rspamd / rspamd.com Goto Github PK
View Code? Open in Web Editor NEWrspamd.com website.
Home Page: https://rspamd.com
License: Creative Commons Attribution Share Alike 4.0 International
rspamd.com website.
Home Page: https://rspamd.com
License: Creative Commons Attribution Share Alike 4.0 International
The last on stretch is 2.7
Currently the quickstart documents how to expose the webui via nginx, but only at the root of a domain.
The following configuration works-for-me to expose the webui under a subdir.
location /rspamd/ {
proxy_pass http://localhost:11334/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
}
The important part is to not miss the trailing '/' at the end of location directive.
For the rest, proxy_pass does the job (also requires the trailing '/' there), and no rewrite is necessary.
It would be nice to have it documented somewhere.
during update of Ubuntu i lost the rspamd.
if i now start with apt-get install rspamd follow failure shown
Die folgenden Pakete haben unerfüllte Abhängigkeiten:
rspamd : Hängt ab von: libc++1-13 (>= 1:13.0.1~++20220120110844+75e33f71c2da) ist aber nicht installierbar
Hängt ab von: libc++abi1-13 (>= 1:13.0.1~++20220120110844+75e33f71c2da) ist aber nicht installierbar
Hängt ab von: libunwind-13 (>= 1:13.0.1~++20220120110844+75e33f71c2da) ist aber nicht installierbar
First install of rspamd worked without problems.
The Fedora package download instructions are blended in with CentOS 7/8 instructions. It's not clear what should be done for Fedora, presumably adding the CentOS 8 repo, which is what I did as Fedora itself does not package rspamd
.
The yum
instructions are likewise probably meant to be dnf
for Fedora now. I see via git blame
that these instructions have not been updated for years. How valid / reliable are they?
$ docker run --rm -it fedora:37 bash
$ curl https://rspamd.com/rpm-stable/centos-8/rspamd.repo > /etc/yum.repos.d/rspamd.repo
$ rpm --import https://rspamd.com/rpm-stable/gpg.key
$ dnf update
$ dnf install rspamd
Last metadata expiration check: 0:01:12 ago on Mon Feb 6 21:43:04 2023.
Error:
Problem: conflicting requests
- nothing provides libicudata.so.60()(64bit) needed by rspamd-3.4-1.x86_64
- nothing provides libicui18n.so.60()(64bit) needed by rspamd-3.4-1.x86_64
- nothing provides libicuio.so.60()(64bit) needed by rspamd-3.4-1.x86_64
- nothing provides libicuuc.so.60()(64bit) needed by rspamd-3.4-1.x86_64
(try to add '--skip-broken' to skip uninstallable packages)
$ dnf install libicu
Last metadata expiration check: 0:02:38 ago on Mon Feb 6 21:43:04 2023.
Dependencies resolved.
==========================================================================================================================
Package Architecture Version Repository Size
==========================================================================================================================
Installing:
libicu x86_64 71.1-2.fc37 fedora 10 M
The package depends on .so.60
, while current Fedora release has a much higher version:
$ ls -1 /usr/lib64/libicu*
/usr/lib64/libicudata.so.71
/usr/lib64/libicudata.so.71.1
/usr/lib64/libicui18n.so.71
/usr/lib64/libicui18n.so.71.1
/usr/lib64/libicuio.so.71
/usr/lib64/libicuio.so.71.1
/usr/lib64/libicutest.so.71
/usr/lib64/libicutest.so.71.1
/usr/lib64/libicutu.so.71
/usr/lib64/libicutu.so.71.1
/usr/lib64/libicuuc.so.71
/usr/lib64/libicuuc.so.71.1
This has been a problem for a while, see this Sep 2022 report for Fedora 36. Is Fedora still supported? Are the install instructions outdated for Fedora support?
