[Rspamd-Users] how to disable dmarc for spamtrap

Christian Scholz rspam at 2nibbles4u.de
Tue Jan 1 17:37:14 UTC 2019 

First of all I wish all of you a happy new year!

I've configured a spamtrap and disabled some checks how "madorin" 
described it on 4 Apr 2017 here: 
https://github.com/rspamd/rspamd/issues/1573

/etc/rspamd/override.d/spamtrap.conf
     score = 1.0;
     learn_fuzzy = true;
     learn_spam = true;
     fuzzy_flag = 1;
     map = "file://$LOCAL_CONFDIR/local.d/local_spamtrap.map.inc";
     enabled = true;

         actions {
             reject = 100.0;
             greylist = null; # Disable greylisting (from 1.8.1)
             groups_disabled = ["rbl", "antivirus", "dkim", "spf", 
"dmarc"]
             symbols_disabled = ["GREYLIST_CHECK", "GREYLIST_SAVE"];
     }


Nevertheless the dmarc policy is evaluated and applied. First time I've 
recognized it after somone used my e-mail domain to send me spam emails. 
My dmarc policy was to to reject and rspamd did it. Log extract below.
I've changed my dmarc policy to quarantine and next time rspamd added 
the dmarc header and forwarded the e-mail.

Does someone know how to disable dmarc correctly?

