Rspamd whitelist

mail2
rspamd
(Paolo) #1

NethServer Version: 7.5.1804 (Core)
Module: rspamd 1.7.8

It seems that recent updates of my nethserver mail server changed the way rspamd manage outgoing mail.
Before this update, mails that come from LAN weren’t checked (no X-* headers), now They are checked and they are marked as spam:

X-Spam-Flag: Yes
X-Rspamd-Queue-Id: 8F1794B
X-Spamd-Result: default: False [11.99 / 20.00];
FROM_HAS_DN(0.00)[];
RCPT_COUNT_ONE(0.00)[1];
R_SPF_SOFTFAIL(0.00)[~all];
RDNS_NONE(1.00)[];
TO_DN_NONE(0.00)[];
RCVD_COUNT_ZERO(0.00)[0];
HFILTER_HOSTNAME_UNKNOWN(2.50)[];
TO_MATCH_ENVRCPT_ALL(0.00)[];
MX_GOOD(-0.01)[cached: mx.domain.tld];
HFILTER_HELO_BADIP(4.50)[192.168.2.223,1];
DMARC_NA(0.00)[domain.tld];
MID_RHS_MATCH_FROM(0.00)[];
R_DKIM_NA(0.00)[];
ONCE_RECEIVED(0.10)[];
RCVD_TLS_ALL(0.00)[];
ONCE_RECEIVED_STRICT(4.00)[];
FROM_EQ_ENVFROM(0.00)[];
DIRECT_TO_MX(0.00)[Mozilla/5.0 (Windows NT 6.1;
WOW64;
rv:52.0) Gecko/20100101 Thunderbird/52.9.1];
MIME_GOOD(-0.10)[multipart/alternative,text/plain]
X-Rspamd-Server: posta.domain.tld
X-Spam: Yes

Is there a simple way to whitelist the internal nets?

Thanks, P.

(Gabriel GHEORGHIU) #2

Hi @PaulVM,

Configuration -> Email -> Filter -> Rules by mail address -> New allow From: yourdomain.tld

Works for me.

Gabriel

(Paolo) #3

Not so intuitive (IMHO), but it works. Thanks.

Now in the header I have:

X-Rspamd-Queue-Id: 39F91347
X-Spamd-Result: default: False [0.00 / 20.00];
FROM_DOMAINS_WHITELIST(0.00)[domain.tld]
X-Rspamd-Server: posta.domain.tld

But I suppose this implies that every incoming mail that claim to be from @domain.tld pass without check … not a good policy (these days lot of scam have the From: == To:).
Before the update, local outgoing mail didn’t pass through rspamd that (IMHO), is a better policy.
I suppose I can hack the rspamd config, but if there is a cleaner way … :slight_smile:

Thanks, P.

(Stéphane de Labrusse) #4

Well not sure, clients could be hacked and send email/viruse inside your lan, I prefer to not allow them even inside the lan. Now the question is why your email was taken as spam, this is the 1c issue

(Stéphane de Labrusse) #5

This should be investigated

(Stéphane de Labrusse) #6

Check if in /etc/rspamd/rspamd.conf your local network is defined

Local_networks […]

(Davide Principi) #7

Yes, check out this:

http://docs.nethserver.org/en/v7/mail.html#special-smtp-access-policies

(Paolo) #8

No Local_networks […] variable defined.

I have:
local_addrs = “127.0.0.1 192.168.2.0/24 192.168.67.0/24”;

May be it is what you were referring.
Otherwise it is missing :wink:

N.B.: I identified by myself the rules that rspamd applied to the messages , but can’t find how to manage them … :wink:
And found strange that after standard package update there was a so different management of mail flow.

Obviuosly I have already tried the suggested http://docs.nethserver.org/en/v7/mail.html#special-smtp-access-policies, that not works for my need and is really boring insert IP one by one :frowning:

(Stéphane de Labrusse) #9

you could try to add (not sure it changes something)

local_addrs = “127.0.0.1”;
local_networks = "192.168.2.0/24 192.168.67.0/24”;

systemctl restart rspamd

Watch what are the checks done, some tests are disabled https://rspamd.com/doc/tutorials/scanning_outbound.html

(Davide Principi) #10

The BADIP is out of your trusted networks: try to add its network address to trusted networks and enable “Allow relay from trusted networks” as explained in the docs