I have not checked, but it would be good to know if aarch64
is also supported on Fedora.
how to use milter
to remove headers from /checkv2
response and calculated score
Request:
curl "http://localhost:11333/checkv2" -H "Subject: Test Subject" -d 'Some spam content'
Response:
{
"is_skipped": false,
"score": 10.4,
"required_score": 15,
"action": "add header",
"thresholds": {
"reject": 15,
"add header": 6,
"greylist": 4
},
"symbols": {
"ARC_NA": {
"name": "ARC_NA",
"score": 0,
"metric_score": 0,
"description": "ARC signature absent"
},
"MISSING_FROM": {
"name": "MISSING_FROM",
"score": 2,
"metric_score": 2,
"description": "Missing From: header"
},
"MISSING_TO": {
"name": "MISSING_TO",
"score": 2,
"metric_score": 2,
"description": "To header is missing"
},
"MISSING_SUBJECT": {
"name": "MISSING_SUBJECT",
"score": 0.5,
"metric_score": 2,
"description": "Subject header is missing"
},
"MISSING_DATE": {
"name": "MISSING_DATE",
"score": 1,
"metric_score": 1,
"description": "Message date is missing"
},
"MIME_GOOD": {
"name": "MIME_GOOD",
"score": -0.1,
"metric_score": -0.1,
"description": "Known content-type",
"options": [
"text/plain"
]
},
"DMARC_NA": {
"name": "DMARC_NA",
"score": 0,
"metric_score": 0,
"description": "No DMARC record",
"options": [
"No From header"
]
},
"R_DKIM_NA": {
"name": "R_DKIM_NA",
"score": 0,
"metric_score": 0,
"description": "Missing DKIM signature"
},
"MIME_TRACE": {
"name": "MIME_TRACE",
"score": 0,
"metric_score": 0,
"options": [
"0:+"
]
},
"HFILTER_HOSTNAME_UNKNOWN": {
"name": "HFILTER_HOSTNAME_UNKNOWN",
"score": 2.5,
"metric_score": 2.5,
"description": "Unknown client hostname (PTR or FCrDNS verification failed)"
},
"RCVD_COUNT_ZERO": {
"name": "RCVD_COUNT_ZERO",
"score": 0,
"metric_score": 0,
"description": "Message has no Received headers",
"options": [
"0"
]
},
"MISSING_MID": {
"name": "MISSING_MID",
"score": 2.5,
"metric_score": 2.5,
"description": "Message id is missing"
}
},
"messages": {},
"message-id": "undef",
"time_real": 0.01236,
"milter": {
"remove_headers": {
"X-Spam": 0
}
}
}
rspamd version: 3.5
Requests on www.rspamd.org and rspamd.org do provide the .com certificate and thus are not working (for sure :80 redirects to :443). Since all 4 DNS records (org/com, www/www) point to the same IP, I assume those are in your possession.
To avoid duplicate content, these domains should also redirect to rspamd.com - but with a valid cert ;)
The website https://rspamd.com/downloads.html describes, how to install the latest rspamd version and that one should not use the outdated version from the default Debian/Ubuntu repositories.
If you are going to install rspamd on a IPv6-only system, you will face issues, because rspam.com does not offer an IPv6 address.
Adding - as described - the repository http://rspamd.com/apt-stable/ on an IPv6-only system has no effect and the installation of the latest rspamd version will not work - therefor it will fall back to the outdated rspamd version found in the default Debian/Ubuntu repositories.
On https://rspamd.com/doc/modules/rbl.html, the documentation states
default_unknown: if set to false, do not yield a result unless the response received from the RBL is defined in its related returncodes {} subsection, else return the default symbol for the RBL (false by default).
However, this contradicts the current default config:
Link to ucl.md
under
local_addrs
or local_networks
which describe what a MAP or a LIST are ( See #650 )
Show example in ucl.md of what a network MAP or LIST looks like.
in tutorial doc/tutorials/feedback_from_users_with_IMAPSieve.md
, in Folders
section, there is instruction to create two folders report_ham
and report_spam
, but sieve script report-spam.sieve
also sends mail to third folder report_spam_reply
Hi,
I had opened a ticket in the wrong repo. I repeat it here:
Original ticket was here:
I am pretty sure, this is not the optimal place for my question, but I don't know a better place.
My eyes are bad in two ways: One is I am red/green blind, as are 11% of all men. Reading the code snippet boxes is nearly impossible.
At the other side I also have MAcula Degeneration and I need to switch colors to inverse. This makes the code boxes as well unreadable. So for people like me, the documentation for this project is in some way unreachable.
What I ask is, if it was possible to use a different collor scheme. Ideally, the code boxes would also be based on a white background.
