Rspamd quarantine feature

rspamd

(Gabriel GHEORGHIU) #21

Some examples:


(Stéphane de Labrusse) #22

We reached a consensus, we will develop a beta rpm to evaluate the quarantine inside nethserver
thank @robb, @davidep and @GG_jr


(Stéphane de Labrusse) #23

yum install http://packages.nethserver.org/nethserver/7.5.1804/autobuild/x86_64/Packages/nethserver-mail-quarantine-2.3.0-1.12.pr83.g5a4f6f5.ns7.noarch.rpm --enablerepo=nethserver-testing

you will upgrade to 1.8.0

You must set a local email account and enable the quarantine, this email is not checked against spam. If you want to send all spam to external account, make sure this email will accept spam

config setprop rspamd QuarantineAccount user@domain.org QuarantineStatus enabled

you could also enable the email notification to postmaster (root alias) when emails are rejected

config setprop rspamd SpamNotificationStatus enabled

then expand and restart the service

signal-event nethserver-mail-quarantine-save

two templates are expanded, please check them, rspamd is restarted/reloaded

/etc/rspamd/local.d/settings.conf
/etc/rspamd/local.d/metadata_exporter.conf

you could review the email moved to quarantine by using a webmail, all notifications are sent to postmaster (root alias)


(Gabriel GHEORGHIU) #24

The first two notifications!

:clap::clap::clap:


(Stéphane de Labrusse) #25

Do you have some news on it, bugs , NFR, issues
My spam collection is nice :smiley:

testers needed here


#26

sorry i forgot to answer (well i forget a lot of things
:smirk:) anyway, on my mail server i installed

  • rspamd 1.80 5 days ago and is working fine
  • quarantine installed and enabled 2 days ago,
    not a lot of spam here, but notification and quarantine email seems to work correctly

as always tnx


(Stéphane de Labrusse) #27

probably one side effect
I have the feeling that since the spams are accepted and not rejected, I receive more spams



(Stéphane de Labrusse) #28

did you have time to test the implementation @robb ?


(Markus Neuberger) #29

Got my first spam mail today, the spam mailbox works and the mail to root works as well. Rspamd history shows the reject and the move to quarantine. :+1:


(Rob Bosch) #30

Not yet, didn’t have time yet to implement it. Hopefully I can install it this weekend. Will report back then



(Rob Bosch) #31

I just installed the update. I created an alias for my own account to send the spam to. In my mailclient I created a rule to move all mails from that alias to a created folder called quarantine. The alias is marked as local only.
Let’s see what will happen



(Stéphane de Labrusse) #32

If you want to speed up the test, I could send you some nice spams, coming from my private collection :slight_smile:


(Rob Bosch) #33

Did I configure this wrong or is there something wrong with the package?
After a few days running, I see the following occur:

  • about 25K messages with subject “Spam moved to quarantine” (and that a few 100 times in the subject) delivered to postmaster@domain.tld
    When I delete those messages, they are delivered AGAIN. (and again, and again)
  • Messages that were spam before are now not marked as spam and delivered to my personal mailbox. (all sorts of “girls” that would like things that I am not interested in with them
 you know the drill)

Is this normal behavior of the quarantine feature? Did I configure it wrong? Should the module change it’s behavior?


(Stéphane de Labrusse) #34

You tried an alias, try a real mailbox instead
I would prefer to have a specific account (let’s call it spam@domain.org) because the quarantine is authorised to receive spam so your real account will receive all the spam of the world.

Maybe my documentation is not enough clear of that
thank to confirm it


(Rob Bosch) #35

Then remains the question why are the notifications being sent over and over again?
After I deleted them from my mailclient, they are sent over again. Looks like these notifications are not removed from the source after they have been sent.


(Stéphane de Labrusse) #36

let me try to reproduce, I never tested with an alias


(Stéphane de Labrusse) #37

Of course it works as expected on my server with an alias, the contrary would be fun :stuck_out_tongue:

this let me think the account was not allowed to receive spam, so when the spam comes, it is rejected, since a spam is rejected then it is sent again and again.

this is normal, the account is allowed to receive spam, so unfortunately you cannot sort wanted and unwanted spam
but
but why the notification above :-?

