[Rspamd-Users] Skip spam check for authenticated (SASL) users howto with postfix?

Konstantin Kletschke konstantin.kletschke at inside-m2m.de
Thu Feb 1 09:37:26 UTC 2024 

On Wed, Jan 31, 2024 at 11:01:10AM -0500, Allen, Norton T. wrote:

> Well that at least means those apply rules might work if the message is
> identified correctly, but from what you've shown me, I don't see why it
> wasn't identified as authenticated.

Sorry, I was too much in a hurry yesterday.
I investigated this more carefully until now:
Every mail delivered into the system via SASL AUTH now gets flagged like
this in the rspamd log:

(normal) <97fd5d>; lua; settings.lua:390: <XXX at inside-m2m.de> apply static settings authenticated (id = 1937017268); authenticated matched; priority high


(normal) <97fd5d>; lua; settings.lua:390: <XXX at inside-m2m.de> apply static settings authenticated (id = 1937017268); authenticated matched; priority high
(normal) <97fd5d>; task; rspamd_stat_classifiers_process: skip statistics as SPAM class is missing
(normal) <97fd5d>; task; rspamd_task_write_log: id: <XXX at inside-m2m.de>, qid: <5535640002>, ip: 80.228.41.210, user: XXX at inside-m2m.de, from: <XXX at inside-m2m.de>, (default: F (no action): [0.00/15.00] [TAGGED_RCPT(0.00){}]), len: 1725, time: 3.250ms, dns req: 0, digest: <c0c6b51bcd175fd8196804f06898fcbc>, rcpts: <YYY at AAA.com,ZZZ at BBB.com>, mime_rcpts: <YYY at AAA.com,>, settings_id: authenticated

So the setting kicks in and its consistend all other mails get this
flagging not. All fine.
What I wonder is, is that it? Is this skipping spam checking? Because
there still is a "(default: F (no action)".

And if I do the GTUBE test from intern via SALS AUTH this happens still:

(normal) <141559>; task; rspamd_worker_body_handler: accepted connection from ::1 port 40628, task ptr: 00007FB04C5B99E0
(normal) <141559>; task; rspamd_message_parse: loaded message; id: <XXX at inside-m2m.de>; queue-id: <9B10F401F5>; size: 2359; checksum: <2251d4a84b69cb97e681af7c551eb3b8>
(normal) <141559>; task; rspamd_check_gtube: gtube reject pattern has been found in part of length 390
(normal) <141559>; task; rspamd_add_passthrough_result: <XXX at inside-m2m.de>: set pre-result to 'reject' (15.00): 'Gtube pattern' from GTUBE(3)
(normal) <141559>; task; rspamd_check_gtube: gtube reject pattern has been found in part of length 370
(normal) <141559>; task; rspamd_add_passthrough_result: <XXX at inside-m2m.de>: set pre-result to 'reject' (15.00): 'Gtube pattern' from GTUBE(3)
(normal) <141559>; task; rspamd_task_write_log: id: <XXX at inside-m2m.de>, qid: <9B10F401F5>, ip: 90.187.159.109, user: AAA at inside-m2m.de, from: <AAA at inside-m2m.de>, (default: S (reject): [15.00/15.00] [GTUBE(0.00){}]), len: 2359, time: 1.214ms, dns req: 0, digest: <2251d4a84b69cb97e681af7c551eb3b8>, rcpts: <BBB at inside-m2m.de>, mime_rcpts: <BBB at inside-m2m.de>, forced: reject "Gtube pattern"; score=15.00 (set by GTUBE)
(normal) <141559>; task; rspamd_protocol_http_reply: regexp statistics: 0 pcre regexps scanned, 0 regexps matched, 175 regexps total, 0 regexps cached, 0B scanned using pcre, 0B scanned total


Is the GTUBE test not skipped globally never or is my setup still not
skippin SASL AUTH mails? How do I test this further?


Regards
Konstantin


-- 
INSIDE M2M GmbH
Konstantin Kletschke
Berenbosteler Straße 76 B
30823 Garbsen

Telefon: +49 (0) 5137 90950136
Mobil: +49 (0) 151 15256238
Fax: +49 (0) 5137 9095010

konstantin.kletschke at inside-m2m.de
http://www.inside-m2m.de 

Geschäftsführung: Michael Emmert, Derek Uhlig
HRB: 111204, AG Hannover

More information about the Users mailing list