I hope there is some chance that this could be changed :-) I really love this project and I would very much love to dive deeper into it, if I could read the docs ;-)
Best wishes
Christian
Add paragraph with example
"THIS IS A MAP"
<>
Add example paragraph
"THIS IS A LIST"
Add example list
In local.d, config files have help comments at the top that refer to specific documentation pages. I propose standardization and correction for the worker configs.
Currently:
Suggested:
https://rspamd.com/doc/faq.html
<li><a href="#what-are-enable_password-and-password-for-webui">What are <code>enable_password</code> and <code>password</code> for WebUI</a></li>
That link doesn't work because of missed underscore in bookmark:
<h3 id="what-are-enablepassword-and-password-for-webui">What are <code>enable_password</code> and <code>password</code> for WebUI</h3>
The "OpenPhish" link is pointing to "openphsih.com", but the correct URL is "openphish.com".
Is "weight" the same as "score" ? A symbol definition object supports both properties 'weight' and 'score', which I believe are synonyms. The terms are often used interchangeably. Is there any distinction in thoughts, discussions, or code?
If this is the same concept, I'll adjust text when it seems the docs imply a distinction. Usually, the doc seems inconsistent, for example with notes like this (contrived example) "here is how to change the weight: score=1;
", and elsewhere, "here is how to change the score: weight=1;
".
--
The definition of "Metrics" doesn't really clarify what a metric is. Is it the same as a "group"?
The weight of rules is defined in metrics. Each metric is a set of grouped rules with specific weights.
The metric
section was deprecated in v1.7 according to the metrics.conf file. Was just the file deprecated? Or does that mean the metric
section itself was deprecated, and replaced with actions and groups?
If the term "metric" no longer has a specific meaning, can we remove that term in the docs as well, or at least remove the implication that the term has specific meaning?
The metrics.html page is titled "Rspamd Metrics", and the link from the menu is "Symbols scores and metrics setup", but the word "metric" is only found a few places on the page, not as a keyword. There is a reference to the metric
section in this FAQ.
The metrics
option is defined in metric_exporter.conf. Is that exporter now deprecated as well? Or has the code been changed, just without a doc change?
This note on "composite weight rules" mentions a metric as a grouping, but doesn't actually explain that:
Composites can record symbols in a metric or record their weights. That could be used to create non-captive composites.
What does it mean by "recording symbols in a metric"?
And what is a "non-captive" composite?
With clarifications, I'll make doc updates.
Thanks
For what it's worth, I've been banging my head for a couple days trying to get rspamd to sign outgoing email. I'll spare you the details but I eventually found the answer here:
https://groups.google.com/d/msg/rspamd/H21EzSabVE8/Ukf4t_ZHAwAJ
And in fact, removing the setting milter_mail_macros from /etc/postfix/main.cf solved the problem nicely. I haven't yet looked at why, but I'm putting this up as an issue because all the tutorials I've looked at include that line. It looks very much like it's no longer needed.
So if rspamd.log has lines containing stuff like:
try removing milter_mail_macros before pulling hair.
Hope that helps.
Hello everyone,
I am trying to block malicious domains in the attachments like this
In the local.d/multimap.conf add:
reject_content {
type = "content";
filter = "full";
map = "${LOCAL_CONFDIR}/local.d/content.map";
symbol = "REJECT_CONTENT";
prefilter = true;
action = "reject";
regexp = true;
}
In the content.map: /local.d/content.map add
#content filter
/\bstupid.in\b/i
(blank line)
I have tested sending mail with an attachment notepad file containing the word stupid.in but it did not block it.
But in the body of the mail if i write stupid.in in the message then it is blocking.
How to get rspamd to scan attachments for words and block them . Someone please advise. Thank you.
In the documentation for the RBL module, it mentions that monitored_domain
can be set to "INVALID". My attempts to probe what effect this has exactly didn't get very far so I had to search for it in the rspamd sources. The only match in a recursive grep is in an old ChangeLog entry. Probing git sources implies that the last reference was removed when the C version of the module was removed - I guess that was deprecated in favour of a lua module.
If I am correct in my conclusion that this feature has been removed, could it perhaps also be removed from the documentation.
Otherwise, it isn't entirely clear to me whether this was doing a RBL query for the literal domain "INVALID" or whether that value has a specific meaning. And what this would mean where queries for an IP are expected. The initial reason, I looked into this is that I was informed that a system I maintain was doing queries for 127.0.0.1
which was assumed to be a configuration mistake. I suspect the actual cause was this monitoring but was unsure whether the best course of action was to set disable_monitoring = true
or to set monitored_domain
. The documentation could provide more clue as to what effect this "monitoring" has. If the query fails, does it just log something or does it disable that block list, either for a set period or until rspamd is restarted? And with what regularity is the monitoring performed?