1: Dec 30 18:48:49 ns3 postfix/smtpd[14248]: connect from 
unknown[80.252.131.174]
2: Dec 30 18:48:49 ns3 rspamd[11968]: <04c679>; proxy; 
proxy_accept_socket: accepted milter connection from 127.0.0.1 port 
54704
3: Dec 30 18:48:49 ns3 postfix/smtpd[14248]: F00619E3B1: 
client=unknown[80.252.131.174]
5: Dec 30 18:48:49 ns3 rspamd[11968]: <04c679>; milter; 
rspamd_milter_process_command: got connection from 80.252.131.174:23398
6: Dec 30 18:48:50 ns3 postfix/cleanup[14289]: F00619E3B1: 
message-id=<001f01d4a081$04206c84$4678aeb9$@mydomain.tld>
7: Dec 30 18:48:50 ns3 rspamd[11968]: <04c679>; proxy; 
rspamd_message_parse: loaded message; id: 
<001f01d4a081$04206c84$4678aeb9$@mydomain.tld>; queue-id: <F00619E3B1>; 
size: 9662; checksum: <9fb69ae8c4b26242a635433a3cf70914>
8: Dec 30 18:48:50 ns3 rspamd[11968]: <04c679>; lua; settings.lua:358: 
check for settings
9: Dec 30 18:48:50 ns3 rspamd[11968]: <04c679>; proxy; 
rspamd_mime_text_part_utf8_convert: converted from IBM852 to UTF-8 
inlen: 3401, outlen: 3401 (3401 UTF16 chars)
10: Dec 30 18:48:50 ns3 rspamd[11968]: <04c679>; proxy; 
rspamd_mime_text_part_utf8_convert: converted from IBM852 to UTF-8 
inlen: 5143, outlen: 5143 (5143 UTF16 chars)
11: Dec 30 18:48:50 ns3 rspamd[11968]: <04c679>; proxy; 
rspamd_mime_part_detect_language: detected part language: de
12: Dec 30 18:48:50 ns3 rspamd[11968]: <04c679>; proxy; 
rspamd_add_passthrough_result: 
<001f01d4a081$04206c84$4678aeb9$@mydomain.tld>: set pre-result to reject 
(no score): 'Action set by DMARC' from dmarc(1)
13: Dec 30 18:48:50 ns3 rspamd[11968]: <04c679>; proxy; 
fuzzy_check_lua_process_learn: skip rule local as it has no flag 1 
defined false
14: Dec 30 18:48:50 ns3 rspamd[11968]: <04c679>; proxy; 
fuzzy_check_lua_process_learn: 
<001f01d4a081$04206c84$4678aeb9$@mydomain.tld>: no fuzzy rules found for 
flag 1
15: Dec 30 18:48:50 ns3 rspamd[11968]: <04c679>; lua; spamtrap.lua:66: 
spamtrap found: <recipient at mydomain.tld>
16: Dec 30 18:48:50 ns3 rspamd[11968]: <04c679>; proxy; 
rspamd_add_passthrough_result: 
<001f01d4a081$04206c84$4678aeb9$@mydomain.tld>: set pre-result to no 
action (no score): 'message accepted' from spamtrap(1)
17: Dec 30 18:48:50 ns3 rspamd[11968]: <04c679>; proxy; 
rspamd_task_process: learn error: 
<001f01d4a081$04206c84$4678aeb9$@mydomain.tld> has been already learned 
as spam, ignore it
18: Dec 30 18:48:50 ns3 rspamd[11968]: <04c679>; lua; neural.lua:487: 
cannot learn ANN tLONG1243FD6D50FE9F7A260: too many spam samples: 37
19: Dec 30 18:48:50 ns3 rspamd[11968]: <04c679>; lua; neural.lua:487: 
cannot learn ANN tSHORT1243FD6D50FE9F7A260: too many spam samples: 37
20: Dec 30 18:48:50 ns3 rspamd[11968]: <04c679>; proxy; 
rspamd_task_write_log: id: 
<001f01d4a081$04206c84$4678aeb9$@mydomain.tld>, qid: <F00619E3B1>, ip: 
80.252.131.174, from: <recipient at mydomain.tld>, (default: T (reject): 
[29.52/15.00] 
[DATE_IN_FUTURE(4.00){},ONCE_RECEIVED_STRICT(4.00){},RBL_SPAMHAUS_XBL(4.00){174.131.252.80.zen.spamhaus.org 
: 
127.0.0.4;},HFILTER_HELO_BAREIP(3.00){80.252.131.174;1;},HFILTER_HOSTNAME_UNKNOWN(2.50){},DMARC_POLICY_REJECT(2.00){mydomain.tld 
: No valid SPF, No valid 
DKIM;reject;},RBL_SENDERSCORE(2.00){174.131.252.80.bl.score.senderscore.com;},RBL_SPAMHAUS_CSS(2.00){174.131.252.80.zen.spamhaus.org 
: 127.0.0.3;},RBL_VIRUSFREE_BOTNET(2.00){174.131.252.80.bip.virusfree.cz 
: 
127.0.0.2;},MX_INVALID(1.00){cached;},RBL_SEM(1.00){174.131.252.80.bl.spameatingmonkey.net;},RDNS_NONE(1.00){},SPAMTRAP(1.00){recipient at mydomain.tld;},MIME_GOOD(-0.10){multipart/alternative;text/plain;},ONCE_RECEIVED(0.10){},IP_SCORE(0.02){country: 
RU(0.10);},ARC_NA(0.00){},ASN(0.00){asn:21453, ipnet:80.252.128.0/19, 
country:RU;},DIRECT_TO_MX(0.00){Microsoft Outlook 
14.0;},FROM_EQ_ENVFROM(0.00){},FROM_NO_DN(0.00){},MID_RHS_MATCH_FROM(0.00){},MIME_TRACE(0.00){0:+;1:+;},RCPT_COUNT_ONE(0.00){1;},RCVD_COUNT_ZERO(0.00){0;},RCVD_TLS_ALL(0.00){},R_DKIM_NA(0.00){},R_SPF_NEUTRAL(0.00){?all;},TO_DN_ALL(0.00){},TO_EQ_FROM(0.00){},TO_MATCH_ENVRCPT_ALL(0.00){}]), 
len: 9662, time: 191.529ms real, 10.814ms virtual, dns req: 16, digest: 
<9fb69ae8c4b26242a635433a3cf70914>, rcpts: <recipient at mydomain.tld>, 
mime_rcpts: <recipient at mydomain.tld>, forced: reject "Action set by 
DMARC"; score=nan (set by dmarc)
21: Dec 30 18:48:50 ns3 rspamd[11968]: <04c679>; proxy; 
rspamd_protocol_http_reply: regexp statistics: 0 pcre regexps scanned, 5 
regexps matched, 180 regexps total, 93 regexps cached, 0B bytes scanned 
using pcre, 26.92k bytes scanned total
22: Dec 30 18:48:50 ns3 postfix/cleanup[14289]: F00619E3B1: 
milter-reject: END-OF-MESSAGE from unknown[80.252.131.174]: 5.7.1 
message accepted; from=<recipient at mydomain.tld> 
to=<recipient at mydomain.tld> proto=ESMTP helo=<[80.252.131.174]>
23: Dec 30 18:48:50 ns3 postfix/smtpd[14248]: disconnect from 
unknown[80.252.131.174]
24: Dec 30 18:48:50 ns3 rspamd[11968]: <895e70>; proxy; 
proxy_milter_finish_handler: finished milter connection
25: Dec 30 18:48:50 ns3 postfix/smtpd[14248]: connect from 
unknown[80.252.131.174]
26: Dec 30 18:48:50 ns3 rspamd[11968]: <63efa8>; proxy; 
proxy_accept_socket: accepted milter connection from 127.0.0.1 port 
55278
27: Dec 30 18:48:50 ns3 postfix/smtpd[14248]: EED339E3B1: 
client=unknown[80.252.131.174]
28: Dec 30 18:48:50 ns3 rspamd[11968]: <63efa8>; milter; 
rspamd_milter_process_command: got connection from 80.252.131.174:23407
29: Dec 30 18:48:51 ns3 postfix/cleanup[14289]: EED339E3B1: 
message-id=<002501d4a081$0243d9ee$a10315bf$@mydomain.tld>

-- 
Christian Scholz

More information about the Users mailing list