[Rspamd-Users] *** SPAM *** RE: Unable to disable rspamd for a recpt

rspamd at vlh.dk rspamd at vlh.dk
Fri Dec 2 19:03:22 UTC 2022


Following your linked documentation I tested with:

whitelist {
	priority = low;
	rcpt = "test at vlh.dk";
	want_spam = yes;
}

In my /etc/rspamd/local.d/settings.conf

This is the result:

Dec  2 19:58:38 mail rspamd[4234]: <72adc9>; proxy; proxy_accept_socket: accepted milter connection from ::1 port 47550
Dec  2 19:58:42 mail rspamd[4234]: <72adc9>; milter; rspamd_milter_process_command: got connection from 195.245.230.66:51087
Dec  2 19:58:42 mail rspamd[4234]: <72adc9>; proxy; rspamd_message_parse: loaded message; id: <DB9PR01MB743341B4C5D2B9C1C0F034B1E2179 at DB9PR01MB7433.eurprd01.prod.exchangelabs.com>; queue-id: <3343CE60563>; size: 10599; checksum: <9c7b03961e1154d873a60de5d1c18b5f>
Dec  2 19:58:42 mail rspamd[4234]: <72adc9>; proxy; rspamd_mime_text_part_utf8_convert: converted text part from ISO-8859-1 ('iso-8859-1' announced) to UTF-8 inlen: 8, outlen: 8 (8 UTF16 chars)
Dec  2 19:58:42 mail rspamd[4234]: <72adc9>; proxy; rspamd_mime_text_part_utf8_convert: converted text part from ISO-8859-1 ('iso-8859-1' announced) to UTF-8 inlen: 405, outlen: 405 (405 UTF16 chars)
Dec  2 19:58:42 mail rspamd[4234]: <72adc9>; lua; settings.lua:379: <DB9PR01MB743341B4C5D2B9C1C0F034B1E2179 at DB9PR01MB7433.eurprd01.prod.exchangelabs.com> apply static settings whitelist (id = 1792875810); rcpt matched; priority low
Dec  2 19:58:42 mail rspamd[4234]: <72adc9>; proxy; process_settings: task is whitelisted
Dec  2 19:58:42 mail rspamd[4234]: <72adc9>; proxy; rspamd_task_insert_result_full: cannot insert symbol ASN on idempotent phase
Dec  2 19:58:42 mail rspamd[4234]: <72adc9>; proxy; rspamd_task_write_log: id: <DB9PR01MB743341B4C5D2B9C1C0F034B1E2179 at DB9PR01MB7433.eurprd01.prod.exchangelabs.com>, qid: <3343CE60563>, ip: 195.245.230.66, from: <kim.sindalsen at sn.dk>, (default: S (no action): [0.00/8.00] []), len: 10599, time: 283.257ms, dns req: 1, digest: <9c7b03961e1154d873a60de5d1c18b5f>, rcpts: <test at vlh.dk>, mime_rcpts: <test at vlh.dk>, settings_id: whitelist
Dec  2 19:58:42 mail rspamd[4234]: <72adc9>; proxy; rspamd_protocol_http_reply: regexp statistics: 0 pcre regexps scanned, 0 regexps matched, 172 regexps total, 0 regexps cached, 0B scanned using pcre, 0B scanned total
Dec  2 19:58:47 mail rspamd[4234]: <e57c2d>; proxy; proxy_milter_finish_handler: finished milter connection

Ie. Whitelisted and no checks.

w/o the lines in settings.conf:

Dec  2 20:00:19 mail rspamd[4328]: <023f57>; milter; rspamd_milter_process_command: got connection from 85.158.142.112:50552
Dec  2 20:00:19 mail rspamd[4328]: <023f57>; proxy; rspamd_message_parse: loaded message; id: <DB9PR01MB7433728C04176E7283937351E2179 at DB9PR01MB7433.eurprd01.prod.exchangelabs.com>; queue-id: <63A6CE60563>; size: 10665; checksum: <aea17fe5d00e096938a9a9ec04dc8cac>
Dec  2 20:00:19 mail rspamd[4328]: <023f57>; proxy; rspamd_mime_text_part_utf8_convert: converted text part from ISO-8859-1 ('iso-8859-1' announced) to UTF-8 inlen: 9, outlen: 9 (9 UTF16 chars)
Dec  2 20:00:19 mail rspamd[4328]: <023f57>; proxy; rspamd_mime_text_part_utf8_convert: converted text part from ISO-8859-1 ('iso-8859-1' announced) to UTF-8 inlen: 406, outlen: 406 (406 UTF16 chars)
Dec  2 20:00:19 mail rspamd[4328]: <023f57>; proxy; dkim_module_key_handler: stored DKIM key for s20190207._domainkey.sn.dk in LRU cache for 7200 seconds, 1/2000 elements in the cache
Dec  2 20:00:20 mail rspamd[4328]: <023f57>; proxy; rspamd_spf_maybe_return: stored SPF record for sn.dk (0xcdeae8c3f61b0acb) in LRU cache for 600 seconds, 1/2000 elements in the cache
Dec  2 20:00:20 mail rspamd[4328]: <023f57>; proxy; finalize_item: slow rule: SPF_CHECK(590): 304.21 ms; enable slow timer delay
Dec  2 20:00:20 mail rspamd[4328]: <023f57>; proxy; finalize_item: slow rule: MX_INVALID(417): 1076.79 ms; enable slow timer delay
Dec  2 20:00:20 mail rspamd[4328]: <023f57>; proxy; finalize_item: slow rule: RCVD_IN_DNSWL(485): 1125.40 ms
Dec  2 20:00:20 mail rspamd[4328]: <023f57>; proxy; dkim_module_key_handler: stored DKIM key for selector1._domainkey.sn.dk in LRU cache for 3600 seconds, 2/2000 elements in the cache
Dec  2 20:00:20 mail rspamd[4328]: <023f57>; proxy; finalize_item: slow rule: DKIM_CHECK(183): 1148.92 ms
Dec  2 20:00:21 mail rspamd[4328]: <023f57>; proxy; finalize_item: slow rule: RBL_NIXSPAM(478): 304.65 ms; enable slow timer delay
Dec  2 20:00:21 mail rspamd[4328]: <023f57>; proxy; finalize_item: slow rule: RBL_VIRUSFREE_UNKNOWN(507): 315.73 ms
Dec  2 20:00:21 mail rspamd[4328]: <023f57>; proxy; finalize_item: slow rule: SPAMHAUS_CHECK(546): 335.37 ms