Hello,
In the documentation on page https://rspamd.com/doc/migration.html#migration-to-rspamd-20 it says:
ip_score module has been replaced by reputation module. The existing rules should be automatically converted to reputation rules. The name of symbol has also been changed to two symbols: SENDER_REP_SPAM and SENDER_REP_HAM. The scores of IP_SCORE should be automatically applied to new symbols. The data collected from ip_score plugin will be LOST unevitably. The main reason behind it was the significant flaw of the old plugin that caused reputation never expire.
What happens when you update a single node in a rspamd cluster that uses a single Redis database?
Should all cluster nodes be updated at the same time?
Thanks!
Sorry I can't give the requested detail. The problem is indicated by entries in the rspamd log such as:
2020-10-28 16:03:39 #192490(rspamd_proxy) rspamd_crash_sig_handler: caught fatal signal 11(Segmentation fault), pid: 192490, trace:
2020-10-28 16:03:39 #192490(rspamd_proxy) rspamd_print_crash: 0: 0000FFFF93EEF634:
2020-10-28 16:03:39 #192490(rspamd_proxy) rspamd_print_crash: 1: 0000000000284D91:
This occurs every time an email is sent from outside the mail server to a mailbox handled by the mail server. The email does not appear in the rspamd history. Emails generated within the mail server seem to be handled correctly, and appear in the history.
I can't go further with diagnosis because there seems to be no rspamd-dbg in the armhf repo and I have not been able to generate any core dumps.
This is based on the rspamd included in the Ubuntu 20.10 repository. So far as I can tell, there is no ARM version available in the rspamd repository, at least by specifying arch=armhf or arch=arm64.
Ref : The section "Rule weights" implies a discussion of "weights". But the first line reads :
"Rule weights are usually defined in the metrics section and contain the following data: score triggers for different actions, symbol scores, symbol descriptions, symbol group definitions".
So, the specific topic of weights is just a part of the information covered. The general topic is more about the different ways available to define rules.
Also, from above: "score triggers for different actions" and "symbol scores", isn't that the same thing?
Suggestions:
In general, I'd like to make other changes like this, are we agreed that changes like this make sense?
Thanks.
Hi,
is this the current spec file that is used to build the CentOS packages?
If it is, the info regarding the CentOS builds in the downloads section is wrong.
That spec file does not enable neither Hyperscan nor LuaJIT on CentOS.
Hyperscan is not even in there and LuaJIT is enabled for Fedora and openSUSE only.
Both requirements are met since EPEL 8, so there is no reason to gimp current CentOS builds.
If this is not the current spec file, than where is it?
I'd like to build rspamd for RHEL 9 and a somewhat current spec file would help quite a bit.
Thanks.
Now at version 2.2. redis key isn't include per_user name, it only have RS_.
But before 2.0, i can use my custom userid for per_user.
my config is:
classifier "bayes" {
tokenizer {
name = "osb";
}
name = "base";
backend = "redis";
min_tokens = 11;
min_learns = 200;
autolearn = false;
new_schema = true;
per_user = <<EOD
return function(task)
local rcpt = task:get_header('USER_ID')
if (rcpt ~= nil and rcpt ~= '') then
return rcpt
end
return nil
end
EOD
statfile {
symbol = "BAYES_HAM";
spam = false;
}
statfile {
symbol = "BAYES_SPAM";
spam = true;
}
learn_condition = 'return require("lua_bayes_learn").can_learn';
}
feature require "Using Lua scripts for per_user
classifier".
Does this feature still work?
This ticket documents a series of updates that are being applied to dmarc.md.
As usual there are a number of trivial cleanup details and content clarifications. But the current doc is not adequate to guide a user/admin smoothly through this area. Significant changes are required to bring the material up to date, and to guide a user/admin smoothly through configuration. This is especially true now with code changes recently made in v3.3.
