Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

milter-reject: END-OF-MESSAGE #1776

Closed
2 of 12 tasks
johnwmail opened this issue Jul 28, 2017 · 9 comments
Closed
2 of 12 tasks

milter-reject: END-OF-MESSAGE #1776

johnwmail opened this issue Jul 28, 2017 · 9 comments

Comments

@johnwmail
Copy link

Classification (Please choose one option):

  • Crash/Hang/Data loss
  • WebUI/Usability
  • Serious bug
  • Other bug
  • Feature
  • Enhancement

Reproducibility (Please choose one option):

  • Always
  • Sometimes
  • Rarely
  • Unable
  • I didn’t try
  • Not applicable

Rspamd version:

1.6.2

Operation system, CPU, memory and environment:

OpenBSD, intel 64bit, 8G, postfix/dovecot-lmtp

Description (Please provide a descriptive summary of the issue):

I set my "reject action" with very high score (950),
Because, I only want two result either add_header(spam) or no action(ham),
I do not want greylist/soft reject/reject ... etc.
I want receive all mail immediately, either to Inbox or to spam folder

my /etc/rspamd/override.d/metrics.conf
actions {
reject = 950;
add_header = 6;
}

But I still see some mail rejected by milter in /var/log/maillog, the message like this
postfix/cleanup[66014]: B8A44169A1C: milter-reject: END-OF-MESSAGE from unknown[1.2.3.4]: 4.7.1 Try again later; from=user@domain.com

My question is, why postfix rejected mail by milter (I have only rspamd milter)?
why rspamd reject mail?
how to set rspamd never reject mail? but only add header, if rspamd detected spam.

Thanks.
@dimejo
Copy link

dimejo commented Jul 28, 2017

This looks like a temporary reject from the greylisting module.

@johnwmail
Copy link
Author

I already disabled greylist.
/etc/rspamd/local.d/greylist.conf
disable = true

@fatalbanana
Copy link
Member

You want enabled = false rather.

@johnwmail
Copy link
Author

You want enabled = false rather.

Thanks for tips, let see the result after few days

@johnwmail
Copy link
Author

The problem is gone, thanks.

@cscholz
Copy link

cscholz commented Dec 30, 2018

I've got the same issue result. Three days ago I've installed a spam trap with a map of allowed recipients. Up to now everything looks goot. E-Mails to this address were accepted even if they are tagged 50+.

/etc/rspamd/override.d/spamtrap.conf

score = 1.0;
learn_fuzzy = true;
learn_spam = true;
fuzzy_flag = 1;
map = "file://$LOCAL_CONFDIR/local.d/local_spamtrap.map.inc";
enabled = true;

    actions {
        reject = 100.0;
        greylist = null; # Disable greylisting (from 1.8.1)
        groups_disabled = ["rbl", "antivirus", "dkim", "spf", "dmarc"]
        symbols_disabled = ["GREYLIST_CHECK", "GREYLIST_SAVE"];
}

Today a short spam wave arrived and all emails to the spam trap have been rejected. They difference to the previously accepted e-mails is as far as I can see that the sender is the same as the recipient. Due to the settings above dmarc should be disabled. Bit seems that the dmarc rule is applied (line 12).

Below is the whole log section. Only the e-mail address is masked.