Dec  2 20:00:21 mail rspamd[4328]: <023f57>; proxy; finalize_item: slow rule: DWL_DNSWL(492): 343.19 ms
Dec  2 20:00:21 mail rspamd[4328]: <023f57>; proxy; finalize_item: slow rule: RBL_SENDERSCORE(540): 509.72 ms; enable slow timer delay
Dec  2 20:00:21 mail rspamd[4328]: <023f57>; proxy; finalize_item: slow rule: RBL_SEM(564): 647.97 ms; enable slow timer delay
Dec  2 20:00:22 mail rspamd[4328]: <023f57>; proxy; finalize_item: slow rule: URIBL_MULTI(527): 1108.69 ms; enable slow timer delay
Dec  2 20:00:22 mail rspamd[4328]: <023f57>; bayes; bayes_classify: no tokens found in bayes database (26 total tokens, 2 text tokens), ignore stats
Dec  2 20:00:22 mail rspamd[4328]: <023f57>; lua; greylist.lua:331: Score too low - skip greylisting
Dec  2 20:00:22 mail rspamd[4328]: <023f57>; proxy; rspamd_task_write_log: id: <DB9PR01MB7433728C04176E7283937351E2179 at DB9PR01MB7433.eurprd01.prod.exchangelabs.com>, qid: <63A6CE60563>, ip: 85.158.142.112, from: <kim.sindalsen at sn.dk>, (default: F (no action): [-1.90/8.00] [ARC_ALLOW(-1.00){microsoft.com:s=arcselector9901:i=1;},DMARC_POLICY_ALLOW(-0.50){sn.dk;reject;},MX_GOOD(-0.50){cluster4.eu.messagelabs.com;cluster4a.eu.messagelabs.com;},R_PARTS_DIFFER(0.50){100.0%;},R_DKIM_ALLOW(-0.20){sn.dk:s=s20190207;sn.dk:s=selector1;},MIME_GOOD(-0.10){multipart/alternative;text/plain;},R_SPF_ALLOW(-0.10){+ip4:85.158.136.0/21;},ASN(0.00){asn:16509, ipnet:85.158.142.0/24, country:US;},DKIM_TRACE(0.00){sn.dk:+;},FROM_EQ_ENVFROM(0.00){},FROM_HAS_DN(0.00){},HAS_XOIP(0.00){},MIME_TRACE(0.00){0:+;1:+;2:~;},RCPT_COUNT_ONE(0.00){1;},RCVD_COUNT_ONE(0.00){4;},RCVD_IN_DNSWL_NONE(0.00){85.158.142.112:from;},RCVD_TLS_LAST(0.00){},RWL_MAILSPIKE_POSSIBLE(0.00){85.158.142.112:from;},TO_DN_EQ_ADDR_ALL(0.00){},TO_MATCH_ENVRCPT_ALL(0.00){}]), len: 10665, time: 2631.824ms, dns req: 50, digest: <aea17fe5d00e096938a9a9ec04dc8cac>, rcpts: <test at vlh.dk>, mime_rcpts: <test at vlh.dk>
Dec  2 20:00:22 mail rspamd[4328]: <023f57>; proxy; rspamd_protocol_http_reply: regexp statistics: 0 pcre regexps scanned, 2 regexps matched, 172 regexps total, 61 regexps cached, 0B scanned using pcre, 3.04KiB scanned total
Dec  2 20:00:27 mail rspamd[4328]: <39b445>; proxy; proxy_milter_finish_handler: finished milter connection


