Enable Greylist and block domain

S

ssgill

Verified User
Joined
May 9, 2012
Messages
164
Hello, rspamd is not rejecting domain listed in greylist (blacklist)

Centos 7
Rspamd daemon version 2.5
Redis server v=3.2.12 sha=00000000:0 malloc=jemalloc-3.6.0 bits=64 build=7897e7d0e13773f
Directadmin and all other scripts upto date.

i have enabled greylist by adding
/etc/rspamd/local.d/greylist.conf
Code: 
enabled = true;

Entries in user folder
/etc/rspamd/users.d/domain.conf

Code: 
domain_prefs {
        id = "domain_prefs";
        priority = medium;
        rcpt = "[email protected]"
        rcpt = "@domain.ca"
        apply {
                   actions {
                        greylist = null;
                        "add header" = 10.0;
                }
        }
}
domain_blacklist {
        priority = high;
        rcpt = "[email protected]"
        rcpt = "@domain.ca"
        from = "/.*\.faith/"
        from = "/.*@blockdomain\.com/"
        from = "/.*@blockdomain1\.com/"

        apply {
                   actions {
                        reject = -999;
                        greylist = null;
                        "add header" = null;
                }
        }
}

But emails coming from these domains are not being rejected, they are delivered to inbox.

I added those domain from Directadmin->user->Spamassassin Setup
Settings: spamd folder, high threshold (10), do not block score, set subject to following

Email Black list: these domains appear in /etc/rspamd/users.d/domain.conf
Code: 
*.faith
*.blockdomain.com
*.blockdomain1.com

Rspamd web gui, under configuration there is no graylist file ( only couple of whitelist, rpamd_dynamic and mime type ), landing page of gui shows tihs table. Notice Greyisted is all 0


ActionMessagesMinimum, msg/minAverage, msg/minMaximum, msg/minLast, msg/min
Rejected28000.0215090.66630
Temporarily rejected00000
Subject rewritten00000
Probable spam8500.0104070.33330
Greylisted00000
Clean122000.0853431.332060

Rpamd Log file

Code: 
2020-08-19 16:18:47 #2660(normal) <d2e3eb>; lua; mime_types.lua:293: using special tables from user settings
2020-08-19 16:18:47 #2660(normal) <d2e3eb>; lua; mime_types.lua:293: using special tables from user settings
2020-08-19 16:18:47 #2660(normal) <d2e3eb>; task; dkim_module_key_handler: stored DKIM key for mail._domainkey.domain.org in LRU cache for 3600 seconds, 82/2000 elements in the cache
2020-08-19 16:18:47 #2660(normal) <d2e3eb>; spf; spf_process_element: spf error for domain domain.org: bad spf command ipv4:207.154.195.69
2020-08-19 16:18:47 #2660(normal) <d2e3eb>; task; rspamd_spf_record_postprocess: increasing ttl from 59 to 300 as it lower than a limit
2020-08-19 16:18:47 #2660(normal) <d2e3eb>; task; rspamd_spf_maybe_return: stored record for domain.org (0x49cc41591ff82061) in LRU cache for 300 seconds, 78/2000 elements in the cache
2020-08-19 16:18:47 #2660(normal) <d2e3eb>; task; rspamd_symcache_finalize_item: slow rule: RBL_NIXSPAM(260): 386.08 ms; enable slow timer delay
2020-08-19 16:18:47 #2660(normal) <d2e3eb>; task; rspamd_stat_classifiers_process: skip statistics as SPAM class is missing
2020-08-19 16:18:47 #2660(normal) <d2e3eb>; task; rspamd_task_write_log: id: <[email protected]>, qid: <1k8WPu-0003qK-LG>, ip: 188.40.14.173, from: <[email protected]>, (default: F (no action): [-0.70/15.00] [DMARC_POLICY_ALLOW(-0.50){domain.org;quarantine;},MIME_HTML_ONLY(0.20){},R_DKIM_ALLOW(-0.20){domain.org:s=mail;},R_SPF_ALLOW(-0.20){+ip4:188.40.14.173;},MIME_GOOD(-0.10){multipart/related;},ONCE_RECEIVED(0.10){},ARC_NA(0.00){},ASN(0.00){asn:24940, ipnet:188.40.0.0/16, country:DE;},DKIM_TRACE(0.00){domain.org:+;},FROM_EQ_ENVFROM(0.00){},FROM_HAS_DN(0.00){},MIME_TRACE(0.00){0:+;1:~;2:~;3:~;},RCPT_COUNT_ONE(0.00){1;},RCVD_COUNT_ONE(0.00){1;},RCVD_TLS_ALL(0.00){},TO_DN_NONE(0.00){},TO_MATCH_ENVRCPT_ALL(0.00){}]), len: 31424, time: 831.767ms, dns req: 48, digest: <3ebe6f276d3c83bc4c323bcbb627876a>, rcpts: <[email protected]>, mime_rcpts: <[email protected]>, settings_id: domain_prefs
2020-08-19 16:18:47 #2660(normal) <d2e3eb>; task; rspamd_protocol_http_reply: regexp statistics: 0 pcre regexps scanned, 5 regexps matched, 184 regexps total, 77 regexps cached, 0B scanned using pcre, 9.05KiB scanned total

Any help would be appreciated.
Thanks
 
See if this helps

Via the User Level -> SpamAssassin Setup page, both the blacklist and whitelist entries now support more detailed wildcards.

For example, you can now use:

  • @.com
  • *.com
  • fred@*.com
  • fred@test.*
  • etc.
Previously supported values still supported include:

This applies via both Exim's per-domain filter for use with SpamAssassin and via Rspamd's per-user filter:
Click to expand...

try
Code: 
*@domain.com
 
Thanks, i do have redis installed and configured

local.d/redis.conf
servers = "127.0.0.1:6379";

/etc/virtual/domain.com/filter.conf
0=type=domain&value=domain.com
1=type=domain&value=domain.ca
action=action=drop // two action, is this statement correct
adult=ON
high_score=29
high_score_block=no
where=userspamfolder

/etc/rspamd/users.d/
content of this file are listed above

Thanks
 
ssgill said:
Thanks, i do have redis installed and configured

local.d/redis.conf
servers = "127.0.0.1:6379";

/etc/virtual/domain.com/filter.conf
0=type=domain&value=domain.com
1=type=domain&value=domain.ca
action=action=drop // two action, is this statement correct
adult=ON
high_score=29
high_score_block=no
where=userspamfolder

/etc/rspamd/users.d/
content of this file are listed above

Thanks
Click to expand...
Reading to fast I suppose...
 
Not sure, have not received email from blocked domains yet. I did found one entry in rspamd web gui history tab marked as "Soft Reject", i would like to mark those emails as rejected. What does soft reject means anyway
 
You must log in or register to reply here.
Back
Top