[Rspamd-Users] "soft reject" and "clamav: failed to scan, maximum retransmits exceed"
Andreas
rspamd at linuxmaker.com
Tue Mar 5 13:37:39 UTC 2024
Am Dienstag, 5. März 2024, 14:26:08 CET schrieb G.W. Haywood:
> Hi there,
>
> On Tue, 5 Mar 2024, Andreas wrote:
> > ... where would I have to look so that the soft rejects are
> > delivered normally?
>
> You could try something like
>
> rspamadm configdump | grep -C10 soft
Thanks for it. Here’s the output:
rspamadm configdump | grep -C10 soft
conflicting files /etc/rspamd/local.d/statistic.conf and /etc/rspamd/local.d/
classifier-bayes.conf are found: Rspamd classifier configuration might be broken!
ip_score module is deprecated in honor of reputation module!
redefining fallback backend from /etc/rspamd/maps.d/surbl-whitelist.inc to /
etc/rspamd/maps.d/surbl-whitelist.inc
implicitly enabling luapattern returncodes_matcher for rule SURBL_HASHBL
implicitly enabling luapattern returncodes_matcher for rule DWL_DNSWL
implicitly enabling luapattern returncodes_matcher for rule RCVD_IN_DNSWL
}
VIRUS_REJECT {
action = "reject";
expression = "CLAM_VIRUS";
message = "REJECT - virus found (support-id ${queueid})";
}
VIRUS_SCANNER_FAIL_EXC {
honor_action [
"reject",
]
action = "soft reject";
expression = "CLAM_VIRUS_FAIL";
message = "Tempfail - internal scan engine error. (support-id $
{queueid})";
}
}
}
worker {
normal {
bind_socket = "localhost:11333";
mime = true;
}
--
}
ARC_NA {
weight = 0;
description = "ARC signature absent";
groups [
"arc",
]
}
R_DKIM_TEMPFAIL {
weight = 0;
description = "DKIM verification soft-failed";
groups [
"dkim",
]
}
R_DKIM_NA {
weight = 0;
description = "Missing DKIM signature";
groups [
"dkim",
]
--
}
DMARC_POLICY_ALLOW_WITH_FAILURES {
weight = -0.500000;
description = "DMARC permit policy with DKIM/SPF failure";
groups [
"dmarc",
]
}
R_SPF_SOFTFAIL {
weight = 0;
description = "SPF verification soft-failed";
groups [
"spf",
]
}
R_SPF_NEUTRAL {
weight = 0;
description = "SPF policy is neutral";
groups [
"spf",
]
--
"169.254.0.0/16",
"fe80::/10",
"127.2.4.7",
]
pidfile = "/run/rspamd/rspamd.pid";
check_all_filters = true;
cache_file = "/var/lib/rspamd/symbols.cache";
map_watch_interval = 300;
map_file_watch_multiplier = 0.100000;
dynamic_conf = "/var/lib/rspamd/rspamd_dynamic";
soft_reject_on_timeout = false;
history_file = "/var/lib/rspamd/rspamd.history";
hs_cache_dir = "/var/lib/rspamd/";
dns_max_requests = 64;
max_lua_urls = 1024;
max_urls = 10240;
max_recipients = 1024;
task_timeout = 8;
tempdir = "/tmp";
dns {
timeout = 1;
--
timeout = 300;
message = "Try again later";
expire = 86400;
whitelist_domains_url [
"/etc/rspamd/local.d/greylist-whitelist-domains.inc",
"/etc/rspamd/local.d/maps.d/greylist-whitelist-domains.inc",
]
ipv6_mask = 64;
max_data_len = 10000;
key_prefix = "rg";
action = "soft reject";
ipv4_mask = 19;
}
url_tags {
enabled = false;
}
mime_types {
file [
"https://maps.rspamd.com/rspamd/mime_types.inc.zst",
"/etc/rspamd/local.d/maps.d/mime_types.inc.local",
"/var/lib/rspamd/mime_types.inc.local",
--
expression = "FORGED_SENDER & (ENVFROM_PRVS | ENVFROM_VERP)";
}
IP_SCORE_FREEMAIL {
score = 0;
description = "Negate IP_SCORE when message comes from FreeMail";
expression = "FREEMAIL_FROM & SENDER_REP_SPAM";
policy = "remove_weight";
}
VIOLATED_DIRECT_SPF {
score = 3.500000;
description = "Has no Received (or no trusted received relays) and SPF
policy fails or soft fails";
expression = "(R_SPF_FAIL | R_SPF_SOFTFAIL) & (RCVD_COUNT_ZERO |
RCVD_NO_TLS_LAST)";
policy = "leave";
}
AUTH_NA {
score = 1;
policy = "remove_weight";
expression = "R_DKIM_NA & R_SPF_NA & DMARC_NA & ARC_NA";
description = "Authenticating message via SPF/DKIM/DMARC/ARC not
available";
}
BAD_REP_POLICIES {
--
group = "compromised_hosts";
}
INTRODUCTION {
score = 2;
description = "Sender introduces themselves";
re = "/\\b(?:my name is\\b|(?:i am|this is)\\s+(?:mr|mrs|ms|miss|
master|sir|prof(?:essor)?|d(?:octo)?r|rev(?:erend)?)(?:\\.|\\b))/{sa_body}i";
group = "scams";
one_shot = true;
}
OLD_X_MAILER {
re = "X-Mailer=/^(?:Microsoft Outlook Express|QUALCOMM Windows Eudora
(Pro )?Version [1-6]\\.|The Bat! \\(v[12]\\.|Microsoft Outlook IMO, Build 9\\.