could you post the command:

config show rspamd
cat /etc/rspamd/local.d/settings.conf
cat /etc/rspamd/local.d/metadata_exporter.conf
show me the account used to receive spam (here spam2, do it for the real user please)
db accounts show spam2@domain.com

what I did to enable the quarantine is

config setprop rspamd QuarantineAccount spam2@domain.com QuarantineStatus enabled SpamNotificationStatus enabled
signal-event nethserver-mail-quarantine-save

spam2@domain.com is an alias of spam@domain.com


(Stéphane de Labrusse) #38

also the rpm is now : yum install http://packages.nethserver.org/nethserver/7.5.1804/autobuild/x86_64/Packages/nethserver-mail-quarantine-2.3.0-1.12.pr83.g5a4f6f5.ns7.noarch.rpm


(Rob Bosch) #39

config show rspamd:

rspamd=service
BlockAttachmentClassList=Exec
BlockAttachmentCustomList=doc,odt
BlockAttachmentCustomStatus=disabled
BlockAttachmentStatus=enabled
Password=hUlsBhcUe4ESUCu3
QuarantineAccount=quarantine@domain.tld
QuarantineSelector=is_reject
QuarantineStatus=enabled
RecipientWhiteList=
SenderBlackList=
SenderWhiteList=
SpamCheckStatus=enabled
SpamGreyLevel=4
SpamKillLevel=20
SpamNotification=disabled
SpamNotificationStatus=enabled
SpamSubjectPrefixStatus=enabled
SpamSubjectPrefixString=SPAM
SpamTag2Level=6
VirusAction=reject
VirusCheckStatus=enabled
VirusScanOnlyAttachment=false
VirusScanSize=20000000
status=enabled

cat /etc/rspamd/local.d/settings.conf:

cat /etc/rspamd/local.d/settings.conf
================= DO NOT MODIFY THIS FILE =================
Manual changes will be lost when this file is regenerated.
Please read the developer’s guide, which is available
at NethServer official site: https://www.nethserver.org
whitelist the spam receiver account
whitelist {
priority = hight;
rcpt = “quarantine@domain.tld”;
want_spam = yes;
}

cat /etc/rspamd/local.d/metadata_exporter.conf

cat /etc/rspamd/local.d/metadata_exporter.conf
================= DO NOT MODIFY THIS FILE =================
Manual changes will be lost when this file is regenerated.
Please read the developer’s guide, which is available
at NethServer official site: https://www.nethserver.org
Refer to https://rspamd.com/doc/modules/metadata_exporter.html for information on configuration
rules {
QUARANTINE {
backend = “send_mail”;
smtp = “127.0.0.1”;
mail_to = “quarantine@interlin.nl”;
mail_from = “quarantine@interlin.nl”;
helo = “ns7.interlin.nl”;
selector = “is_reject”; # could be “is_reject” or “is_spam”
formatter = “default”;
}
SPAM_NOTIFICATION {
backend = “send_mail”;
smtp = “127.0.0.1”;
mail_to = “postmaster@domain.tld”;
mail_from = “no-reply@domain.tld”;
helo = “server.domain.tld”;
selector = “is_reject”; # could be “is_reject” or “is_spam”
formatter = “email_alert”;
email_template = <<EOL
From: Rspamd <$mail_from>
To: <$mail_to>
Subject: Spam moved to quarantine: $header_subject
Date: $date
MIME-Version: 1.0
Message-ID: <$our_message_id>
Content-type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
Authenticated username: $user
IP: $ip
Queue ID: $qid
SMTP FROM: $from
SMTP RCPT: $rcpt
MIME From: $header_from
MIME To: $header_to
MIME Date: $header_date
Subject: $header_subject
Message-ID: $message_id
Action: $action
Score: $score
EOL
}
end of rules
}

db accounts show quarantine@domain.tld:

quarantine@domain.tld=pseudonym
Access=private
Account=myaccount@domain.tld
Description=quarantine address

So basically you suggest to create a new (local?) account with an email address. My question would be: those notifications, would be delivered to that address. I will not receive them in my own mailaddres, but that spam account will be filled quite drastically

Do I understand correctly that in order to override an email message that is amrked as spam, I have to log into that account and forward (or what else) that to my own mailaddres?
That might be a bit too cumbersome



(Stéphane de Labrusse) #40

yes, the idea is to use a dedicated account for this, notifications are sent to postmaster (root)

I tried to receive the spam on my account
it is simply not possible to open your mailbox with a friend, you son or your wife without hours of explanation :smiley:

no an external account is needed here.

Once received to the spam account, yes, if it is not a spam, yes could forward it to the good recipient.

How do you understand it should be ?