[Rspamd-Users] I'm confused...
G.W. Haywood
rspamd at jubileegroup.co.uk
Sun Feb 4 10:53:09 UTC 2024
Hi there,
On Sat, 3 Feb 2024, Steve Witten wrote:
> On Sat, Feb 3, 2024 at 2:53 PM G.W. Haywood wrote:
>
>> Please give the real names.
>
> mail.niteflyte.net
> rspamd.niteflyte.net
Thanks. I see that they have SPF records now too. If you know the IP
address(es) of your sending mail server(s) it's much more efficient to
use the 'ip4:' and 'ip6:' mechanisms than 'a:', and especially 'mx:'.
You shouldn't use 'mx:' at all unless you really have to. Once you're
happy with the record switch from '~all' to '-all' to show that you're
serious about it. You'll be surprised how many criminals you'll find
forging mail from your domains.
> ...
> However, I think this is the answer:
>
>> ... the SPF record for example.com has nothing to do with the
>> (entirely separate) SPF records for mail.example.com and
>> rspamd.example.com ...
>
> Maybe the better question to ask is: How can I prevent rspamd from
> scanning this mail? Since it's internal, status-report kind of
> stuff, it's not really worthwhile to do this.
Maybe whitelisting? With any email system there are many - perhaps
sometimes too many - ways to get things done. If you're working with
very high volumes and performance may be an issue then you'd probably
want to arrange the filtering so that it was entirely skipped for any
local *known good* traffic. This can mean rolling up your sleeves and
doing some serious digging, maybe some coding, and almost certainly
some documentation - so you can go back and fix it in a year's time.
For the much more numerous installations which handle modest volumes,
where the resource usage is not an issue, then keeping everything in
one place (the filter configuration is what I'd call "one place") is
probably simplest.
Here's a tutorial you might want to browse:
https://www.0xf8.org/2018/05/an-alternative-introduction-to-rspamd-configuration-scores/
The diagram in part 4 might be helpful. I haven't checked how up-to-
date it all is.
Bear in mind that rspamd is capable of very high throughputs, so your
concern about scanning local known good mail might not be warranted.
Granted some virus scanners can be on the slow side but I personally
like to scan most outgoing mail. Sort of belt && braces. If I had to
deal with users of Windows boxes (thankfully I don't, any more) then
I'd insist on fully scanning all outgoing mail no matter what the cost.
--
73,
Ged.
More information about the Users
mailing list