1: Dec 30 18:48:49 ns3 postfix/smtpd[14248]: connect from unknown[80.252.131.174]
2: Dec 30 18:48:49 ns3 rspamd[11968]: <04c679>; proxy; proxy_accept_socket: accepted milter connection from 127.0.0.1 port 54704
3: Dec 30 18:48:49 ns3 postfix/smtpd[14248]: F00619E3B1: client=unknown[80.252.131.174]
5: Dec 30 18:48:49 ns3 rspamd[11968]: <04c679>; milter; rspamd_milter_process_command: got connection from 80.252.131.174:23398
6: Dec 30 18:48:50 ns3 postfix/cleanup[14289]: F00619E3B1: message-id=<001f01d4a081$04206c84$4678aeb9$@mydomain.tld>
7: Dec 30 18:48:50 ns3 rspamd[11968]: <04c679>; proxy; rspamd_message_parse: loaded message; id: <001f01d4a081$04206c84$4678aeb9$@mydomain.tld>; queue-id: <F00619E3B1>; size: 9662; checksum: <9fb69ae8c4b26242a635433a3cf70914>
8: Dec 30 18:48:50 ns3 rspamd[11968]: <04c679>; lua; settings.lua:358: check for settings
9: Dec 30 18:48:50 ns3 rspamd[11968]: <04c679>; proxy; rspamd_mime_text_part_utf8_convert: converted from IBM852 to UTF-8 inlen: 3401, outlen: 3401 (3401 UTF16 chars)
10: Dec 30 18:48:50 ns3 rspamd[11968]: <04c679>; proxy; rspamd_mime_text_part_utf8_convert: converted from IBM852 to UTF-8 inlen: 5143, outlen: 5143 (5143 UTF16 chars)
11: Dec 30 18:48:50 ns3 rspamd[11968]: <04c679>; proxy; rspamd_mime_part_detect_language: detected part language: de
12: Dec 30 18:48:50 ns3 rspamd[11968]: <04c679>; proxy; rspamd_add_passthrough_result: <001f01d4a081$04206c84$4678aeb9$@mydomain.tld>: set pre-result to reject (no score): 'Action set by DMARC' from dmarc(1)
13: Dec 30 18:48:50 ns3 rspamd[11968]: <04c679>; proxy; fuzzy_check_lua_process_learn: skip rule local as it has no flag 1 defined false
14: Dec 30 18:48:50 ns3 rspamd[11968]: <04c679>; proxy; fuzzy_check_lua_process_learn: <001f01d4a081$04206c84$4678aeb9$@mydomain.tld>: no fuzzy rules found for flag 1
15: Dec 30 18:48:50 ns3 rspamd[11968]: <04c679>; lua; spamtrap.lua:66: spamtrap found: <recipient@mydomain.tld>
16: Dec 30 18:48:50 ns3 rspamd[11968]: <04c679>; proxy; rspamd_add_passthrough_result: <001f01d4a081$04206c84$4678aeb9$@mydomain.tld>: set pre-result to no action (no score): 'message accepted' from spamtrap(1)
17: Dec 30 18:48:50 ns3 rspamd[11968]: <04c679>; proxy; rspamd_task_process: learn error: <001f01d4a081$04206c84$4678aeb9$@mydomain.tld> has been already learned as spam, ignore it
18: Dec 30 18:48:50 ns3 rspamd[11968]: <04c679>; lua; neural.lua:487: cannot learn ANN tLONG1243FD6D50FE9F7A260: too many spam samples: 37
19: Dec 30 18:48:50 ns3 rspamd[11968]: <04c679>; lua; neural.lua:487: cannot learn ANN tSHORT1243FD6D50FE9F7A260: too many spam samples: 37