This is with rspamd 3.4 - seems to work fine for me.

Regards,
Kim

> -----Original Message-----
> From: Users <users-bounces at lists.rspamd.com> On Behalf Of George
> Asenov
> Sent: 2. december 2022 16:03
> To: users at lists.rspamd.com
> Subject: Re: [Rspamd-Users] Unable to disable rspamd for a recpt
> 
> Hello,
> 
> I  meant only to bump the question up if it is missed ...
> Anyway
> settings {} is included here just to clarify where I added the sniped.
> It is added in the right place rspamd/local.d/settings.conf  without settings {}
> section. Sorry if mislead someone.
> 
> But in https://rspamd.com/doc/configuration/settings.html
> clearly says:
> 
> /quote
> 
> Important notice: This is NOT applicable to want_spam option. This option
> disable ALL Rspamd rules, even history or data exporting.
> Actually, it is a full bypass of all Rspamd processing
> 
> /endquote
> 
> But it don't disable anything!
> 
> On 02-Dec-22 4:01 PM, C. Bernard via Users wrote:
> > Hi there
> >
> > Zitat von "G.W. Haywood via Users" <users at lists.rspamd.com>:
> >> Hi there,
> >>
> > [..]
> >>
> >> Please show the entire settings file, not just a part of it.
> >>
> >> Quoting the documentation at
> >>
> >> https://rspamd.com/doc/configuration/settings.html
> >>
> >> [quote]
> >> Settings structure
> >>
> >> The settings file should contain a single section called “settings”:
> >> [/quote]
> >>
> >> Are you sure that you have such a settings section, and have you
> >> placed your "whitelist" settings within it?  Something like
> >>
> >> settings {
> >>   ...
> >>   ...
> >>
> >>   whitelist { ... }
> >>
> >>   ...
> >>   ...
> >> }
> >
> > Which would not be correct. The official example here:
> > https://rspamd.com/doc/configuration/settings.html
> > never shows "settings { .... }" in any example.
> > The quoted sentence above is, in my opinion, wrong. It shall not
> > contain the settings (key words) but rather only the content of a
> > settings section.
> > What is found in the settings.conf file by rspamd is put into a
> > settings section by rspamd.
> >
> > I usually test this with the rspamadm configdump command.
> > This has 2 nested settings when you put "settings {" there again:
> > settings {
> >      settings {
> >          authenticated {
> >              authenticated = true;
> >              priority = "high";
> >
> > Which won't work, (i guess). Ah it doesn't:
> > output of configdump command:
> > nested section: settings { settings { ... } }, it is likely a
> > configuration error
> >
> > But I often fail to find the information I seek. It must be me.
> >
> > for example:
> > what is the difference of
> >
> > /quoting the man page:
> >         Also for each command you can check list of available
> > command_options
> >         by running
> >
> >
> >                rspamadm help command
> >                rspamadm command --help /end_quote But the produce
> > different output:
> >
> > [me at beastly /usr/local/etc/rspamd/local.d]# rspamadm help configdump
> > Rspamadm 3.4
> > Usage: rspamadm [global_options] command [command_options]
> >
> > Showing help for configdump command
> >
> > Perform configuration file dump
> >
> > Usage: rspamadm configdump [-c <config_name> [-j --compact -m]
> > [<path1> [<path2> ...]]] Where options are:
> >
> > -j: output plain json
> > --compact: output compacted json
> > -c: config file to test
> > -m: show state of modules only
> > -h: show help for dumped options
> > --help: shows available options and commands
> >
> > AND:
> > [me at beastly /usr/local/etc/rspamd/local.d]# rspamadm  configdump
> > --help
> > Usage:
> >    rspamadm [OPTION?] configdump - dumps Rspamd configuration
> >
> > Summary:
> >    Rspamd administration utility version 3.4
> >    Release id: release
> >
> > Help Options:
> >    -?, --help               Show help options
> >
> > Application Options:
> >    -j, --json               Json output (pretty formatted)
> >    -C, --compact            Compacted json output
> >    -c, --config             Config file to test
> >    -h, --show-help          Show help as comments for each option
> >    -s, --show-comments      Show saved comments from the configuration
> > file
> >    -m, --modules-state      Show modules state only
> >    -g, --groups             Show symbols groups only
> >    -d, --symbol-details     Show full symbol details only
> >    -T, --skip-template      Do not apply Jinja templates
> >
> > /end_output
> >
> > I looked for info what the '-g' does. And couldn't find it. (I saw a
> > it used in a probable bug report) I used the wrong help command, I see
> now.
> > (I just found my answer a minute ago...), so my question would be now:
> >
> > Why is the definition about symbol R_SUSPICIOUS_URL not output with
> > rspamadm configdump command, but only when using command option  -
> g ?
> > I was of the opinion that rspamadm configdump dumps all ( complete)
> > config including all overrides and local.d changes and additions. I
> > seems not to.
> >
> >
> >>
> >>> It's been 2 days with no answer?
> >
> > I have send mails to the list, that we never answered and some even
> > weren't published. So that's no news to me. There is mostly only a small
> > group of people that could answer correctly, and I am not amongst them
> > most of the time...
> >
> > Cheers
> > C.
> >
> >
> >
> >
> 
> --
> Warm regards
> George A.
> WPXHosting
> --
> Users mailing list
> Users at lists.rspamd.com
> https://lists.rspamd.com/mailman/listinfo/users



More information about the Users mailing list