Enabling greylisting module

[Alex JOST]

Dear all,

I've tried to enable the greylisting module in rspamd but was unable to
make it work. I'm wondering if I'm missing something.


Basically I've disabled greylisting in rmilter and added a redis server
in rspamd. Log confirms that the lua module is loaded.

/etc/rmilter/rmilter.conf.local =>
greylisting {
enable = false;
}


rspamadm configdump greylist =>
*** Section greylist ***
whitelist_domains_url [
"/etc/rspamd/local.d/greylist-whitelist-domains.inc",
]
expire = 86400.0;
timeout = 300.0;
key_prefix = "grey.";
max_data_len = 10000;
message = "Try again later";
action = "soft reject";
ipv4_mask = 19;
ipv6_mask = 64;
servers = "127.0.0.1:6379";
password = "secret";

*** End of section greylist ***


rspamadm configdump metric =>
actions {
reject = 10;
add_header = 5.000000;
greylist = -10;
}


The required score for greylisting was reduced to '-10' in the metrics
section just to make sure. Nonetheless messages with a higher score
(e.g. 0.90) got set to 'no action'. Does this setting have any effect on
the greylisting module in rspamd?

--
Alex JOST

[Vsevolod Stakhov]

It is expected if greylisting has been passed, or if there is an
authenticated sender, or the IP address of sender is whitelisted. I also
never tested negative thresholds on actions. This might be broken...

[Alex JOST]

* The message is sent from external (rmilter shows 'user: unauthorized')
* I didn't configure any whitelisting and the file
'greylist-whitelist-domains.inc' doesn't exist
* I set the greylisting threshold to 0 with the same result
* Where can I check if greylisting has been passed? Is this information
cached somewhere besides redis (no entries btw.)?

--
Alex JOST

[Andrew Lewis]

Hi,

Don't use a negative thresholds for actions. Leave `greylist` score as
per default or remove it; it doesn't have influence on rspamd's
greylisting module anyway.

Maybe setting:
debug_modules = ["greylist"]
in local.d/logging.inc

may yield something useful. Greylisting adds symbols to indicate
greylisted/passed.

Best,
-AL.

[Alex JOST]

Am 22.04.2017 um 11:13 schrieb Andrew Lewis:
> Don't use a negative thresholds for actions. Leave `greylist` score as
> per default or remove it; it doesn't have influence on rspamd's
> greylisting module anyway.

If the score doesn't influence greylisting, how do I control it? Is
every message greylisted except those I explicitly whitelist?

I'd rather prefer the rmilter kind of thing, and greylist depending on
message score.

> Maybe setting:
> debug_modules = ["greylist"]
> in local.d/logging.inc
>
> may yield something useful. Greylisting adds symbols to indicate
> greylisted/passed.

I did that, but not a single line was written to the log.


After some fiddling it looks like I finally found the cause of the
problem. The greylisting module can't handle redis servers that require
a password. After I disables authorization greylisting started to work
just fine.

--
Alex JOST

[Andrew Lewis]

Hi,

> If the score doesn't influence greylisting, how do I control it? Is
> every message greylisted except those I explicitly whitelist?

Yes.

> I'd rather prefer the rmilter kind of thing, and greylist depending
> on message score.

You can get this behaviour by setting greylist_min_score in greylist
configuration.

Best,
-AL.