Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Yomi sandbox: sandbox force_actions rule disables existing config #6204

Closed
nrauso opened this issue Mar 27, 2023 · 5 comments
Closed

Yomi sandbox: sandbox force_actions rule disables existing config #6204

nrauso opened this issue Mar 27, 2023 · 5 comments
Labels
bug A defect of the software verified All test cases were verified successfully

Comments

@nrauso
Copy link
Collaborator

nrauso commented Mar 27, 2023
edited
Loading

The nethserver-yomi package installation overrides the force_actions rules in rspamd introduced with the #6665 issue.
This behavior disables the actions used by rspamd to reject e-mails from blacklisted senders and to temporary reject e-mails for which ClamAV scan fails.
This happens because we use a file into override.d path of rspamd to configure the Yomi Sandbox rule and, as stated into the rspamd documenation, this override completely the default force_actions configuration.
We need to move the Yomi Sendbox rule into the local.d/force_actions.conf template to merge it with the existing ones.

Steps to reproduce

  • Install E-mail server from Software Center;
  • Check the active force_actions rules in rspamd using the command:
    rspamadm configdump force_actions
  • Install Yomi Sandbox package (nethserver-yomi) on the same server;
  • Check again the active force_actions rules in rspamd:
    rspamadm configdump force_actions

Expected behavior

There should be 3 force_actions rules: REJECT_FROM_BLACKLIST, CLAM_VIRUS_FAIL, YOMI_FAIL

Actual behavior

Only YOMI_FAIL rule is present.

Components

nethserver-mail-filter-2.32.1-1.ns7.noarch
nethserver-yomi-2.2.1-1.ns7.noarch
@nrauso nrauso added the bug A defect of the software label Mar 27, 2023
@nrauso
Copy link
Collaborator Author

nrauso commented Mar 27, 2023
edited
Loading

We could remove the /etc/rspamd/override.d/force_actions.conf static file and add a fragment to the /etc/rspamd/local.d/force_actions.conf template, for example:

cat /etc/e-smith/templates/etc/rspamd/local.d/force_actions.conf/40YOMI_SOFTREJECT
    YOMI_FAIL \{
        action = "soft reject";
        message = "Yomi cannot validate the message now. Try again later";
        expression = "YOMI_FAIL";
    \}

@nethbot

This comment was marked as duplicate.

Sign in to view
1 similar comment
@nethbot
Copy link
Member

nethbot commented Mar 27, 2023

in 7.9.2009/nethesis-testing:

  • nethserver-yomi-2.2.1-1.3.g07b5624.ns7.noarch.rpm x86_64

@gsanchietti gsanchietti added the testing Packages are available from testing repositories label Mar 27, 2023
@nrauso
Copy link
Collaborator Author

nrauso commented Mar 27, 2023

test: VERIFIED

@nrauso nrauso added verified All test cases were verified successfully and removed testing Packages are available from testing repositories labels Mar 27, 2023
@nethbot
Copy link
Member

nethbot commented Mar 27, 2023

in 7.9.2009/nethesis-updates:

  • nethserver-yomi-2.2.2-1.ns7.noarch.rpm x86_64

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug A defect of the software verified All test cases were verified successfully
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@gsanchietti @nrauso @nethbot