Examples of proposed content revisions
redis
configs or for using Redis configs that are specific to DMARC processing.( Many of these changes are already complete and in-progress. )
My intent for this ticket is that I will offer a series of small PRs to get the content current and complete, without striving for ideal. Subsequent tickets can move forward with refinements and enhancements. I understand the material and am qualified to do all of the work described here. But there are nuances that require confirmations and corrections from @vstakhov, and with respect for his time and to ensure quality, my intent is to move through this slowly.
I'm hoping @fatalbanana, @moisseev, and others will offer to help vet this material and comment. As noted in #502, this might be a good project to get other eyes on the process, get suggestions for content, and get other participation from the user base. A Discussion section in this repo would help, so that tickets like this for specific actions can be separated from random comments and suggestions.
Thanks for your time.
We need to add a description of r
regexp flag to the regexp module documentation.
Hi, I found some typos in here https://github.com/rspamd/rspamd.com/blob/master/doc/configuration/composites.md#composite-weight-rules.
If I am guessing right, the ~
should be meaning to keep the symbol while remove the weight? So it should be
- If
C
is~A & B
, then ruleA
is preserved, but it's weight is removed,
leading to the total weight ofW_c
only
instead of
- If
C
is~A & B
, then ruleA
is preserved, but it's weight is removed,
leading to the total weight ofW_a
only
Then in few lines below:
If we rewrite the previous example but replace
-
with~
thenDATE_IN_PAST
will be removed (however, its weight won't be removed):
This does not making sense.
By the way, the second example is no difference with the first example.
Any ideas? But actually what is the meaning of ~
? Clarify it, then others are just correcting typos in the doc.
I checked the regexp module page, and could not make a working .conf file.
Specifically, I found this in the code:
reconf['MICROSOFT_SPAM'] = {
-- https://technet.microsoft.com/en-us/library/dn205071(v=exchg.150).aspx
re = 'X-Forefront-Antispam-Report=/SFV:SPM/H',
score = 4.0,
description = "Microsoft says the message is spam",
group = 'upstream_spam_filters'
}
And wanted an expression like:
re = 'X-Forefront-Antispam-Report=/SFV:SPM/iH'
But the regexp page speaks only about regexp, and Internal functions, but not how to use them.
Which internal function do we call to say "yup, definitely spam, drop this shit"? Why perform all those binary checks (internal functions) if the regexp itself is the check we need?
Please show an example (and document it) that can go in local.d/regexp.conf
- Ideally one that will immediately a) learn spam and reject or b) drop or discard
Today, with milter-regex, the syntax there is clear, e.g.:
discard
header /^X-Microsoft-Antispam$/i /.*BCL\:[1-9]*/i
discard
header /^X-Forefront-Antispam-Report$/i /.*SFV\:SPM.*/i
In the documentation max_rcpts
is mentioned as a configuration option, but judging by the code it actually should be max_rcpt
.
After enabling the SPAMHAUS_ZEN_URIBL
, I noticed rspamd
checked the IP addresses URLs in a message resolved to against this RBL.
While this is perfectly fine and absolutely the behaviour I want, it contradicts to the documentation of the RBL-specific parameters, where email
is referred to as "email addresses found in a message-body". Despite having only the email
check set, SPAMHAUS_ZEN_URIBL
actually behaves like the urls
check would have been set.
This looks like a minor inconsistency in the documentation to me. SPAMHAUS_ZEN_URIBL
, as it is configured in conf/modules.d/rbl.conf
at the time of writing, works as intended if enabled.
Hi,
I tried to add my rspamd webui to my apache webserver via proxy as described in https://github.com/rspamd/rspamd.com/blob/master/doc/faq.md#how-to-use-the-webui-behind-a-proxy-server, but after several fails I realized that the docs are wrong here.
First of all the minor problem: I suggest do replace the Location block in apache config:
<Location /rspamd>
Order allow,deny
Allow from all
</Location>
with a version that works for apache2 as well as with the newer ones, because the current faq entry doesn't reflect the new syntax:
<Location /rspamd>
<IfVersion >= 2.3>
Require all granted
</IfVersion>
<IfVersion < 2.3>
Order allow,deny
Allow from all
</IfVersion>
</Location>
Sadly, for the second problem I don't have a fix at hand, because I'm not sure if this is fixable by docs or must fixed in the code.
