[Rspamd-Users] Skip spam check for authenticated (SASL) users howto with postfix?

Allen, Norton T. allen at huarp.harvard.edu
Wed Jan 31 14:44:05 UTC 2024 

Konstantin,

I am new to this, so if someone with more experience wants to correct 
me, that would be great.

Have you tried removing your groups_disabled block, leaving just flags 
and symbols_enabled in the apply block? groups_disabled has the side 
effect of enabling all other rules, whereas symbols_enabled has the side 
effect of disabling all other rules. Those seem to be in conflict, and 
the enables may be winning. I have had success with just flags and 
symbols_enabled as you have them.

On 1/31/2024 8:50 AM, Konstantin Kletschke via Users wrote:
> Dear rspam community,
>
> I have a rspamd up and running fine with a postfix installation.
>
> What is missing is that when users deliver mail via SASL AUTH spam
> checks should be skipped, I am to stupid.
> Postfix calls the rspamd via:
>
> smtpd_milters = inet:localhost:11332, inet:localhost:12345
>
> 11332 ist rpsamd, 12345 is opendkim.
> milter_mail_macros is set to:
>
> milter_mail_macros = i {auth_type} {auth_authen} {auth_author} {mail_addr} {mail_host} {mail_mailer}
>
> My expectation is, that authenticated users' mails are not spam checked,
> do I miss additional settings?
>
> Postfix recognizes that mail ist SASL AUTHed:
>
> Jan 30 13:51:45 mail postfix/smtpd[224854]: C16674014E: client=https://linkprotect.cudasvc.com/url?a=https%3a%2f%2fXXX.customers.d1-online.com&c=E,1,emiHo3tmzpAyCqw0JpmSnCwRGw2WJBll63vfW2Ts1pvc8u7L_4tPXaJKgLiq4X5SMCSnwnUrJJhvhBnnXcxUEma5DRZIhm1xxGua9Mls1YkwLr2GI3n85Ew,&typo=1[80.187.115.42], sasl_method=PLAIN, sasl_username=YYY at inside-m2m.de
>
> rspamd adds spam headeri, though:
>
> (normal) <b2d822>; task; rspamd_worker_body_handler: accepted connection from 127.0.0.1 port 39608, task ptr: 00007F1B012A2A20
> (normal) <b2d822>; task; rspamd_message_parse: loaded message; id: <C7B973E7-D719-48E0-AF2F-A56230DDAD5D at inside-m2m.de>; queue-id: <C16674014E>; size: 1951822; checksum: <7290610468f94d6b2b64258eecf1007b>
> (normal) <b2d822>; task; rspamd_url_text_extract: got empty text part
> (normal) <b2d822>; task; rspamd_mime_part_detect_language: detected part language: de
> (normal) <b2d822>; task; rspamd_mime_part_detect_language: detected part language: en
> (normal) <b2d822>; lua; greylist.lua:217: skip greylisting for local networks and/or authorized users
> (normal) <b2d822>; lua; once_received.lua:102: Skipping once_received for authenticated user or local network
> (normal) <b2d822>; lua; spf.lua:186: skip SPF checks for local networks and authorized users
> (normal) <b2d822>; task; dkim_symbol_callback: skip DKIM checks for local networks and authorized users
> (normal) <b2d822>; lua; dmarc.lua:349: skip DMARC checks as either SPF or DKIM were not checked
> (normal) <b2d822>; task; finalize_item: slow rule: SEM_URIBL_UNKNOWN(459): 356.00 ms; enable slow timer delay
> (normal) <b2d822>; task; finalize_item: slow rule: SURBL_MULTI(438): 380.00 ms
> (normal) <b2d822>; task; rspamd_redis_connected: skip obtaining bayes tokens for BAYES_HAM of classifier bayes: not enough learns 0; 200 required
> (normal) <b2d822>; task; rspamd_redis_connected: skip obtaining bayes tokens for BAYES_SPAM of classifier bayes: not enough learns 0; 200 required
> (normal) <b2d822>; task; rspamd_stat_classifiers_process: skip statistics as SPAM class is missing
> (normal) <b2d822>; task; rspamd_task_write_log: id: <C7B973E7-D719-48E0-AF2F-A56230DDAD5D at inside-m2m.de>, qid: <C16674014E>, ip: 80.187.115.42, user: YYY at inside-m2m.de, from: <YYY at inside-m2m.de>, (default: T (add header): [8.60/15.00] [R_SUSPICIOUS_URL(5.00){https://linkprotect.cudasvc.com/url?a=https%3a%2f%2fwa.me&c=E,1,uGIxyk33dp0UrAoPyMxeHXFw7sbcHeopLRNbThIs5ggD_m7L3aniVUa5axNAChpFQrSmTUrUSJWPW7p2kaItpnLkfoyoYJGPqZJzttGaBX_8VlrY2qso25MM&typo=1;},MIME_MA_MISSING_TEXT(2.00){},URI_COUNT_ODD(1.00){7;},MV_CASE(0.50){},MIME_HTML_ONLY(0.20){},MIME_GOOD(-0.10){multipart/alternative;multipart/mixed;},ARC_NA(0.00){},ASN(0.00){asn:3320, ipnet:80.187.0.0/16, country:DE;},FROM_EQ_ENVFROM(0.00){},FROM_HAS_DN(0.00){},HAS_ATTACHMENT(0.00){},MID_RHS_MATCH_FROM(0.00){},MIME_TRACE(0.00){0:+;1:+;2:~;3:~;4:~;5:~;6:~;7:~;...;},NEURAL_HAM(0.00){-0.991;},RCPT_COUNT_THREE(0.00){4;},RCVD_COUNT_ZERO(0.00){0;},TO_DN_ALL(0.00){},TO_MATCH_ENVRCPT_ALL(0.00){}]), len: 1951822, time: 492.748ms, dns req: 60, digest: <7290610468f94d6b2b64258eecf1007b>, rcpts: <AAA at inside-m2m.de,BBB at inside-m2m.de,CCC at inside-m2m.de,DDD at inside-m2m.de>, mime_rcpts: <EEE at inside-m2m.de,FFF at inside-m2m.de,GGG at inside-m2m.de,...>
>
> I also tried this:
>
> settings {
>     authenticated {
>         authenticated = true;
>         priority = "high";
>         apply {
>             groups_disabled [
>                 "rbl",
>                 "spf",
>             ]
>             flags [
>                 "skip_process",
>             ]
>             symbols_enabled [
>                 "DKIM_SIGNED",
>             ]
>         }
>     }
> }
>
> But this does not change the behaviour.
> This is a debian installation, if importand.
>
> What am I missing?
>
> Kind Regards
> Konstantin
>
>
>
>

More information about the Users mailing list