-spamd-bar", "x-spam-level", "x-spam-status", "authentication-results", "remove-headers"]; authenticated_headers = ["authentication-results"]; routines { remove-headers { headers { "X-Spam" = 0; "X-Spamd-Bar" = 0; "X-Spam-Level" = 0; "X-Spam-Status" = 0; "X-Spam-Flag" = 0; } } } But now, I have this header Code: X-Spam-Level: ********* X-Spam: Yes X-OlkEid: 0000000088C621C4967E64429064B8BD941335C20700C3B68E10F77511CEB4CD00AA00BBB6E600000000000B0000670B5C7608C0D3448958029BD3E80E700000000097980000BED646DA63F771498886> X-Rspamd-Server: mail.dom.fr X-Rspamd-Action: add header X-Rspamd-Queue-Id: 4B1FABE4636 X-Spamd-Result: default: False [9.58 / 15.00]; BAYES_SPAM(5.04)[99.85%]; PHISHING(2.00)[francemarches.com->mj.am]; URIBL_GREY(1.50)[mj.am:url]; NEURAL_SPAM_SHORT(0.46)[0.923]; FORGED_SENDER(0.30)[[email protected],372f2943.EAAABJvL9Q4AAAAAAAAAALcqm6oAAP-yko4AAAAAAAUkBgBlGl21@bnc3.mailjet.com]; MIME_HTML_ONLY(0.20)[]; BAD_REP_POLICIES(0.10)[]; MX_GOOD(-0.01)[]; HAS_LIST_UNSUB(-0.01)[]; ARC_SIGNED(0.00)[aliasdomain.fr:s=dom:i=1]; R_DKIM_ALLOW(0.00)[bnc3.mailjet.com:s=mailjet1]; RCPT_COUNT_ONE(0.00)[1]; MIME_TRACE(0.00)[0:~]; GREYLIST(0.00)[pass,body]; DMARC_NA(0.00)[francemarches.com]; ARC_NA(0.00)[]; DKIM_TRACE(0.00)[bnc3.mailjet.com:+]; DWL_DNSWL_NONE(0.00)[mailjet.com:dkim]; TO_DN_NONE(0.00)[]; FROM_NEQ_ENVFROM(0.00)[[email protected],372f2943.EAAABJvL9Q4AAAAAAAAAALcqm6oAAP-yko4AAAAAAAUkBgBlGl21@bnc3.mailjet.com]; FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; RWL_MAILSPIKE_VERYGOOD(0.00)[87.253.233.157:from]; R_SPF_ALLOW(0.00)[+ip4:87.253.232.0/21]; RCVD_COUNT_ZERO(0.00)[0]; ASN(0.00)[asn:200069, ipnet:87.253.232.0/21, country:FR]; RCVD_IN_DNSWL_NONE(0.00)[87.253.233.157:from] As much as I understand, whitelist is not running ! Any idea ? It is very penalizing... Thanks a lot
Does Email | Server Settings | Postfix Whitelist work better? Old discussions: https://forum.howtoforge.com/threads/rspamd-whitelist.84552/ https://forum.howtoforge.com/threads/ispconfig-3-1-15p2-rspamd-whitelist.83099/
Hello, I look at previous forum https://forum.howtoforge.com/threads/rspamd-whitelist.84552/ And I try that from Till " One thing that you might try is to empty (or move all files to a backup directory) in /etc/rspamd/local.d/users/, and I mean all, not just the whitelist files, and then use Tools > resync for all mail related functions to let ispconfig regenerate them. Maybe you have some old config files there which cause the whitelist to not work. " My domain doesn't have .conf file... Now it is corrected. I'll see what happen
Hello, it still doesn't work as expected. I think issue is coming form the fact that this email is sent to an alias domain. Let's call it aliasdomain.tld I try Code: echo "test" | rspamc -F "[email protected]" -r "[email protected]" echo "test" | rspamc -F "[email protected]" -r "[email protected]" both said Code: Results for file: stdin (0.032 seconds) [Metric: default] Action: no action Spam: false Score: 10.39 / 15.00 Symbol: ARC_NA (0.00) Symbol: DMARC_NA (0.00)[No From header] Symbol: HFILTER_HOSTNAME_UNKNOWN (2.50) Symbol: MIME_GOOD (-0.10)[text/plain] Symbol: MIME_TRACE (0.00)[0:+] Symbol: MISSING_DATE (1.00) Symbol: MISSING_FROM (2.00) Symbol: MISSING_MID (2.50) Symbol: MISSING_SUBJECT (0.50) Symbol: MISSING_TO (2.00) Symbol: MX_GOOD (-0.01)[] Symbol: RCVD_COUNT_ZERO (0.00)[0] Symbol: R_DKIM_NA (0.00) Message-ID: undef Now looking at a real mail header I see : Code: Received: from o103.p8.mailjet.com (o103.p8.mailjet.com [87.253.233.103]) by mail.dom.fr (Postfix) with UTF8SMTPS id 8AF4BBEE311 for <[email protected]>; Sun, 8 Oct 2023 07:37:29 +0200 (CEST) Received: from mail.dom.fr by mail.dom.fr with LMTP id itt/LBpAImV6twsA4t0oRA (envelope-from <b9e1a629.CAAABKIaHIkAAAAAAAAAALcqm6oAAP-yko4AAAAAAAUkBgBlIj1h@bnc3.mailjet.com>) for <[email protected]>; Sun, 08 Oct 2023 07:37:30 +0200 From: =?utf-8?Q?France_March=C3=A9s_-_1_nouveaux_avis?= <[email protected]> To: <[email protected]> Subject: =?utf-8?Q?***_SPAM_***_Votre_alerte_France?= =?utf-8?Q?_March=C3=A9s_:_=22Charpente_couverture?= =?utf-8?Q?_FPE=22?= Date: Sun, 8 Oct 2023 07:25:53 +0200 Message-ID: <b9e1a629.CAAABKIaHIkAAAAAAAAAALcqm6oAAP-yko4AAAAAAAUkBgBlIj1h@mailjet.com> MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0000_01D9F9DA.81E44DB0" X-Mailer: Microsoft Outlook 16.0 Thread-Index: AQK49TmO2ss42laGkQP7BT+BM6Tnyw== Authentication-Results: mail.dom.fr; dkim=pass header.d=bnc3.mailjet.com header.s=mailjet2 header.b=Ove0iwqR; spf=pass (mail.dom.fr: domain of b9e1a629.CAAABKIaHIkAAAAAAAAAALcqm6oAAP-yko4AAAAAAAUkBgBlIj1h@bnc3.mailjet.com designates 87.253.233.103 as permitt ed sender) smtp.mailfrom=b9e1a629.CAAABKIaHIkAAAAAAAAAALcqm6oAAP-yko4AAAAAAAUkBgBlIj1h@bnc3.mailjet.com; dmarc=none X-CSA-Complaints: [email protected] X-MJ-Mid: CAAABKIaHIkAAAAAAAAAALcqm6oAAP-yko4AAAAAAAUkBgBlIj1hkkeCFPOYQwWFg9yr3W9z1QAE7dI X-REPORT-ABUSE-TO: Message sent by Mailjet please report to [email protected] with a copy of the message X-Spamd-Bar: ++++++++ X-Rspamd-Server: mail.dom.fr X-Spamd-Result: default: False [8.97 / 5.00]; BAYES_SPAM(4.89)[99.48%]; PHISHING(2.00)[francemarches.com->mj.am]; URIBL_GREY(1.50)[mj.am:url]; FORGED_SENDER(0.30)[[email protected],b9e1a629.CAAABKIaHIkAAAAAAAAAALcqm6oAAP-yko4AAAAAAAUkBgBlIj1h@bnc3.mailjet.com]; MIME_HTML_ONLY(0.20)[]; BAD_REP_POLICIES(0.10)[]; MX_GOOD(-0.01)[]; HAS_LIST_UNSUB(-0.01)[]; MIME_TRACE(0.00)[0:~]; GREYLIST(0.00)[pass,body]; DMARC_NA(0.00)[francemarches.com]; DWL_DNSWL_NONE(0.00)[mailjet.com:dkim]; ARC_NA(0.00)[]; RCPT_COUNT_ONE(0.00)[1]; R_DKIM_ALLOW(0.00)[bnc3.mailjet.com:s=mailjet2]; FROM_HAS_DN(0.00)[]; RCVD_COUNT_ZERO(0.00)[0]; DKIM_TRACE(0.00)[bnc3.mailjet.com:+]; TO_DN_NONE(0.00)[]; RWL_MAILSPIKE_POSSIBLE(0.00)[87.253.233.103:from]; TO_MATCH_ENVRCPT_ALL(0.00)[]; R_SPF_ALLOW(0.00)[+ip4:87.253.232.0/21]; FROM_NEQ_ENVFROM(0.00)[[email protected],b9e1a629.CAAABKIaHIkAAAAAAAAAALcqm6oAAP-yko4AAAAAAAUkBgBlIj1h@bnc3.mailjet.com]; ASN(0.00)[asn:200069, ipnet:87.25 3.232.0/21, country:FR]; ARC_SIGNED(0.00)[aliasdomain.fr:s=dom:i=1]; RCVD_IN_DNSWL_NONE(0.00)[87.253.233.103:from] X-Rspamd-Queue-Id: 8AF4BBEE311 X-Spam-Level: ******** X-Spam-Status: Yes, score=8.97 X-Rspamd-Action: rewrite subject X-Antivirus: Avast (VPS 231005-4, 5/10/2023), Inbound message X-Antivirus-Status: Clean