Currently, the docs say
RewriteRule ^/rspamd$ /rspamd/ [R,L]
RewriteRule ^/rspamd/(.*) http://localhost:11334/$1 [P,L]
Problem is, that this doesn't work for the webui. The main page does indeed get loaded, but all referrals (like the logo image, the css stylesheets etc) are broken. I think this is because (for example) the logo is referenced in the code as
<img src="./img/rspamd_logo_navbar.png" alt="Rspamd">
Because of the ./ in the beginning of the URI, the browser tries to open https://hostname.domain.tld/img/rspamd_logo_navbar.png
instead of https://hostname.domain.tld/rspamd/img/rspamd_logo_navbar.png
, which makes the webui unusable.
Also, using proxy is also available for apache, e.g.
ProxyPass "http://localhost:11334/"
ProxyPassReverse "http://localhost:11334/"
but this also fails due to the above mentioned URL problem. Currently, the only solution is to place the webui proxy into a separate <VirtualHost>
container where you can omit the /rspamd
location.
I hope it's clear what I'm trying to report, if not, don't hesitate to ask for more input :)
Frank
Default modules.d/hfilter.conf says:
but this pages leads to a 404 not found.
Please add documentation for the hfilter module.
I have some random crash since last version 2.2 on Debian 9.11 with exim and dovecot. Here is the log :
2019-12-31 03:01:39 #28690(normal) <9039de>; task; rspamd_task_load_message: got input of length 0
2019-12-31 03:01:39 #28690(normal) <9039de>; task; rspamd_task_process: completed stage 1
2019-12-31 03:01:39 #28690(normal) <9039de>; task; rspamd_task_process: completed stage 2
2019-12-31 03:01:39 #28690(normal) <9039de>; task; rspamd_message_parse: construct mime parser from string length 2529
2019-12-31 03:01:39 #28690(normal) <9039de>; task; rspamd_mime_headers_process: start processing headers
2019-12-31 03:01:39 #28690(normal) <9039de>; task; rspamd_mime_headers_process: go to state: 99->4
2019-12-31 03:01:39 #28690(normal) <9039de>; task; rspamd_mime_header_add: add new raw header X-Envelope-From: <[email protected]>
2019-12-31 03:01:39 #28690(normal) <9039de>; task; rspamd_mime_headers_process: go to state: 99->4
2019-12-31 03:01:39 #28690(normal) <9039de>; task; rspamd_mime_header_add: add new raw header X-Envelope-To: fr***@******.com
2019-12-31 03:01:39 #28690(normal) <9039de>; task; rspamd_mime_headers_process: go to state: 99->3
2019-12-31 03:01:39 #28690(normal) <9039de>; task; rspamd_mime_headers_process: go to state: 99->3
2019-12-31 03:01:39 #28690(normal) <9039de>; task; rspamd_mime_headers_process: go to state: 99->3
2019-12-31 03:01:39 #28690(normal) <9039de>; task; rspamd_mime_headers_process: go to state: 99->3
2019-12-31 03:01:39 #28690(normal) <9039de>; task; rspamd_mime_headers_process: go to state: 99->4
2019-12-31 03:01:39 #28690(normal) <9039de>; task; rspamd_mime_header_add: add new raw header Received: from msa508.odn.ne.jp ([210.134.90.8] helo=cmsa508.odn.ne.jp) by srv1.e******.org with esmtp (Exim 4.89) (envelope-from <[email protected]>) id 1im6qo-00066V-KQ for fr***@*******.com; Tue, 31 Dec 2019 03:01:39 +0100
2019-12-31 03:01:39 #28690(normal) <9039de>; task; rspamd_mime_headers_process: go to state: 99->3
2019-12-31 03:01:39 #28690(normal) <9039de>; task; rspamd_mime_headers_process: go to state: 99->3
2019-12-31 03:01:39 #28690(normal) <9039de>; task; rspamd_mime_headers_process: go to state: 99->4
2019-12-31 03:01:39 #28690(normal) <9039de>; task; rspamd_mime_header_add: append raw header Received: from vmsa508.odn.ne.jp by cmsa508.odn.ne.jp with ESMTP id <[email protected]> for <fr***@e******.com>; Tue, 31 Dec 2019 11:01:34 +0900
