Some comments while testing rspamd

myH2Oservers

Verified User
Joined
Mar 13, 2006
Messages
246
Location
Netherlands
We tested rspamd today and found some items that need additional checks.

- Installation on CentOS 7 fails with the following error due unresolved dependencies. Fixed this by installing the EPEL repo on the server. EPEL (or the specific RPM) needs to be available and could be added to the custombuild script.

Code:
[@server custombuild]# ./build rspamd
[rspamd]
name=Rspamd stable repository
baseurl=http://rspamd.com/rpm-stable/centos-7/x86_64/
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=http://rspamd.com/rpm/gpg.key
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   167  100   167    0     0   1132      0 --:--:-- --:--:-- --:--:--  1136
Loaded plugins: fastestmirror
Determining fastest mirrors
 * base: mirror.denit.net
 * extras: centos.mirror.transip.nl
 * updates: ftp.nluug.nl
base                                                                                                                                                                                                                  | 3.6 kB  00:00:00
extras                                                                                                                                                                                                                | 2.9 kB  00:00:00
rspamd/signature                                                                                                                                                                                                      |  833 B  00:00:00
Retrieving key from http://rspamd.com/rpm/gpg.key
Importing GPG key 0xBF21E25E:
 Userid     : "Rspamd Nightly Builds (Rspamd Nightly Builds) <[email protected]>"
 Fingerprint: 3fa3 47d5 e599 be45 95ca 2576 ffa2 32ed bf21 e25e
 From       : http://rspamd.com/rpm/gpg.key
rspamd/signature                                                                                                                                                                                                      | 2.9 kB  00:00:00 !!!
updates                                                                                                                                                                                                               | 2.9 kB  00:00:00
(1/5): base/7/x86_64/group_gz                                                                                                                                                                                         | 165 kB  00:00:00
(2/5): extras/7/x86_64/primary_db                                                                                                                                                                                     | 152 kB  00:00:00
(3/5): base/7/x86_64/primary_db                                                                                                                                                                                       | 6.0 MB  00:00:00
(4/5): rspamd/primary_db                                                                                                                                                                                              | 6.5 kB  00:00:00
(5/5): updates/7/x86_64/primary_db                                                                                                                                                                                    | 1.1 MB  00:00:00
Resolving Dependencies
--> Running transaction check
---> Package rspamd.x86_64 0:1.9.4-3 will be installed
--> Processing Dependency: libopenblas.so.0()(64bit) for package: rspamd-1.9.4-3.x86_64
--> Processing Dependency: libevent-2.0.so.5()(64bit) for package: rspamd-1.9.4-3.x86_64
--> Processing Dependency: libunwind.so.8()(64bit) for package: rspamd-1.9.4-3.x86_64
--> Processing Dependency: libicui18n.so.50()(64bit) for package: rspamd-1.9.4-3.x86_64
--> Processing Dependency: libicuuc.so.50()(64bit) for package: rspamd-1.9.4-3.x86_64
--> Processing Dependency: libicudata.so.50()(64bit) for package: rspamd-1.9.4-3.x86_64
--> Running transaction check
---> Package libevent.x86_64 0:2.0.21-4.el7 will be installed
---> Package libicu.x86_64 0:50.2-3.el7 will be installed
---> Package libunwind.x86_64 2:1.2-2.el7 will be installed
---> Package rspamd.x86_64 0:1.9.4-3 will be installed
--> Processing Dependency: libopenblas.so.0()(64bit) for package: rspamd-1.9.4-3.x86_64
--> Finished Dependency Resolution
Error: Package: rspamd-1.9.4-3.x86_64 (rspamd)
           Requires: libopenblas.so.0()(64bit)
 You could try using --skip-broken to work around the problem
 You could try running: rpm -Va --nofiles --nodigest
Yum failed to install rspamd.

- We use the latest exim.conf release (4.5.18) with some small customizations for our SpamExperts implementation. Therefore we have exim_conf disabled in custombuild as we manage exim.conf ourselves. Would be nice if the ESF installation tries to grep for the running Spamblocker version instead of checking if the value is set to yes. Checking if the setting is set to yes does not say anything about the running version, and the only thing ESF needs if the couple of includes in exim.conf. We worked around this by setting it to yes, install ESF and set it back to no.

