Rspamd allow IP whitelist

Ya_Ley · January 26, 2019, 3:45am

NethServer Version: 7.6
Module: Mail Filter
Hello

Please advice how to set rspamd allow IP whitelist

Thank you

robb · January 26, 2019, 11:23am

There is a module for RSPAMD so you can whitelist UP addresses:

gist.github.com

https://gist.github.com/ThomasLeister/f41adad98bb46d0c8418de50b5efb4a0

rspamd-whitelisting.md

## Whitelist IP addresses based on pre-filter policy

/etc/rspamd/local.d/multimap.conf:

```
  IP_WHITELIST {
      type = "ip";
      prefilter = "true";
      map = "/${LOCAL_CONFDIR}/local.d/ip_whitelist.map";
      action = "accept";

This file has been truncated. show original

@stephdl can you comment on this. Is this module implemented in NS rspamd?

stephdl · January 26, 2019, 11:33am

The idea is good we already use a template for /etc/rspamd/local.d/multimap.conf, you should create a fragment and store the map file to /var/lib/rspamd/IP.map

for example /etc/e-smith/templates/etc/rspamd/local.d/multimap.conf/20IpWhitelisting

after that, restart rspamd (signal-event nethserver-mail-filter-save)and use the WEB UI, you could modify the map inside the web rspamd interface

Ya_Ley · January 29, 2019, 2:28am

Hello

vi /etc/e-smith/templates/etc/rspamd/local.d/multimap.conf/20IpWhitelisting

IP_WHITELIST {
type = “ip”;
prefilter = “true”;
map = “/${LOCAL_CONFDIR}/local.d/ip_whitelist.map”;
action = “accept”;

touch /etc/rspamd/local.d/ip_whitelist.map
chmod o+w /etc/rspamd/local.d/ip_whitelist.map
expand-template /etc/rspamd/local.d/multimap.conf
systemctl restart rspamd

Is it correct ?
Thank you

stephdl · January 29, 2019, 5:11am

Move the map to /var/lib/rspamd, Write the complete path to the map, chown to the rspamd user too and expand with the event nethserver-filter-save. This event takes care to expand the templates and restart rspamd

Ya_Ley · January 29, 2019, 6:32am

Hello
Still confusing
cat > /etc/e-smith/templates-custom/etc/rspamd/local.d/multimap.conf/20IpWhitelisting <<EOF
IP_WHITELIST { type = “ip”;prefilter = “true”;map = “$LOCAL_CONFDIR/local.d/ip_whitelist.map”;action = “accept”;}
EOF
touch /var/lib/rspamd/ip_whitelist.map
chmod o+w /var/lib/rspamd/ip_whitelist.map
expand-template /etc/rspamd/local.d/multimap.conf
systemctl restart rspamd

and modify the map inside the web rspamd interface ?

stephdl · January 29, 2019, 7:51am

In your fragment write the full path to the map

Ya_Ley · January 29, 2019, 7:58am

cat > /etc/e-smith/templates-custom/etc/rspamd/local.d/multimap.conf/20IpWhitelisting <<EOF
IP_WHITELIST { type = “ip”;prefilter = “true”;map = “/var/lib/rspamd/ip_whitelist.map”;action = “accept”;}
EOF

stephdl · January 29, 2019, 8:05am

Should be good, fill your map with Ip and when you receive the email with IP from the map, then check the headers of the email. Score should be zero

Ya_Ley · January 29, 2019, 8:38am

Thank you so much

stephdl · May 3, 2019, 3:36pm

For your information, we are implementing this feature, thank to @filippo_carletti and @davidep, all IP listed in the text area of the smtp access will be whitelisted and do not checked against spam/antivirus.

As ever, please test and shout if something is wrong

pike · May 3, 2019, 4:57pm

Hint: add comment into contextual help or into configuration window…

Ip addresses listed will be allowed to relay and whitelisted in antispam system (if installed)

davidep · May 6, 2019, 7:55am

I think it is not necessary to clarify it; the goal of this enhancement is to make the system work as expected. By reading the documentation:

For instance, there are some devices (printers, scanners, …) that do not support SMTP authentication, encryption or port settings. Those can be enabled to send email messages by listing their IP address in Allow relay from IP addresses text area.

http://docs.nethserver.org/en/v7/mail.html#special-smtp-access-policies

That devices class includes also those applications that don’t respect SMTP and MIME standards and configurations properly and get blocked by the anti-spam checks.

pike · May 6, 2019, 11:32am

I was instead thinking in the documentation should be written, not implied, because relay the message is operated by to MTA, whitelist/spam marking is related to antispam engine.

For end users “it’s all the same, the mail server”. For tech people, by my point of view, no.

davidep · May 6, 2019, 1:37pm

Just added a warning note to the manual: https://github.com/NethServer/docs/commit/aa1f452a32a397dca2ef8d612771f7fd2f68ab69

saitobenkei · May 18, 2019, 8:38am

Nice (sarcastic), this implementation conflicts with my template custom of WHITELIST_IP (I found out after all the e-mails sent by whitelisted IP ended up in spam after a rspamd update).

So I have to recheck all my installations around.

stephdl · May 18, 2019, 9:15am

Really sorry nicolas, I will try to keep in mind to warn maybe better and probably to wait longer before to release a feature asked by the community, because of custom-template
cc @dev_team

@all, please check again this,all IPs in the smtp textarea (allow relay from IP) are allowed to send email without spam/virus checks