Can I chain postfix + rspamd + dovecot via postfix:virtual_transport?
590 views
Skip to first unread message
Sophie Loe
Dec 2, 2017, 5:08:46 AM12/2/17
to rspamd
Hi,
In my SA configurations I had this configured so that postfix would deliver to SA who would add headers and then pipe to dovecot for final deliver. I used spamass-milter for the initial scanning and rejection based on thresholds much like I have rspamd configured now.
/etc/postfix/master.cf
dovecot-spamass unix - n n - - pipe
flags=DRhu user=vmail:vmail argv=/usr/bin/spamc -u ${recipient} -e /usr/lib/dovecot/deliver -d ${recipient}
Do we need a similar config with rspamd when using this as a milter in postfix so long as rspamd writes the right headers or is the setup above redundant?
I have this :
/etc/postfix/main.cf
# RSPAMD #
##
## Spam filter and DKIM signatures via Rspamd
##
smtpd_milters = inet:localhost:11332
non_smtpd_milters = inet:localhost:11332
milter_protocol = 6
milter_mail_macros = i {mail_addr} {client_addr} {client_name} {auth_authen}
milter_default_action = tempfail
Thanks, S
Alexander Moisseev
Dec 2, 2017, 11:21:50 AM12/2/17
to rsp...@googlegroups.com
smtpd_milters = inet:localhost:11332
# non_smtpd_milters = $smtpd_milters # Enable if you need to scan locally-originated mail.
The rest are the Postfix defaults (In fact, milter_mail_macros is not, but the default is fine too).
Since Rspamd act as a before-queue filter (milter) Postfix-Rspamd integration does not depend on virtual transport (LDA or LMTP).
Postfix SMTP -> Rspamd (before-queue filter) -> Postfix SMTP -> Postfix queue -> virtual transport
P.S. BTW, probably it's a good time to migrate from LDA to LMTP as you don't need that chaining any more.
Sophie Loe
Dec 2, 2017, 1:54:46 PM12/2/17
to Alexander Moisseev, rsp...@googlegroups.com
Rspamd won’t add any headers except dkim/arc on outgoing emails recieved on 127.0.0.1:587/smtp-auth.
Rspamd adds X-Spam: Yes on FQDN:587/smpt-auth, but no other headers from rspamd are added.
At a loss.
Some config below:
main.cf:
smtpd_milters = inet:localhost:11332
non_smtpd_milters = $smtpd_milters
# cat local.d/milter_headers.conf
use = ["x-spamd-bar", "x-spam-level", "authentication-results"];
routines {
x-rspamd-bar {
header = "X-Rspamd-Bar";
remove = 1;
}
}
routines {
x-rspamd-level {
header = "X-Rspamd-Level";
remove = 1;
}
}
routines {
authentication-results {
header = "X-Authentication-Results";
remove = 1;
}
}
authenticated_headers = ["authentication-results"];
extended_spam_headers = true;
local_headers = ["x-spamd-bar"];
skip_local = false;
skip_authenticated = false;
use = ["x-rspamd-server"];
routines {
x-rspamd-server {
header = "X-Rspamd-Server";
remove = 1;
}
}
add_smtp_user = true;
spf_symbols {
pass = "R_SPF_ALLOW";
fail = "R_SPF_FAIL";
softfail = "R_SPF_SOFTFAIL";
neutral = "R_SPF_NEUTRAL";
temperror = "R_SPF_DNSFAIL";
none = "R_SPF_NA";
permerror = "R_SPF_PERMFAIL";
}
dkim_symbols {
pass = "R_DKIM_ALLOW";
fail = "R_DKIM_REJECT";
temperror = "R_DKIM_TEMPFAIL";
none = "R_DKIM_NA";
permerror = "R_DKIM_PERMFAIL";
}
dmarc_symbols {
pass = "DMARC_POLICY_ALLOW";
permerror = "DMARC_BAD_POLICY";
temperror = "DMARC_DNSFAIL";
none = "DMARC_NA";
reject = "DMARC_POLICY_REJECT";
softfail = "DMARC_POLICY_SOFTFAIL";
quarantine = "DMARC_POLICY_QUARANTINE";
}
routines {
header = "X-Spam-Level";
char = "*";
remove = 1;
header = "X-Spam-Status";
remove = 1;
header = "X-Virus";
remove = 1;
# The following setting is an empty list by default and required to be set
# These are user-defined symbols added by the antivirus module
symbols = ["CLAM_VIRUS", "FPROT_VIRUS"];
}
Alexander Moisseev
Dec 3, 2017, 3:12:54 AM12/3/17
to rsp...@googlegroups.com
On 12/2/2017 9:54 PM, Sophie Loe wrote:
>
> Thanks Alexander for the tips. Regardless what I change regarding the milter I always end up with the same problem:
> Rspamd won’t add any headers except dkim/arc on outgoing emails recieved on 127.0.0.1:587/smtp-auth.
