Hi,
I’ve NS8 running with Sogo and Rspamd.
The notication mail from the forum are most of the time marked as spam
Everytime i get a mail i paste it in the scan/learn section but it keeps being marked as spam.
The treshold level is already set up 6
Doesn’t sound normal and why is the learning not whitelist these mails
Could you please show all rspamd rules that were fired?
Look into the email headers.
Here’s an example:
X-Spamd-Result: default: False [2.41 / 15.00];
BAYES_HAM(-3.00)[99.99%];
MV_CASE(0.50)[];
R_DKIM_ALLOW(-0.20)[communiteq.com:s=cust1];
R_SPF_ALLOW(-0.20)[+ip4:37.58.63.184/32];
MAILLIST(-0.13)[generic];
MIME_GOOD(-0.10)[multipart/alternative,text/plain];
MANY_INVISIBLE_PARTS(0.05)[1];
HAS_LIST_UNSUB(-0.01)[];
MX_GOOD(-0.01)[];
RCPT_COUNT_ONE(0.00)[1];
REPLYTO_DOM_NEQ_FROM_DOM(0.00)[];
Recent email from today that landed in de spambox
-Orig-Subject: [NethServer] [Support] Backup to Samba share on NS8
Subject: ***SPAM*** [NethServer] [Support] Backup to Samba share on NS8
Return-Path: <replies+verp-46e803900db70618f0abe68d6ecdb8ec@community.nethserver.org>
Delivered-To: patrick@pdebrabander.nl
Received: from pdebrabander.nl
by ns8.pdebrabander.nl with LMTP
id Oef6HZUAGmdRqwAAXk9qQQ
(envelope-from <replies+verp-46e803900db70618f0abe68d6ecdb8ec@community.nethserver.org>)
for <patrick@pdebrabander.nl>; Thu, 24 Oct 2024 08:08:53 +0000
Received: from mailrelay2.communiteq.com (mailrelay2.communiteq.com [46.165.252.193])
(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
(No client certificate requested)
by pdebrabander.nl (Postfix) with ESMTPS id 2F3015E36A6
for <patrick@pdebrabander.nl>; Thu, 24 Oct 2024 08:08:53 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=communiteq.com;
s=cust2; t=1729757332;
bh=94fcrDyzTfIR0jn+JwUQFJg567qxdDWM0bgv6vBHbAI=;
h=Date:From:Reply-To:To:In-Reply-To:References:Subject:
List-Unsubscribe:List-ID:List-Archive:From;
b=SOMyB5QwHteUd5M+V1FP42ckZcMwMjmccpWRG9drdTCrqrpvkJXG8NZipL0yoy65S
ce4mqDxHHUz+04P2E9Gd0vLnAFOFVNdfqYue2/0MxoHL4EIAE50TMgz/6epgSo6Y9x
Jwsg+5kEls9QRQlvSUK1d0OjKeBu1aPBnGZuMvJQ=
X-Report-Abuse: Please forward a copy of this message, including all headers, to abuse@communiteq.com
Date: Thu, 24 Oct 2024 08:08:52 +0000
From: Davide Principi via NethServer Community <alessio.fattorini@nethserver.org>
Reply-To: NethServer Community <replies+17a80e3cee87b51e9b67c9b9d164453d@community.nethserver.org>
To: patrick@pdebrabander.nl
Message-ID: <discourse/post/171172@community.nethserver.org>
In-Reply-To: <discourse/post/171035@community.nethserver.org>
References: <discourse/post/171035@community.nethserver.org>
Mime-Version: 1.0
Content-Type: multipart/alternative;
boundary="--==_mimepart_671a0093bbcc7_3a47a235d68491a8";
charset=UTF-8
Content-Transfer-Encoding: 7bit
List-Unsubscribe: <https://community.nethserver.org/email/unsubscribe/99c8c9e96b42deb3e4dcc40094807f61f76a4d67bf966f7b4520b37f384cd764>
X-Discourse-Post-Id: 171172
X-Discourse-Topic-Id: 24787
X-Discourse-Tags: ns8 backup samba
