Rspamd not rejecting but bouncing

This is my 1st posting - please forgive if wrong formatted

From my maillog:

> postfix/smtpd: qid: client=localhost[127.0.0.1]
> postfix/cleanup: qid: message-id=<ID>
> rspamd: <d38e47>; proxy; rspamd_message_parse: loaded message; id: <ID>; queue-id: < qid >; size: 28939; checksum: <3..8>
> rspamd: <d38e47>; proxy; rspamd_task_write_log: id: <ID>, qid: < qid >, ip: 127.0.0.1, from: <FROMADRESS>, (default: F (no action): [3.50/6.00] [FROM_EXCESS_BASE64(1.50){},TO_EXCESS_BASE64(1.50){},MID_RHS_NOT_FQDN(0.50){},MIME_BASE64_TEXT(0.10){},MIME_GOOD(-0.10){multipart/alternative;text/plain;},FROM_EQ_ENVFROM(0.00){},FROM_HAS_DN(0.00){},RCPT_COUNT_TWO(0.00){2;},RCVD_COUNT_ZERO(0.00){0;},RCVD_TLS_ALL(0.00){},TO_DN_NONE(0.00){},TO_MATCH_ENVRCPT_SOME(0.00){}]), len: 28939, time: 72.093ms real, 12.262ms virtual, dns req: 0, digest: <3..8>, rcpts: < TOADRESS >, mime_rcpt: <=?utf-8?B?aGFuZA==?=@MY.SERVER:DNS>
> postfix/qmgr: qid: from=< FROMADRESS >, size=29151, nrcpt=1 (queue active)
> postfix/smtp: 8033A3 qid 032EAF: to=< TOADRESS >, relay=MY.RELAY.DNS:587, delay=1.5, delays=0.76/0.01/0.33/0.44, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as 81A326F61C4)
> postfix/qmgr: qid: removed

That means my server is active sending out mails.
And this mails might get me on blacklists.

My question:
Can rejecting be disabled?

Sorry I don’t understand… A reject code is better than sending back a bounce. Do you see bounce messages originating from NethServer? Can you attach one of them? What’s in maillog from Postfix?

Yes (if I understand that correct) my nethserver bounces => sent in the above example a message with FROMADRESS someone@mail.ru to TOADRESS someone@melnikovmd.ru

And I think my server only handled that because it was sent to
mime_rcpt: =?utf-8?B?aGFuZA==?=@MY.SERVER.DNS

I’d like to have reject, but if behaves in the above way I’d rather like to disable it

Not really time today, really sorry for that but in the example above I read a no action (score under 6)…normally we set it to 15…your mail was accepted by rspamd. I could misunderstood of course

I do not understand why you spoke about reject ?

1 Like

Sorry - I think that I posted to fast… will study my logs in deep.
And if I understand what happened respond back

2 Likes

this is a full transaction log (on my server) of a message rejected because the score was higher than the spam level

please check and comment @davidep and @PerpetuumMobile

I misinterpreted the log
Because of the last lines in the maillog
smtp: to=<children@ aDomain>, … status=sent
and having from=<caefisfelltranun@ bDomain> (none of my domains)
=> i thought that is bouncing an incoming message

Than I recogniced:
18:29:41 inuit postfix/smtpd[]: connect from localhost[127.0.0.1]

“why from localhost” ?
At the same time in other logs

/var/log/messages
May 11 18:29:41 inuit sshd[14926]: error: connect_to 185.26.123.232 port 25: failed.

und in httpd/error_log a huge number of this entries at the same time:
Fri May 11 18:29:41…PHP Fatal error: require_once(): Failed opening required ‘/var/lib/nethserver/vhost/ixpert.at/cloud/conf/bootstrap_context.php’ (include_path=’.:/usr/share/pear:/usr/share/php’) in /var/lib/nethserver/vhost/ixpert.at/cloud/base.conf.php on line 27

The folder “cloud” was an old pydio instance that I did not use for a long time
Never on nethserver => was transferred from my macOS machine with the other vhost content

I deleted that => No such pattern as before since that

before:
cat /var/log/maillog | grep “<=?utf-8?” | wc -l
327

cat /var/log/maillog | grep “ru>” | grep “rcpts:” | wc -l
327

in that mime_rcpt Part:
mime_rcpt: <=?utf-8?B?aW5mbw==?=@ myserverDNS>
mime_rcpt: <=?utf-8?B?cnM=?=@ myserverDNS>
mime_rcpt: <=?utf-8?B?cmVjZXA=?=@ myserverDNS> … usw

