Rspamd quarantine feature

Then remains the question why are the notifications being sent over and over again?
After I deleted them from my mailclient, they are sent over again. Looks like these notifications are not removed from the source after they have been sent.

1 Like

let me try to reproduce, I never tested with an alias

Of course it works as expected on my server with an alias, the contrary would be fun :stuck_out_tongue:

this let me think the account was not allowed to receive spam, so when the spam comes, it is rejected, since a spam is rejected then it is sent again and again.

this is normal, the account is allowed to receive spam, so unfortunately you cannot sort wanted and unwanted spam…but…but why the notification above :-?

could you post the command:

config show rspamd
cat /etc/rspamd/local.d/settings.conf
cat /etc/rspamd/local.d/metadata_exporter.conf
show me the account used to receive spam (here spam2, do it for the real user please)
db accounts show spam2@domain.com

what I did to enable the quarantine is

config setprop rspamd QuarantineAccount spam2@domain.com QuarantineStatus enabled SpamNotificationStatus enabled
signal-event nethserver-mail-quarantine-save

spam2@domain.com is an alias of spam@domain.com

also the rpm is now : yum install http://packages.nethserver.org/nethserver/7.5.1804/autobuild/x86_64/Packages/nethserver-mail-quarantine-2.3.0-1.12.pr83.g5a4f6f5.ns7.noarch.rpm

config show rspamd:

rspamd=service
BlockAttachmentClassList=Exec
BlockAttachmentCustomList=doc,odt
BlockAttachmentCustomStatus=disabled
BlockAttachmentStatus=enabled
Password=hUlsBhcUe4ESUCu3
QuarantineAccount=quarantine@domain.tld
QuarantineSelector=is_reject
QuarantineStatus=enabled
RecipientWhiteList=
SenderBlackList=
SenderWhiteList=
SpamCheckStatus=enabled
SpamGreyLevel=4
SpamKillLevel=20
SpamNotification=disabled
SpamNotificationStatus=enabled
SpamSubjectPrefixStatus=enabled
SpamSubjectPrefixString=SPAM
SpamTag2Level=6
VirusAction=reject
VirusCheckStatus=enabled
VirusScanOnlyAttachment=false
VirusScanSize=20000000
status=enabled

cat /etc/rspamd/local.d/settings.conf:

cat /etc/rspamd/local.d/settings.conf
================= DO NOT MODIFY THIS FILE =================
Manual changes will be lost when this file is regenerated.
Please read the developer’s guide, which is available
at NethServer official site: https://www.nethserver.org
whitelist the spam receiver account
whitelist {
priority = hight;
rcpt = “quarantine@domain.tld”;
want_spam = yes;
}

cat /etc/rspamd/local.d/metadata_exporter.conf

cat /etc/rspamd/local.d/metadata_exporter.conf
================= DO NOT MODIFY THIS FILE =================
Manual changes will be lost when this file is regenerated.
Please read the developer’s guide, which is available
at NethServer official site: https://www.nethserver.org
Refer to https://rspamd.com/doc/modules/metadata_exporter.html for information on configuration
rules {
QUARANTINE {
backend = “send_mail”;
smtp = “127.0.0.1”;
mail_to = “quarantine@interlin.nl”;
mail_from = “quarantine@interlin.nl”;
helo = “ns7.interlin.nl”;
selector = “is_reject”; # could be “is_reject” or “is_spam”
formatter = “default”;
}
SPAM_NOTIFICATION {
backend = “send_mail”;
smtp = “127.0.0.1”;
mail_to = “postmaster@domain.tld”;
mail_from = “no-reply@domain.tld”;
helo = “server.domain.tld”;
selector = “is_reject”; # could be “is_reject” or “is_spam”
formatter = “email_alert”;
email_template = <<EOL
From: Rspamd <$mail_from>
To: <$mail_to>
Subject: Spam moved to quarantine: $header_subject
Date: $date
MIME-Version: 1.0
Message-ID: <$our_message_id>
Content-type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
Authenticated username: $user
IP: $ip
Queue ID: $qid
SMTP FROM: $from
SMTP RCPT: $rcpt
MIME From: $header_from
MIME To: $header_to
MIME Date: $header_date
Subject: $header_subject
Message-ID: $message_id
Action: $action
Score: $score
EOL
}
end of rules
}

db accounts show quarantine@domain.tld:

quarantine@domain.tld=pseudonym
Access=private
Account=myaccount@domain.tld
Description=quarantine address