0\\.|Microsoft Outlook, Build 10\\.|i(Phone|Pad) Mail \\((?:[1-8][A-L]|12H|
13E))/
{header}";
description = "X-Mailer header has a very old MUA version";
group = "headers";
score = 2;
}
TO_EXCESS_QP {
re = "To=/=\\?\\S+\\?Q\\?/iX & !To=/[\\x00-\\x08\\x0b\\x0c\\x0e-\\x1f\
\x7f-\\xff]/Hr";
description = "To header is unnecessarily encoded in quoted-printable";
group = "excessqp";
score = 1.200000;
}
--
score = 0;
}
MAIL_RU_MAILER {
re = "(X-Mailer=/^Mail\\.Ru Mailer 1\\.0$/H) & (Received=/^(?:from \\[\
\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\] )?by e\\.mail\\.ru with HTTP;/
mH)";
description = "Sent with Mail.Ru webmail";
group = "headers";
score = 0;
}
MICROSOFT_SPAM {
re = "X-Forefront-Antispam-Report=/SFV:SPM/H";
description = "Microsoft says the message is spam";
group = "upstream_spam_filters";
score = 4;
}
MIME_HTML_ONLY {
re = "has_only_html_part()";
description = "Message has only an HTML part";
group = "headers";
score = 0.200000;
}
SUBJ_EXCESS_QP {
--
description = "Forged X-Mailer header";
group = "headers";
score = 4.500000;
}
HAS_X_ANTIABUSE {
re = "header_exists('X-AntiAbuse')";
description = "Has X-AntiAbuse headers";
group = "compromised_hosts";
}
MISSING_MIMEOLE {
re = "(header_exists(X-MSMail-Priority)) & !(header_exists(X-MimeOLE))
& !(X-Mailer=/SquirrelMail\\b/H) & !(X-Mailer=/^Microsoft (?:Office )?Outlook
[12]\\d\\.0/) & !(header_exists(X-Android-Message-Id))";
description = "Mime-OLE is needed but absent (e.g. fake Outlook or fake
Exchange)";
group = "headers";
score = 2;
}
MISSING_SUBJECT {
score = 2;
description = "Subject header is missing";
re = "!raw_header_exists(Subject)";
group = "headers";
mime_only = true;
--
description = "Message contains X-PHP-Script pattern";
group = "compromised_hosts";
}
PRECEDENCE_BULK {
re = "Precedence=/bulk/Hi";
description = "Message marked as bulk";
group = "upstream_spam_filters";
score = 0;
}
RATWARE_MS_HASH {
re = "(Message-Id=/[0-9a-f]{4,}\\$[0-9a-f]{4,}\\$[0-9a-f]{4,}\\@\\S+/H)
& !(X-MimeOLE=/^Produced By Microsoft MimeOLE/H) & !(Received=/with Microsoft
Exchange Server/H)";
description = "Forged Exchange messages";
group = "headers";
score = 2;
}
R_RCVD_SPAMBOTS {
score = 3;
description = "Spambots signatures in received headers";
re = "Received=/^from \\[\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\]
by [-.\\w+]{5,255}; [SMTWF][a-z][a-z], [\\s\\d]?\\d [JFMAJSOND][a-z][a-z] \
\d{4} \\d{2}:\\d{2}:\\d{2} [-+]\\d{4}$/mH";
group = "headers";
mime_only = true;
--
group = "headers";
mime_only = true;
}
FORGED_MSGID_YAHOO {
re = "(Message-Id=/\\@yahoo\\.com\\b/iH) & !(From=/\\@yahoo\\.com\\b/
iH)";
description = "Forged Yahoo Message-ID header";
group = "headers";
score = 2;
}
FORGED_MUA_OUTLOOK {
re = "((X-Mailer=/\\bOutlook Express [456]\\./H & !Message-Id=/^<?[A-