Code:
[@server custombuild]# ./build easy_spam_fighter
You cannot enable Easy Spam Fighter, because you do not have it set in options.conf file (easy_spam_fighter/eximconf options).

- Because ESF does SPF checking this causes issues with external spamfilters like SpamExperts. SpamExperts filters the email and sends it to ESF. Fixed this by adding:
delivery.antispamcloud.com
*.antispamcloud.com
To file /etc/virtual/esf_skip_hosts. Maybe it would be an idea to deliver /etc/virtual/esf_skip_hosts with prefilled values like SpamExperts (and I know there will be some many other filters.. maybe we have to conclude that SPF checking is not a very good mechanism?).
Code:
SPF: 2a00:1630:2:807::1 is not allowed to send mail from forum.directadmin.com: Please see http://www.openspf.org/Why?id=forum%40forum.directadmin.com&ip=2a00%3a1630%3a2%3a807%3a%3a1&receiver=server.hostname.com : Reason: mechanism

- Above alert also contains the link to www.openspf.org. However this website is down for many months already. Maybe remove this part of the alert?

- If a sender's mailserver has no reverse DNS a spam score of 100 is assigned (check_mail.conf). The default limit is 55. Why is Exim still processing further communication after the connect while it is already decided that we will not accept the email. Can't Exim disconnect earlier (before the RCPT command)? Or is the idea that further checks could decrease the score so the email is still accepted?

Code:
2019-09-29 13:28:33 ReverseDNS: No reverse DNS for mailserver at 200.77.186.212, +100 Spam score
2019-09-29 13:28:36 H=(zz.it) [200.77.186.212] F=<[email protected]> rejected RCPT <[email protected]>: authentication required
2019-09-29 13:28:37 H=(zz.it) [200.77.186.212] incomplete transaction (connection lost) from <[email protected]>
2019-09-29 13:28:37 unexpected disconnection while reading SMTP command from (zz.it) [200.77.186.212] D=5s

- In the rspamd logfile we see these errors. What do they mean? Do we need to open this port in our firewall? Or don't we need the fuzzy service and ignore them?
Code:
got error on IO with server fuzzy2.rspamd.com(88.99.142.95:11335), on write, 1, Operation not permitted 
got error on IO with server fuzzy1.rspamd.com(88.99.142.95:11335), on write, 1, Operation not permitted

- The password and enable_password in the controller are not set / set to "q1". I want to suggest to set this to a random value just for safety. The password will normally not be used so could be anything (or maybe the hashed version of one of the passwords set in setup.txt)
https://rspamd.com/doc/workers/controller.html

- Is rspamd already user setting aware? Are the settings in the spamassassin user level taken in considerations? Is the default limit of 55 depending on what the user has configured?

- If ESF checks are skipped because of the esf_skip_hosts setting still the following header is added "SpamTally: Final spam score: ". This could be skipped in my opinion.

- Regarding the GUI plugin with statistics of rspamd: it would be nice if emails that are not scanned because of (for example) esf_skip_hosts still flow through rspamd but are not scanned within rspamd. This way the emails are still counted (but rspamd could use an additional category "not scanned" or something like that).

- Just got an error in the exim log. Not sure if it is a valid one:
2019-09-29 15:45:21 H=(yy.it) [xx] Warning: ACL "warn" statement skipped: condition test deferred: failed to expand ACL string "${lookup dnsdb{ptr=$sender_host_address}{false}{true}}": lookup of "ptr=193.187.82.74" gave DEFER:
2019-09-29 15:45:21 H=(yy.it) [xx] Warning: ACL "warn" statement skipped: condition test deferred: host lookup deferred for reverse lookup check
 
Last edited:
OK, I see. Please note there are post/pre inclusions available for exim.conf as well as /etc/exim.strings.conf.custom, /etc/exim.variables.conf.custom
 
Back
Top