X-Discourse-Category: Support
X-Auto-Response-Suppress: All
Auto-Submitted: auto-generated
Precedence: list
List-ID: NethServer Community | Support <support.community.nethserver.org>
List-Archive: https://community.nethserver.org/t/backup-to-samba-share-on-ns8/24787
X-Rspamd-Queue-Id: 2F3015E36A6
X-Spamd-Result: default: False [8.11 / 15.00];
MX_MISSING(3.50)[];
HFILTER_FROMHOST_NORES_A_OR_MX(1.50)[community.nethserver.org];
HFILTER_HELO_IP_A(1.00)[mailrelay2.communiteq.com];
URI_COUNT_ODD(1.00)[5];
MV_CASE(0.50)[];
MX_INVALID(0.50)[];
HFILTER_HELO_NORES_A_OR_MX(0.30)[mailrelay2.communiteq.com];
MAILLIST(-0.13)[generic];
MIME_GOOD(-0.10)[multipart/alternative,text/plain];
MANY_INVISIBLE_PARTS(0.05)[1];
HAS_LIST_UNSUB(-0.01)[];
TAGGED_FROM(0.00)[verp-46e803900db70618f0abe68d6ecdb8ec];
TO_MATCH_ENVRCPT_ALL(0.00)[];
FORGED_SENDER_MAILLIST(0.00)[];
ARC_NA(0.00)[];
GREYLIST(0.00)[pass,meta];
MIME_TRACE(0.00)[0:+,1:+,2:~];
RCPT_COUNT_ONE(0.00)[1];
REPLYTO_DOM_NEQ_FROM_DOM(0.00)[];
MISSING_XM_UA(0.00)[];
ASN_FAIL(0.00)[193.252.165.46.asn.rspamd.com:server fail];
TO_DN_NONE(0.00)[];
FROM_NEQ_ENVFROM(0.00)[alessio.fattorini@nethserver.org,replies@community.nethserver.org];
FROM_HAS_DN(0.00)[];
DKIM_TRACE(0.00)[communiteq.com:?];
MID_RHS_MATCH_FROMTLD(0.00)[];
RCVD_COUNT_ZERO(0.00)[0];
DMARC_DNSFAIL(0.00)[nethserver.org : server fail];
R_DKIM_TEMPFAIL(0.00)[communiteq.com:s=cust2];
R_SPF_DNSFAIL(0.00)[temporary DNS error];
HAS_REPLYTO(0.00)[replies+17a80e3cee87b51e9b67c9b9d164453d@community.nethserver.org]
X-Rspamd-Flag-Threshold: 7
X-Rspamd-Action: add header
X-Rspamd-Server: ns8
X-Spam: Yes
I see a lot of fails
temporary DNS error
nethserver.org : server fail
193.252.165.46.asn.rspamd.com:server fail
Do i need to install a DNS server in NS8. Mu Nethsecurity should handle the DNS or not?
All rules that fired are related to DNS problems in your system.
Without knowing your setup’s details I can’t guess the errors.
NS must be able to query root server. Usually, you don’t need to do anything, but you may have restricted access without knowing.
Can this a filter within Nethsecurity ? or is it NS8 server related
I’ve a debian 12 system with NS8 installed
From the Debian prompt
nslookup iana.org
Server: 192.168.1.1
Address: 192.168.1.1#53
Non-authoritative answer:
Name: iana.org
Address: 192.0.43.8
Name: iana.org
Address: 2001:500:88:200::8
Hi.
Can this be the issue / solution?
The nameserver is 127.0.0.1 and maybe is not accepted as local dns
I think i’ve solved. Only maybe not a secure or correct solution but it works
I’ve adjusted the following file :
/home/mail1/.local/share/containers/storage/vfs/dir/a7901bd162b07aac1bc4fef9e23ac1636b885e7daf9520f352390e8da632e5b4/etc/rspamd/local.d/options.inc
dns {
timeout = 1s;
sockets = 16;
retransmits = 5;
nameserver = ["127.0.0.1:11336:1"]; # local unbound instance
}
to
dns {
timeout = 1s;
sockets = 16;
retransmits = 5;
nameserver = ["8.8.8.8:53:1"]; # local unbound instance
}
Hi,
Can i make this setting perisitant ?