So basically you suggest to create a new (local?) account with an email address. My question would be: those notifications, would be delivered to that address. I will not receive them in my own mailaddres, but that spam account will be filled quite drastically…
Do I understand correctly that in order to override an email message that is amrked as spam, I have to log into that account and forward (or what else) that to my own mailaddres?
That might be a bit too cumbersome…

1 Like

yes, the idea is to use a dedicated account for this, notifications are sent to postmaster (root)

I tried to receive the spam on my account…it is simply not possible to open your mailbox with a friend, you son or your wife without hours of explanation :smiley:

no an external account is needed here.

Once received to the spam account, yes, if it is not a spam, yes could forward it to the good recipient.

How do you understand it should be ?

1 Like

maybe in some case it is incompatible, quarantine@domain.tld is whitelisted but the end recipient is myaccount@domain.tld

That’s because it is an alias…

I will try to set it up with a dedicated account/mailaddress. But to be honest I am not convinced this will work that great, since there is a need to log into the spam account and then go through the list of spam mails.

In my mind I had the idea of getting a digest of spam mails from which I can choose (by clicking a link in that digest mail) to mark messages as not spam and thus they get delivered.

I am sorry but this is out of the scope due to the amount of work, or at least not now :frowning:

you could set up an imap account to your thunderbird or equivalent to receive spam

eventually we could set a specific account to receive the notification, instead of postmaster it could be robb@domain.com, with the title and the spam score you could understand what is the content

works also with a shared mailboxe, just created in Email addresses > Shared Mailboxes

2 Likes

I thought first that the email was not rejected and the side effect is that the spam sender continues to send again and again spam, I am not sure now… I can see the spam sent rejected by my server but of course moved to the quarantine account.

Erreur signalée : *550 5.7.350 Remote server returned message detected as spam -&gt; 554 5.7.1 Spam message rejected*

So in short the spam is seen rejected for the sender, but moved to the quarantine account.

it works well for account on the NS, as a dedicated user mailbox or a shared mailbox

testers needed to validate the work, please read the QA at


and

really thank you in advance

PS: as a side note, a virus found goes to quarantine

2 Likes

Should be added to the manual! There’s an open PR: who wants to do it? /cc @robb @GG_jr

:pencil2: Just follow this link and start edit it: https://github.com/stephdl/docs/edit/quarantine/administrator-manual/en/mail.rst?pr=%2FNethServer%2Fdocs%2Fpull%2F371

1 Like

Released.

2 Likes

What do I have to do to quarantine blocked office documents? does the user “spam” have to be an AD account? Is the user “spam” an IMAP user or can the user RSPAM login?
Sorry the question, the function is not really clear to me yet, I tried the documentation, but can’t get any further. Please give mnir some more startup help

http://docs.nethserver.org/en/latest/mail.html?highlight=quarantine#quarantine-beta

The documentation stated, create a real user or use a shared mailbox.

Sorry, I thought it was a user and not a public folder.

how can i best test it locally, so that an attachment runs in the spam folder, the signature “XJSC4JDBQADN1.NSBN32IDNENGTUBE-STANDARD-ANTI-UBE-TEST-EMAILC.34X” will not be sent at all

this is a special signature, well known to test antispam, the rspamd behaviour is not the same for this, for example even if you stop the spam filtering it is always rejected.

Wait some time, when you see a rejection in the rspamd history, then the quarantine must work