> Rspamd adds X-Spam: Yes on FQDN:587/smpt-auth, but no other headers from rspamd are added.
>
That's expected. By default Rspamd doesn't add
>
> Thanks Alexander for the tips. Regardless what I change regarding the milter I always end up with the same problem:
> Rspamd won’t add any headers except dkim/arc on outgoing emails recieved on 127.0.0.1:587/smtp-auth.
> Rspamd adds X-Spam: Yes on FQDN:587/smpt-auth, but no other headers from rspamd are added.
>
> At a loss.
>
> Some config below:
>
> main.cf:
> smtpd_milters = inet:localhost:11332
> non_smtpd_milters = $smtpd_milters
>
> # cat local.d/milter_headers.conf
> use = ["x-spamd-bar", "x-spam-level", "authentication-results"];
> routines {
> x-rspamd-bar {
> header = "X-Rspamd-Bar";
...
>
> Some config below:
>
> main.cf:
> smtpd_milters = inet:localhost:11332
> non_smtpd_milters = $smtpd_milters
>
> # cat local.d/milter_headers.conf
> use = ["x-spamd-bar", "x-spam-level", "authentication-results"];
> routines {
> x-rspamd-bar {
> header = "X-Rspamd-Bar";
> symbols = ["CLAM_VIRUS", "FPROT_VIRUS"];
> }
>
Are you really need all of this stuff? Anyway, let's start with simple configuration and see what will happen.
> }
>
Try local.d/milter_headers.conf :
extended_spam_headers = true;
skip_local = false;
skip_authenticated = false;
You should get X-Rspamd-Queue-Id, X-Spamd-Result and X-Rspamd-Server headers added to scanned messages, including originated from local IPs and authenticated users.
skip_authenticated = false;
Sophie Loe
Dec 3, 2017, 2:11:28 PM12/3/17
to Alexander Moisseev, rsp...@googlegroups.com
Hi,
I replaced the file with this, restarted rspamd, and did not have these headers added.
local.d/milter_headers.conf :
extended_spam_headers = true;
skip_local = false;
skip_authenticated = false;
extended_spam_headers = true;
skip_local = false;
skip_authenticated = false;
Sophie
--
You received this message because you are subscribed to a topic in the Google Groups "rspamd" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/rspamd/DRDEjWmuxPU/unsubscribe.
To unsubscribe from this group and all its topics, send an email to rspamd+un...@googlegroups.com.
Visit this group at https://groups.google.com/group/rspamd.
