[Rspamd-Users] Skip spam check for authenticated (SASL) users howto with postfix?

Konstantin Kletschke konstantin.kletschke at inside-m2m.de
Wed Jan 31 13:50:42 UTC 2024 

Dear rspam community,

I have a rspamd up and running fine with a postfix installation.

What is missing is that when users deliver mail via SASL AUTH spam
checks should be skipped, I am to stupid.
Postfix calls the rspamd via:

smtpd_milters = inet:localhost:11332, inet:localhost:12345

11332 ist rpsamd, 12345 is opendkim.
milter_mail_macros is set to:

milter_mail_macros = i {auth_type} {auth_authen} {auth_author} {mail_addr} {mail_host} {mail_mailer}

My expectation is, that authenticated users' mails are not spam checked,
do I miss additional settings?

Postfix recognizes that mail ist SASL AUTHed:

Jan 30 13:51:45 mail postfix/smtpd[224854]: C16674014E: client=XXX.customers.d1-online.com[80.187.115.42], sasl_method=PLAIN, sasl_username=YYY at inside-m2m.de

rspamd adds spam headeri, though:

(normal) <b2d822>; task; rspamd_worker_body_handler: accepted connection from 127.0.0.1 port 39608, task ptr: 00007F1B012A2A20
(normal) <b2d822>; task; rspamd_message_parse: loaded message; id: <C7B973E7-D719-48E0-AF2F-A56230DDAD5D at inside-m2m.de>; queue-id: <C16674014E>; size: 1951822; checksum: <7290610468f94d6b2b64258eecf1007b>
(normal) <b2d822>; task; rspamd_url_text_extract: got empty text part
(normal) <b2d822>; task; rspamd_mime_part_detect_language: detected part language: de
(normal) <b2d822>; task; rspamd_mime_part_detect_language: detected part language: en
(normal) <b2d822>; lua; greylist.lua:217: skip greylisting for local networks and/or authorized users
(normal) <b2d822>; lua; once_received.lua:102: Skipping once_received for authenticated user or local network
(normal) <b2d822>; lua; spf.lua:186: skip SPF checks for local networks and authorized users
(normal) <b2d822>; task; dkim_symbol_callback: skip DKIM checks for local networks and authorized users
(normal) <b2d822>; lua; dmarc.lua:349: skip DMARC checks as either SPF or DKIM were not checked
(normal) <b2d822>; task; finalize_item: slow rule: SEM_URIBL_UNKNOWN(459): 356.00 ms; enable slow timer delay
(normal) <b2d822>; task; finalize_item: slow rule: SURBL_MULTI(438): 380.00 ms
(normal) <b2d822>; task; rspamd_redis_connected: skip obtaining bayes tokens for BAYES_HAM of classifier bayes: not enough learns 0; 200 required
(normal) <b2d822>; task; rspamd_redis_connected: skip obtaining bayes tokens for BAYES_SPAM of classifier bayes: not enough learns 0; 200 required
(normal) <b2d822>; task; rspamd_stat_classifiers_process: skip statistics as SPAM class is missing
(normal) <b2d822>; task; rspamd_task_write_log: id: <C7B973E7-D719-48E0-AF2F-A56230DDAD5D at inside-m2m.de>, qid: <C16674014E>, ip: 80.187.115.42, user: YYY at inside-m2m.de, from: <YYY at inside-m2m.de>, (default: T (add header): [8.60/15.00] [R_SUSPICIOUS_URL(5.00){wa.me;},MIME_MA_MISSING_TEXT(2.00){},URI_COUNT_ODD(1.00){7;},MV_CASE(0.50){},MIME_HTML_ONLY(0.20){},MIME_GOOD(-0.10){multipart/alternative;multipart/mixed;},ARC_NA(0.00){},ASN(0.00){asn:3320, ipnet:80.187.0.0/16, country:DE;},FROM_EQ_ENVFROM(0.00){},FROM_HAS_DN(0.00){},HAS_ATTACHMENT(0.00){},MID_RHS_MATCH_FROM(0.00){},MIME_TRACE(0.00){0:+;1:+;2:~;3:~;4:~;5:~;6:~;7:~;...;},NEURAL_HAM(0.00){-0.991;},RCPT_COUNT_THREE(0.00){4;},RCVD_COUNT_ZERO(0.00){0;},TO_DN_ALL(0.00){},TO_MATCH_ENVRCPT_ALL(0.00){}]), len: 1951822, time: 492.748ms, dns req: 60, digest: <7290610468f94d6b2b64258eecf1007b>, rcpts: <AAA at inside-m2m.de,BBB at inside-m2m.de,CCC at inside-m2m.de,DDD at inside-m2m.de>, mime_rcpts: <EEE at inside-m2m.de,FFF at inside-m2m.de,GGG at inside-m2m.de,...>

I also tried this:

settings {
   authenticated {
       authenticated = true;
       priority = "high";
       apply {
           groups_disabled [
               "rbl",
               "spf",
           ]
           flags [
               "skip_process",
           ]
           symbols_enabled [
               "DKIM_SIGNED",
           ]
       }
   }
}

But this does not change the behaviour.
This is a debian installation, if importand.

What am I missing?

Kind Regards
Konstantin




-- 
INSIDE M2M GmbH
Konstantin Kletschke
Berenbosteler Straße 76 B
30823 Garbsen

Telefon: +49 (0) 5137 90950136
Mobil: +49 (0) 151 15256238
Fax: +49 (0) 5137 9095010

konstantin.kletschke at inside-m2m.de
http://www.inside-m2m.de 

Geschäftsführung: Michael Emmert, Derek Uhlig
HRB: 111204, AG Hannover

More information about the Users mailing list