[Rspamd-Users] Skip spam check for authenticated (SASL) users howto with postfix?

Allen, Norton T. allen at huarp.harvard.edu
Wed Jan 31 14:47:46 UTC 2024 

I should have noted the reference where those side effects are documented:

    https://rspamd.com/doc/configuration/settings.html

On 1/31/2024 9:44 AM, Allen, Norton T. wrote:
> Konstantin,
>
> I am new to this, so if someone with more experience wants to correct 
> me, that would be great.
>
> Have you tried removing your groups_disabled block, leaving just flags 
> and symbols_enabled in the apply block? groups_disabled has the side 
> effect of enabling all other rules, whereas symbols_enabled has the 
> side effect of disabling all other rules. Those seem to be in 
> conflict, and the enables may be winning. I have had success with just 
> flags and symbols_enabled as you have them.
>
> On 1/31/2024 8:50 AM, Konstantin Kletschke via Users wrote:
>> Dear rspam community,
>>
>> I have a rspamd up and running fine with a postfix installation.
>>
>> What is missing is that when users deliver mail via SASL AUTH spam
>> checks should be skipped, I am to stupid.
>> Postfix calls the rspamd via:
>>
>> smtpd_milters = inet:localhost:11332, inet:localhost:12345
>>
>> 11332 ist rpsamd, 12345 is opendkim.
>> milter_mail_macros is set to:
>>
>> milter_mail_macros = i {auth_type} {auth_authen} {auth_author} 
>> {mail_addr} {mail_host} {mail_mailer}
>>
>> My expectation is, that authenticated users' mails are not spam checked,
>> do I miss additional settings?
>>
>> Postfix recognizes that mail ist SASL AUTHed:
>>
>> Jan 30 13:51:45 mail postfix/smtpd[224854]: C16674014E: 
>> client=https://linkprotect.cudasvc.com/url?a=https%3a%2f%2fXXX.customers.d1-online.com&c=E,1,emiHo3tmzpAyCqw0JpmSnCwRGw2WJBll63vfW2Ts1pvc8u7L_4tPXaJKgLiq4X5SMCSnwnUrJJhvhBnnXcxUEma5DRZIhm1xxGua9Mls1YkwLr2GI3n85Ew,&typo=1[80.187.115.42], 
>> sasl_method=PLAIN, sasl_username=YYY at inside-m2m.de
>>
>> rspamd adds spam headeri, though:
>>
>> (normal) <b2d822>; task; rspamd_worker_body_handler: accepted 
>> connection from 127.0.0.1 port 39608, task ptr: 00007F1B012A2A20
>> (normal) <b2d822>; task; rspamd_message_parse: loaded message; id: 
>> <C7B973E7-D719-48E0-AF2F-A56230DDAD5D at inside-m2m.de>; queue-id: 
>> <C16674014E>; size: 1951822; checksum: 
>> <7290610468f94d6b2b64258eecf1007b>
>> (normal) <b2d822>; task; rspamd_url_text_extract: got empty text part
>> (normal) <b2d822>; task; rspamd_mime_part_detect_language: detected 
>> part language: de
>> (normal) <b2d822>; task; rspamd_mime_part_detect_language: detected 
>> part language: en
>> (normal) <b2d822>; lua; greylist.lua:217: skip greylisting for local 
>> networks and/or authorized users
>> (normal) <b2d822>; lua; once_received.lua:102: Skipping once_received 
>> for authenticated user or local network
>> (normal) <b2d822>; lua; spf.lua:186: skip SPF checks for local 
>> networks and authorized users
>> (normal) <b2d822>; task; dkim_symbol_callback: skip DKIM checks for 
>> local networks and authorized users
>> (normal) <b2d822>; lua; dmarc.lua:349: skip DMARC checks as either 
>> SPF or DKIM were not checked
>> (normal) <b2d822>; task; finalize_item: slow rule: 
>> SEM_URIBL_UNKNOWN(459): 356.00 ms; enable slow timer delay
>> (normal) <b2d822>; task; finalize_item: slow rule: SURBL_MULTI(438): 
>> 380.00 ms
>> (normal) <b2d822>; task; rspamd_redis_connected: skip obtaining bayes 
>> tokens for BAYES_HAM of classifier bayes: not enough learns 0; 200 
>> required
>> (normal) <b2d822>; task; rspamd_redis_connected: skip obtaining bayes 
>> tokens for BAYES_SPAM of classifier bayes: not enough learns 0; 200 
>> required
>> (normal) <b2d822>; task; rspamd_stat_classifiers_process: skip 
>> statistics as SPAM class is missing
>> (normal) <b2d822>; task; rspamd_task_write_log: id: 
>> <C7B973E7-D719-48E0-AF2F-A56230DDAD5D at inside-m2m.de>, qid: 
>> <C16674014E>, ip: 80.187.115.42, user: YYY at inside-m2m.de, from: 
>> <YYY at inside-m2m.de>, (default: T (add header): [8.60/15.00] 
>> [R_SUSPICIOUS_URL(5.00){https://linkprotect.cudasvc.com/url?a=https%3a%2f%2fwa.me&c=E,1,uGIxyk33dp0UrAoPyMxeHXFw7sbcHeopLRNbThIs5ggD_m7L3aniVUa5axNAChpFQrSmTUrUSJWPW7p2kaItpnLkfoyoYJGPqZJzttGaBX_8VlrY2qso25MM&typo=1;},MIME_MA_MISSING_TEXT(2.00){},URI_COUNT_ODD(1.00){7;},MV_CASE(0.50){},MIME_HTML_ONLY(0.20){},MIME_GOOD(-0.10){multipart/alternative;multipart/mixed;},ARC_NA(0.00){},ASN(0.00){asn:3320, 
>> ipnet:80.187.0.0/16, 
>> country:DE;},FROM_EQ_ENVFROM(0.00){},FROM_HAS_DN(0.00){},HAS_ATTACHMENT(0.00){},MID_RHS_MATCH_FROM(0.00){},MIME_TRACE(0.00){0:+;1:+;2:~;3:~;4:~;5:~;6:~;7:~;...;},NEURAL_HAM(0.00){-0.991;},RCPT_COUNT_THREE(0.00){4;},RCVD_COUNT_ZERO(0.00){0;},TO_DN_ALL(0.00){},TO_MATCH_ENVRCPT_ALL(0.00){}]), 
>> len: 1951822, time: 492.748ms, dns req: 60, dig
> est: <7290610468f94d6b2b64258eecf1007b>, rcpts: 
> <AAA at inside-m2m.de,BBB at inside-m2m.de,CCC at inside-m2m.de,DDD at inside-m2m.de>, 
> mime_rcpts: <EEE at inside-m2m.de,FFF at inside-m2m.de,GGG at inside-m2m.de,...>
>>
>> I also tried this:
>>
>> settings {
>>     authenticated {
>>         authenticated = true;
>>         priority = "high";
>>         apply {
>>             groups_disabled [
>>                 "rbl",
>>                 "spf",
>>             ]
>>             flags [
>>                 "skip_process",
>>             ]
>>             symbols_enabled [
>>                 "DKIM_SIGNED",
>>             ]
>>         }
>>     }
>> }
>>
>> But this does not change the behaviour.
>> This is a debian installation, if importand.
>>
>> What am I missing?
>>
>> Kind Regards
>> Konstantin
>>
>>
>>
>>

More information about the Users mailing list