[Rspamd-Users] Scanning outbound mail from an authenticated user

Gabriele Nencioni gabriele.nencioni at register.it
Tue Feb 4 16:37:51 UTC 2020 

Hi all,
I'm following the scanning outbound mail documentation:
https://rspamd.com/doc/tutorials/scanning_outbound.html

and my Rspamd server knows an email is received from an authenticated
user, by User: http header, passed by my MTA using an http query against
the /checkv2 endpoint:
https://rspamd.com/doc/architecture/protocol.html#controller-http-endpoints

in order to avoid several checks as the scanning_outbound.html
documentation says.


So far so good and it follows a properly tcpdump session on rspamd
server side:
# tcpdump -i any -nAs 0 'port 11333'
...
POST /checkv2 HTTP/1.1
Host: myrspamdserver
TE: chunked,deflate,gzip
Accept-Encoding: gzip;q=0,deflate;q=0
Date: Tue, 04 Feb 2020 16:19:54 GMT
Connection: keep-alive
Content-Length: 2709
Content-Type: application/octet-stream;charset=UTF-8
Ip: xxx.xxx.xxx.xxx
Helo: testhelo
Hostname: xxx.xxx.xxx.xxx.domain.tld
Rcpt: user at domain.tld
User: user at domain.tld
...

in this way with the header User: set, the several checks (DKIM, DMARC,
Greylist, the most part of Hfilter, RBL, SPF and so on) are disabled.


The problem occurs when a message is not from an authenticated user and
the User: header is empty, like this:
POST /checkv2 HTTP/1.1
Host: myrspamdserver
TE: chunked,deflate,gzip
Accept-Encoding: gzip;q=0,deflate;q=0
Date: Tue, 04 Feb 2020 16:20:37 GMT
Connection: keep-alive
Content-Length: 2709
Content-Type: application/octet-stream;charset=UTF-8
Ip: xxx.xxx.xxx.xxx
Helo: testhelo
Hostname: xxx.xxx.xxx.xxx.domain.tld
Rcpt: user at domain.tld
User:

also in this case, I guess wrongly, the checks are still disabled, none
of them are triggered.


So my question is: have I to not pass the User: header when it is empty?
Something like this, without it:
POST /checkv2 HTTP/1.1
Host: myrspamdserver
TE: chunked,deflate,gzip
Accept-Encoding: gzip;q=0,deflate;q=0
Date: Tue, 04 Feb 2020 16:20:37 GMT
Connection: keep-alive
Content-Length: 2709
Content-Type: application/octet-stream;charset=UTF-8
Ip: xxx.xxx.xxx.xxx
Helo: testhelo
Hostname: xxx.xxx.xxx.xxx.domain.tld
Rcpt: user at domain.tld



Thanks in advance
Regards,
--
Gabriele Nencioni

More information about the Users mailing list