Apparently after an update it restored the defualt setting
Is it possible to make it persistant like this ?
podman exec -ti rspamd vi /etc/rspamd/override.d/example.conf
Or is this only for the settings ?
The path is correct, but the file name is important to correctly override Rspamd default settings. Read carefully Rspamd documentation and test your customization survives after Rspamd container is restarted. See Rspamd Common options.
On some systems unbound detects IPv6 but fails to bind to ::1 port 11336 and dies immediately. Check if unbound is running on your system.
ss -tunlp | grep unbound
Hi Davide
I see the following.
ss -tunlp | grep unbound
udp UNCONN 0 0 127.0.0.1:11336 0.0.0.0:* users:(("unbound",pid=2551,fd=8))
udp UNCONN 0 0 127.0.0.1:11336 0.0.0.0:* users:(("unbound",pid=2551,fd=4))
udp UNCONN 0 0 [::1]:11336 [::]:* users:(("unbound",pid=2551,fd=0))
udp UNCONN 0 0 [::1]:11336 [::]:* users:(("unbound",pid=2551,fd=6))
tcp LISTEN 0 256 127.0.0.1:11336 0.0.0.0:* users:(("unbound",pid=2551,fd=9))
tcp LISTEN 0 256 127.0.0.1:11336 0.0.0.0:* users:(("unbound",pid=2551,fd=5))
tcp LISTEN 0 256 [::1]:11336 [::]:* users:(("unbound",pid=2551,fd=3))
tcp LISTEN 0 256 [::1]:11336 [::]:* users:(("unbound",pid=2551,fd=7))
Is this correct ?
It looks good to me. As unbound is running, I guess DNS resolve requests are blocked by NethSecurity or from your ISP.
On my Mail server I can run this command:
[root@ns8 ~]# runagent -m mail1 podman exec rspamd unbound-host nethserver.org
nethserver.org has address 35.214.216.68
nethserver.org mail is handled by 1 nethservice.nethesis.it.
Not sure what is blocking this, but it is blocked some where
runagent -m mail1 podman exec rspamd unbound-host nethserver.org
Host nethserver.org not found: 2(SERVFAIL).
Host nethserver.org not found: 2(SERVFAIL).
Host nethserver.org not found: 2(SERVFAIL).
I disabled Threatshield in Nehtsecurity, but that didn’t make any difference
The following command can give us some information about how Unbound is resolving the domain:
runagent -m mail1 podman exec rspamd unbound-control lookup nethserver.org
ns8:/# unbound-control lookup nethserver.org
The following name servers are used for lookup of nethserver.org.
;rrset 48895 6 0 2 0
org. 48895 IN NS a0.org.afilias-nst.info.
org. 48895 IN NS a2.org.afilias-nst.info.
org. 48895 IN NS b0.org.afilias-nst.org.
org. 48895 IN NS b2.org.afilias-nst.org.
org. 48895 IN NS c0.org.afilias-nst.info.
org. 48895 IN NS d0.org.afilias-nst.org.