20: Dec 30 18:48:50 ns3 rspamd[11968]: <04c679>; proxy; rspamd_task_write_log: id: <001f01d4a081$04206c84$4678aeb9$@mydomain.tld>, qid: <F00619E3B1>, ip: 80.252.131.174, from: <recipient@mydomain.tld>, (default: T (reject): [29.52/15.00] [DATE_IN_FUTURE(4.00){},ONCE_RECEIVED_STRICT(4.00){},RBL_SPAMHAUS_XBL(4.00){174.131.252.80.zen.spamhaus.org : 127.0.0.4;},HFILTER_HELO_BAREIP(3.00){80.252.131.174;1;},HFILTER_HOSTNAME_UNKNOWN(2.50){},DMARC_POLICY_REJECT(2.00){mydomain.tld : No valid SPF, No valid DKIM;reject;},RBL_SENDERSCORE(2.00){174.131.252.80.bl.score.senderscore.com;},RBL_SPAMHAUS_CSS(2.00){174.131.252.80.zen.spamhaus.org : 127.0.0.3;},RBL_VIRUSFREE_BOTNET(2.00){174.131.252.80.bip.virusfree.cz : 127.0.0.2;},MX_INVALID(1.00){cached;},RBL_SEM(1.00){174.131.252.80.bl.spameatingmonkey.net;},RDNS_NONE(1.00){},SPAMTRAP(1.00){recipient@mydomain.tld;},MIME_GOOD(-0.10){multipart/alternative;text/plain;},ONCE_RECEIVED(0.10){},IP_SCORE(0.02){country: RU(0.10);},ARC_NA(0.00){},ASN(0.00){asn:21453, ipnet:80.252.128.0/19, country:RU;},DIRECT_TO_MX(0.00){Microsoft Outlook 14.0;},FROM_EQ_ENVFROM(0.00){},FROM_NO_DN(0.00){},MID_RHS_MATCH_FROM(0.00){},MIME_TRACE(0.00){0:+;1:+;},RCPT_COUNT_ONE(0.00){1;},RCVD_COUNT_ZERO(0.00){0;},RCVD_TLS_ALL(0.00){},R_DKIM_NA(0.00){},R_SPF_NEUTRAL(0.00){?all;},TO_DN_ALL(0.00){},TO_EQ_FROM(0.00){},TO_MATCH_ENVRCPT_ALL(0.00){}]), len: 9662, time: 191.529ms real, 10.814ms virtual, dns req: 16, digest: <9fb69ae8c4b26242a635433a3cf70914>, rcpts: <recipient@mydomain.tld>, mime_rcpts: <recipient@mydomain.tld>, forced: reject "Action set by DMARC"; score=nan (set by dmarc)
21: Dec 30 18:48:50 ns3 rspamd[11968]: <04c679>; proxy; rspamd_protocol_http_reply: regexp statistics: 0 pcre regexps scanned, 5 regexps matched, 180 regexps total, 93 regexps cached, 0B bytes scanned using pcre, 26.92k bytes scanned total
22: Dec 30 18:48:50 ns3 postfix/cleanup[14289]: F00619E3B1: milter-reject: END-OF-MESSAGE from unknown[80.252.131.174]: 5.7.1 message accepted; from=<recipient@mydomain.tld> to=<recipient@mydomain.tld> proto=ESMTP helo=<[80.252.131.174]>
23: Dec 30 18:48:50 ns3 postfix/smtpd[14248]: disconnect from unknown[80.252.131.174]
24: Dec 30 18:48:50 ns3 rspamd[11968]: <895e70>; proxy; proxy_milter_finish_handler: finished milter connection
25: Dec 30 18:48:50 ns3 postfix/smtpd[14248]: connect from unknown[80.252.131.174]
26: Dec 30 18:48:50 ns3 rspamd[11968]: <63efa8>; proxy; proxy_accept_socket: accepted milter connection from 127.0.0.1 port 55278
27: Dec 30 18:48:50 ns3 postfix/smtpd[14248]: EED339E3B1: client=unknown[80.252.131.174]
28: Dec 30 18:48:50 ns3 rspamd[11968]: <63efa8>; milter; rspamd_milter_process_command: got connection from 80.252.131.174:23407
29: Dec 30 18:48:51 ns3 postfix/cleanup[14289]: EED339E3B1: message-id=<002501d4a081$0243d9ee$a10315bf$@mydomain.tld>

@croessner
Copy link
Contributor

I guess you want to disable the group „policies“

@cscholz
Copy link

cscholz commented Jan 12, 2019

I've disabled policies but the result is the same. After changing the DNS record for my domain from reject to quarantine spoofed emails are processed with the action "add header".

@cscholz
Copy link

cscholz commented May 15, 2019

Is seems that this issue have been fixed in 1.9.3. https://rspamd.com/announce/2019/05/13/rspamd-1.9.3.html

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@johnwmail @fatalbanana @croessner @cscholz @dimejo