The complete section of such an issue:

/var/log/maillog

Summary

May 11 18:29:41 inuit postfix/smtpd[16699]: connect from localhost[127.0.0.1]
May 11 18:29:41 inuit rspamd[2528]: ; proxy; proxy_accept_socket: accepted milter connection from /var/run/rspamd/worker-proxy port 0
May 11 18:29:42 inuit postfix/smtpd[16699]: 99A4530032E97: client=localhost[127.0.0.1]
May 11 18:29:42 inuit rspamd[2528]: ; milter; rspamd_milter_process_command: got connection from 127.0.0.1:35492
May 11 18:29:42 inuit postfix/cleanup[16685]: 99A4530032E97: message-id=
May 11 18:29:43 inuit rspamd[2528]: ; proxy; rspamd_mime_part_detect_language: detected part language: ru
May 11 18:29:43 inuit rspamd[2528]: ; proxy; rspamd_message_parse: loaded message; id: ; queue-id: <99A4530032E97>; size: 22281; checksum:
May 11 18:29:43 inuit rspamd[2528]: ; proxy; dkim_symbol_callback: skip DKIM checks for local networks and authorized users
May 11 18:29:43 inuit rspamd[2528]: ; proxy; spf_symbol_callback: skip SPF checks for local networks and authorized users
May 11 18:29:43 inuit rspamd[2528]: ; lua; once_received.lua:84: Skipping once_received for authenticated user or local network
May 11 18:29:43 inuit rspamd[2528]: ; lua; dmarc.lua:218: skip DMARC checks for local networks and authorized users
May 11 18:29:43 inuit rspamd[2528]: ; lua; ip_score.lua:312: skip IP Score for local networks and authorized users
May 11 18:29:43 inuit rspamd[2528]: ; lua; replies.lua:113: storing message-id for replies check
May 11 18:29:43 inuit rspamd[2528]: ; proxy; rspamd_task_write_log: id: , qid: <99A4530032E97>, ip: 127.0.0.1, from: <caefisfelltranun@ bDomain>, (default: F (rewrite subject): [7.06/6.00] [BAYES_SPAM(3.56){98.56%;},FROM_EXCESS_BASE64(1.50){},TO_EXCESS_BASE64(1.50){},MID_RHS_NOT_FQDN(0.50){},MIME_BASE64_TEXT(0.10){},MIME_GOOD(-0.10){multipart/alternative;text/plain;},FROM_EQ_ENVFROM(0.00){},FROM_HAS_DN(0.00){},RCPT_COUNT_TWO(0.00){2;},RCVD_COUNT_ZERO(0.00){0;},RCVD_TLS_ALL(0.00){},TO_DN_NONE(0.00){},TO_MATCH_ENVRCPT_SOME(0.00){}]), len: 22281, time: 110.548ms real, 7.291ms virtual, dns req: 0, digest: , rcpts: <children@ aDomain>, mime_rcpt: <=?utf-8?B?Y2hpbGRyZW4=?=@ myserverDNS>
May 11 18:29:43 inuit rspamd[2528]: ; proxy; rspamd_protocol_http_reply: regexp statistics: 46 pcre regexps scanned, 6 regexps matched, 172 regexps total, 9 regexps cached, 71.24k bytes scanned using pcre, 71.24k bytes scanned total
May 11 18:29:43 inuit postfix/qmgr[1811]: 99A4530032E97: from=<caefisfelltranun@ bDomain>, size=22491, nrcpt=1 (queue active)
May 11 18:29:43 inuit postfix/smtp[16786]: Untrusted TLS connection established to asmtp.drei.at[213.94.80.8]:587: TLSv1 with cipher ADH-AES256-SHA (256/256 bits)
May 11 18:29:43 inuit postfix/smtpd[16699]: disconnect from localhost[127.0.0.1]
May 11 18:29:43 inuit rspamd[2528]: <8af855>; proxy; proxy_milter_finish_handler: finished milter connection
May 11 18:29:44 inuit postfix/smtp[16786]: 99A4530032E97: to=<children@ aDomain>, relay=asmtp.drei.at[213.94.80.8]:587, delay=1.7, delays=0.7/0.01/0.39/0.63, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as C5F876F61C4)
May 11 18:29:44 inuit postfix/qmgr[1811]: 99A4530032E97: removed