NethServer Version: 7.6
Module: Mail Filter
Hello
Please advice how to set rspamd allow IP whitelist
Thank you
NethServer Version: 7.6
Module: Mail Filter
Hello
Please advice how to set rspamd allow IP whitelist
Thank you
There is a module for RSPAMD so you can whitelist UP addresses:
@stephdl can you comment on this. Is this module implemented in NS rspamd?
The idea is good we already use a template for /etc/rspamd/local.d/multimap.conf, you should create a fragment and store the map file to /var/lib/rspamd/IP.map
for example /etc/e-smith/templates/etc/rspamd/local.d/multimap.conf/20IpWhitelisting
after that, restart rspamd (signal-event nethserver-mail-filter-save
)and use the WEB UI, you could modify the map inside the web rspamd interface
Hello
vi /etc/e-smith/templates/etc/rspamd/local.d/multimap.conf/20IpWhitelisting
IP_WHITELIST {
type = “ip”;
prefilter = “true”;
map = “/${LOCAL_CONFDIR}/local.d/ip_whitelist.map”;
action = “accept”;
touch /etc/rspamd/local.d/ip_whitelist.map
chmod o+w /etc/rspamd/local.d/ip_whitelist.map
expand-template /etc/rspamd/local.d/multimap.conf
systemctl restart rspamd
Is it correct ?
Thank you
Move the map to /var/lib/rspamd, Write the complete path to the map, chown to the rspamd user too and expand with the event nethserver-filter-save. This event takes care to expand the templates and restart rspamd
Hello
Still confusing
cat > /etc/e-smith/templates-custom/etc/rspamd/local.d/multimap.conf/20IpWhitelisting <<EOF
IP_WHITELIST { type = “ip”;prefilter = “true”;map = “$LOCAL_CONFDIR/local.d/ip_whitelist.map”;action = “accept”;}
EOF
touch /var/lib/rspamd/ip_whitelist.map
chmod o+w /var/lib/rspamd/ip_whitelist.map
expand-template /etc/rspamd/local.d/multimap.conf
systemctl restart rspamd
and modify the map inside the web rspamd interface ?
In your fragment write the full path to the map
cat > /etc/e-smith/templates-custom/etc/rspamd/local.d/multimap.conf/20IpWhitelisting <<EOF
IP_WHITELIST { type = “ip”;prefilter = “true”;map = “/var/lib/rspamd/ip_whitelist.map”;action = “accept”;}
EOF
Should be good, fill your map with Ip and when you receive the email with IP from the map, then check the headers of the email. Score should be zero
Thank you so much
For your information, we are implementing this feature, thank to @filippo_carletti and @davidep, all IP listed in the text area of the smtp access will be whitelisted and do not checked against spam/antivirus.
As ever, please test and shout if something is wrong
Hint: add comment into contextual help or into configuration window…
Ip addresses listed will be allowed to relay and whitelisted in antispam system (if installed)
I think it is not necessary to clarify it; the goal of this enhancement is to make the system work as expected. By reading the documentation:
For instance, there are some devices (printers, scanners, …) that do not support SMTP authentication, encryption or port settings. Those can be enabled to send email messages by listing their IP address in Allow relay from IP addresses text area.
http://docs.nethserver.org/en/v7/mail.html#special-smtp-access-policies
That devices class includes also those applications that don’t respect SMTP and MIME standards and configurations properly and get blocked by the anti-spam checks.
I was instead thinking in the documentation should be written, not implied, because relay the message is operated by to MTA, whitelist/spam marking is related to antispam engine.
For end users “it’s all the same, the mail server”. For tech people, by my point of view, no.
Just added a warning note to the manual: https://github.com/NethServer/docs/commit/aa1f452a32a397dca2ef8d612771f7fd2f68ab69
Nice (sarcastic), this implementation conflicts with my template custom of WHITELIST_IP (I found out after all the e-mails sent by whitelisted IP ended up in spam after a rspamd update).
So I have to recheck all my installations around.
Really sorry nicolas, I will try to keep in mind to warn maybe better and probably to wait longer before to release a feature asked by the community, because of custom-template
cc @dev_team
@all, please check again this,all IPs in the smtp textarea (allow relay from IP) are allowed to send email without spam/virus checks