Za-z0-9-]{7}[A-Za-z0-9]{20}\\@hotmail\\.com>?$/mH & !Message-Id=/^<?(?:[0-9a-
f]{8}|[0-9a-f]{12})\\$[0-9a-f]{8}\\$[0-9a-f]{8}\\@\\S+>?$/H & !(List-
Unsubscribe=/<
mailto:(?:leave-\\S+|\\S+-unsubscribe)\\@\\S+>$/H | Received=/\\/CWT\\/DCE\\)/
H | Received=/iPlanet Messaging Server/H | Message-Id=/^<?BAY\\d+-DAV\\d+[A-
Z0-9]{25}\\@phx\\.gbl?>$/H | Message-Id=/^<?BAYC\\d+-PASMTP\\d+[A-Z0-9]{25}\
\@CEZ\\
.ICE>?$/H | Message-ID=/^<mailman\\.\\d+\\.\\d+\\.\\d+\\.[-+.:=\\w]+@[-a-zA-Z\
\d.]+>$/H)) | (X-Mailer=/^Microsoft Outlook(?: 8| CWS, Build 9|, Build 10)\\./
H & !Message-Id=/^<?(?:[0-9a-f]{8}|[0-9a-f]{12})\\$[0-9a-f]{8}\\$[0-9a-f]{8}\
\@\\
S+>?$/H & !Message-Id=/^<?\\!\\~\\!>?/H & !Message-Id=/^<?[A-F\\d]{32}\\@\
\S+>?$/H & !Message-Id=/^<?[A-F\\d]{36,40}\\@\\S+>?$/H & !(List-Unsubscribe=/
<mailto:(?:leave-\\S+|\\S+-unsubscribe)\\@\\S+>$/H | Received=/\\/CWT\\/DCE\
\)/H | Rec
eived=/iPlanet Messaging Server/H | Message-Id=/^<?BAY\\d+-DAV\\d+[A-Z0-9]{25}
\\@phx\\.gbl?>$/H | Message-Id=/^<?BAYC\\d+-PASMTP\\d+[A-Z0-9]{25}\\@CEZ\
\.ICE>?$/H | Message-ID=/^<mailman\\.\\d+\\.\\d+\\.\\d+\\.[-+.:=\\w]+@[-a-zA-
Z\\d.]+>$
/H))) & !X-Mailer=/^Microsoft Outlook, Build 10.0.3416$/H & !X-Mailer=/
^Microsoft Outlook Express 6.00.3790.3959$/H & !Message-Id=/^<?[A-F\\d]{32}\
\@\\S+>?$/H";
description = "Forged Outlook MUA";
group = "mua";
score = 3;
}
FROM_EXCESS_BASE64 {
score = 1.500000;
description = "From header is unnecessarily encoded in base64";
re = "From=/=\\?\\S+\\?B\\?/iX & !From=/[\\x00-\\x08\\x0b\\x0c\\x0e-\
\x1f\\x7f-\\xff]/Hr";
group = "excessb64";
mime_only = true;
--
}
SUBJ_EXCESS_BASE64 {
re = "Subject=/\\=\\?\\S+\\?B\\?/iX & !Subject=/[\\x00-\\x08\\x0b\\x0c\
\x0e-\\x1f\\x7f-\\xff]/Hr";
description = "Subject header is unnecessarily encoded in base64";
group = "excessb64";
score = 1.500000;
}
FORGED_OUTLOOK_HTML {
score = 5;
description = "Forged Outlook HTML signature";
re = "!Received=/from \\[\\S+\\] by \\S+\\.(?:groups|scd|dcn)\\.yahoo\
\.com with NNFMP/H & X-Mailer=/^Microsoft Outlook\\b/H &
has_only_html_part()";
group = "headers";
mime_only = true;
}
FORGED_OUTLOOK_TAGS {
re = "!Received=/from \\[\\S+\\] by \\S+\\.(?:groups|scd|dcn)\\.yahoo\
\.com with NNFMP/H & X-Mailer=/^Microsoft Outlook\\b/H &
content_type_is_type(text) & content_type_is_subtype(/.?html/) & !
(has_html_tag(html) & has_html_tag(h
ead) & has_html_tag(meta) & has_html_tag(body))";
description = "Message pretends to be send from Outlook but has
'strange' tags";
group = "headers";
score = 2.100000;
}
FROM_NEEDS_ENCODING {
score = 1;
description = "From header needs encoding";
re = "!(From=/=\\?\\S+\\?B\\?/iX) & !(From=/=\\?\\S+\\?Q\\?/iX) &
(From=/[\\x00-\\x08\\x0b\\x0c\\x0e-\\x1f\\x7f-\\xff]/X)";
group = "headers";
mime_only = true;
More information about the Users
mailing list