Sophie Loe
Dec 3, 2017, 2:18:25 PM12/3/17
to Alexander Moisseev, rsp...@googlegroups.com
P.S this was written in rspamd.log for two emails I tested with:
Sent by AppleMail/public-IP/smtp-submission/smtp-auth
2017-12-03 19:09:18 #16964(normal) <91ca0c>; task; rspamd_task_write_log: id: <8457e1622b949daa...@example.co.uk>, qid: <74A8610205D>, ip: 127.0.0.1, user: sop...@example.co.uk, from: <sop...@klunky.co.uk>, (default: F (no action): [-3.10/15.00] [BAYES_HAM(-3.00){100.00%;},MIME_GOOD(-0.10){text/plain;},ARC_NA(0.00){},ARC_SIGNED(0.00){i=1;},DKIM_SIGNED(0.00){},FROM_EQ_ENVFROM(0.00){},FROM_HAS_DN(0.00){},MID_RHS_MATCH_FROM(0.00){},RCPT_COUNT_ONE(0.00){1;},RCVD_COUNT_ZERO(0.00){0;},RCVD_TLS_ALL(0.00){},TO_DN_ALL(0.00){},TO_DOM_EQ_FROM_DOM(0.00){},TO_MATCH_ENVRCPT_ALL(0.00){}]), len: 1127, time: 1381.964ms real, 16.044ms virtual, dns req: 2, digest: <3ad07a9b5b52a1af9c84f3bfc0fd9bb8>, rcpts: <te...@example.co.uk>, mime_rcpt: <te...@example.co.uk>
Sent by Roundcube/localhost/smtp-submission/smtp-auth
2017-12-03 19:08:53 #16964(normal) <af2a98>; task; rspamd_task_write_log: id: <143C38DE-B7CE-4DA2...@example.co.uk>, qid: <4485110205D>, ip: 178.50.70.48, from: <te...@example.co.uk>, (default: F (add header): [6.90/15.00] [HFILTER_HELO_BADIP(4.50){192.168.1.101;1;},BAYES_HAM(-3.00){100.00%;},HEADER_FORGED_MDN(2.00){},RBL_SPAMHAUS_PBL(2.00){48.70.50.178.zen.spamhaus.org : 127.0.0.11;},R_SPF_FAIL(1.00){-all;},MV_CASE(0.50){},MIME_GOOD(-0.10){text/plain;},ARC_NA(0.00){},ASN(0.00){asn:47377, ipnet:178.50.0.0/15, country:BE;},DMARC_NA(0.00){klunky.co.uk;},FROM_EQ_ENVFROM(0.00){},FROM_HAS_DN(0.00){},MID_RHS_MATCH_FROM(0.00){},RCPT_COUNT_ONE(0.00){1;},RCVD_COUNT_ZERO(0.00){0;},RCVD_TLS_ALL(0.00){},R_DKIM_NA(0.00){},TO_DN_ALL(0.00){},TO_DOM_EQ_FROM_DOM(0.00){},TO_MATCH_ENVRCPT_ALL(0.00){}]), len: 1071, time: 2075.947ms real, 71.461ms virtual, dns req: 42, digest: <652dcd3cd2554d93d9a57ddd6fbe41a3>, rcpts: <sop...@example.co.uk>, mime_rcpt: <sop...@example.co.uk>
2017-12-03 19:08:53 #16964(normal) <af2a98>; task; rspamd_task_write_log: id: <143C38DE-B7CE-4DA2...@example.co.uk>, qid: <4485110205D>, ip: 178.50.70.48, from: <te...@example.co.uk>, (default: F (add header): [6.90/15.00] [HFILTER_HELO_BADIP(4.50){192.168.1.101;1;},BAYES_HAM(-3.00){100.00%;},HEADER_FORGED_MDN(2.00){},RBL_SPAMHAUS_PBL(2.00){48.70.50.178.zen.spamhaus.org : 127.0.0.11;},R_SPF_FAIL(1.00){-all;},MV_CASE(0.50){},MIME_GOOD(-0.10){text/plain;},ARC_NA(0.00){},ASN(0.00){asn:47377, ipnet:178.50.0.0/15, country:BE;},DMARC_NA(0.00){klunky.co.uk;},FROM_EQ_ENVFROM(0.00){},FROM_HAS_DN(0.00){},MID_RHS_MATCH_FROM(0.00){},RCPT_COUNT_ONE(0.00){1;},RCVD_COUNT_ZERO(0.00){0;},RCVD_TLS_ALL(0.00){},R_DKIM_NA(0.00){},TO_DN_ALL(0.00){},TO_DOM_EQ_FROM_DOM(0.00){},TO_MATCH_ENVRCPT_ALL(0.00){}]), len: 1071, time: 2075.947ms real, 71.461ms virtual, dns req: 42, digest: <652dcd3cd2554d93d9a57ddd6fbe41a3>, rcpts: <sop...@example.co.uk>, mime_rcpt: <sop...@example.co.uk>
Reply all
Reply to author
Forward
0 new messages