;rrset 48895 1 1 11 5
org. 48895 IN DS 26974 8 2 4FEDE294C53F438A158C41D39489CD78A86BEB0D8A0AEAFF14745C0D16E1DE32
org. 48895 IN RRSIG DS 8 1 86400 20241123170000 20241110160000 61050 . sqdzt0uT9srBjvA7gjnyw+DPM6nFI2wehTwUn/Lu+OjT1fzeKkk/i9PM4i+weSjmdQRmYVNuv4XruAe7KT2EOSyeE/sXRQk/p7Kz90cZ0k/aqUm0MdJnEduc6uZgYqLDim7edtf3Wv/V1AQgF3otU2gsf92rYBl1vwnSeQPkwAz4X6fnKz75nqSvw2/ZmDa9mpjvSi1hq9zEkNIcv281pDsSKH5oSFGPGyfFt61KhBY9B9NkSt9fQdp7Qwo/7FQJdJ2/ChhizW5LsfZ/MoxgMB5ym+9V/46oZ9ycGnzou5hMS1SYlQyOqLD6dDwhMdQxQCsyDXkSWb8wyiKJXEXWpQ== ;{id = 61050}
;rrset 48895 1 0 1 0
d0.org.afilias-nst.org. 48895 IN A 199.19.57.1
;rrset 48895 1 0 1 0
d0.org.afilias-nst.org. 48895 IN AAAA 2001:500:f::1
;rrset 48895 1 0 1 0
c0.org.afilias-nst.info. 48895 IN A 199.19.53.1
;rrset 48895 1 0 1 0
c0.org.afilias-nst.info. 48895 IN AAAA 2001:500:b::1
;rrset 48895 1 0 1 0
b2.org.afilias-nst.org. 48895 IN A 199.249.120.1
;rrset 48895 1 0 1 0
b2.org.afilias-nst.org. 48895 IN AAAA 2001:500:48::1
;rrset 48895 1 0 1 0
b0.org.afilias-nst.org. 48895 IN A 199.19.54.1
;rrset 48895 1 0 1 0
b0.org.afilias-nst.org. 48895 IN AAAA 2001:500:c::1
;rrset 48895 1 0 1 0
a2.org.afilias-nst.info. 48895 IN A 199.249.112.1
;rrset 48895 1 0 1 0
a2.org.afilias-nst.info. 48895 IN AAAA 2001:500:40::1
;rrset 48895 1 0 1 0
a0.org.afilias-nst.info. 48895 IN A 199.19.56.1
;rrset 48895 1 0 1 0
a0.org.afilias-nst.info. 48895 IN AAAA 2001:500:e::1
Delegation with 6 names, of which 0 can be examined to query further addresses.
It provides 12 IP addresses.
2001:500:e::1 rto 376 msec, ttl 492, ping 0 var 94 rtt 376, tA 0, tAAAA 0, tother 0, EDNS 0 assumed.
199.19.56.1 not in infra cache.
2001:500:40::1 rto 376 msec, ttl 492, ping 0 var 94 rtt 376, tA 0, tAAAA 0, tother 0, EDNS 0 assumed.
199.249.112.1 not in infra cache.
2001:500:c::1 rto 376 msec, ttl 492, ping 0 var 94 rtt 376, tA 0, tAAAA 0, tother 0, EDNS 0 assumed.
199.19.54.1 rto 265 msec, ttl 492, ping 5 var 65 rtt 265, tA 0, tAAAA 0, tother 0, EDNS 0 probed.
2001:500:48::1 rto 376 msec, ttl 492, ping 0 var 94 rtt 376, tA 0, tAAAA 0, tother 0, EDNS 0 assumed.
199.249.120.1 not in infra cache.
2001:500:b::1 rto 376 msec, ttl 492, ping 0 var 94 rtt 376, tA 0, tAAAA 0, tother 0, EDNS 0 assumed.
199.19.53.1 not in infra cache.
2001:500:f::1 not in infra cache.
199.19.57.1 not in infra cache.
Ok. I noticed that unbound was not install on my Debian installation
unbound-control lookup nethserver.org
-bash: unbound-control: command not found
So i’ve now install unbound
apt install unbound
De volgende NIEUWE pakketten zullen geïnstalleerd worden:
dns-root-data libevent-2.1-7 libpython3.11 unbound
But no output
unbound-control lookup nethserver.org
The following name servers are used for lookup of nethserver.org.
no delegation from cache; goes to configured roots
I forgot to write the runagent ... podman usual vodoo.
I corrected my previous post here: Nethesis Forum Mails are marked as spam - #17 by davidep
It’s better to remove it, no additional package is required on the host OS.
root@ns8:~# runagent -m mail1 podman exec rspamd unbound-control lookup nethserv er.org
The following name servers are used for lookup of nethserver.org.
no delegation from cache; goes to configured roots