2019-12-31 03:01:39 #28690(normal) <9039de>; task; rspamd_mime_headers_process: go to state: 99->3
2019-12-31 03:01:39 #28690(normal) <9039de>; task; rspamd_mime_headers_process: go to state: 99->3
2019-12-31 03:01:39 #28690(normal) <9039de>; task; rspamd_mime_headers_process: go to state: 99->4
2019-12-31 03:01:39 #28690(normal) <9039de>; task; rspamd_mime_header_add: append raw header Received: from msrg5081.rgserv.odn.ne.jp by vmsa508.odn.ne.jp with ESMTP id <[email protected]> for <fr***@e******.com>; Tue, 31 Dec 2019 11:01:34 +0900
2019-12-31 03:01:39 #28690(normal) <9039de>; task; rspamd_mime_headers_process: go to state: 99->3
2019-12-31 03:01:39 #28690(normal) <9039de>; task; rspamd_mime_headers_process: go to state: 99->4
2019-12-31 03:01:39 #28690(normal) <9039de>; task; rspamd_mime_header_add: append raw header Received: from pop01.odn.ne.jp (123.21.9.122) by msrg5081.rgserv.odn.ne.jp (9.0.018.07.06) id 5DFC332E00C2F818 for fr***@e******.com; Tue, 31 Dec 2019 11:01:34 +0900
2019-12-31 03:01:39 #28690(normal) <9039de>; task; rspamd_mime_headers_process: go to state: 99->4
2019-12-31 03:01:39 #28690(normal) <9039de>; task; rspamd_mime_header_add: add new raw header To: "fr***" <fr***@e******.com>
2019-12-31 03:01:39 #28690(normal) <9039de>; task; rspamd_mime_headers_process: go to state: 99->4
2019-12-31 03:01:39 #28690(normal) <9039de>; task; rspamd_mime_header_add: add new raw header From: Gerdolle David Sci Immodag <[email protected]>
2019-12-31 03:01:39 #28690(normal) <9039de>; task; rspamd_mime_headers_process: go to state: 99->3
2019-12-31 03:01:39 #28690(normal) <9039de>; task; rspamd_mime_headers_process: go to state: 99->4
2019-12-31 03:01:39 #28690(normal) <9039de>; task; rspamd_mime_header_add: add new raw header Content-Type: multipart/alternative; boundary="Apple-Mail-9E0B7B38-AFE3-420B-B1AC-740015D68AB3"
2019-12-31 03:01:39 #28690(normal) <9039de>; task; rspamd_mime_headers_process: go to state: 99->4
2019-12-31 03:01:39 #28690(normal) <9039de>; task; rspamd_mime_header_add: add new raw header Message-ID: <[email protected]>
2019-12-31 03:01:39 #28690(normal) <9039de>; task; rspamd_mime_headers_process: go to state: 99->4
2019-12-31 03:01:39 #28690(normal) <9039de>; task; rspamd_mime_header_add: add new raw header Date: Mon, 30 Dec 2019 17:01:33 -0900
2019-12-31 03:01:39 #28690(normal) <9039de>; task; rspamd_mime_headers_process: go to state: 99->4
2019-12-31 03:01:39 #28690(normal) <9039de>; task; rspamd_mime_header_add: add new raw header MIME-Version: 1.0
2019-12-31 03:01:39 #28690(normal) <9039de>; task; rspamd_mime_header_add: add new raw header Subject: Re: Re: (7)
2019-12-31 03:01:39 #28690(normal) <9039de>; task; rspamd_mime_headers_process: start processing headers
2019-12-31 03:01:39 #28690(normal) <9039de>; task; rspamd_mime_headers_process: go to state: 99->4
2019-12-31 03:01:39 #28690(normal) <9039de>; task; rspamd_mime_header_add: add new raw header Content-Type: text/plain; charset=utf-8; format=flowed
2019-12-31 03:01:39 #28690(normal) <9039de>; task; rspamd_mime_header_add: add new raw header Content-Transfer-Encoding: 7bit
2019-12-31 03:01:39 #28690(normal) <9039de>; task; rspamd_mime_headers_process: start processing headers
2019-12-31 03:01:39 #28690(normal) <9039de>; task; rspamd_mime_headers_process: go to state: 99->4
2019-12-31 03:01:39 #28690(normal) <9039de>; task; rspamd_mime_header_add: add new raw header Content-Type: text/html; charset=utf-8
2019-12-31 03:01:39 #28690(normal) <9039de>; task; rspamd_mime_header_add: add new raw header Content-Transfer-Encoding: 7bit
2019-12-31 03:01:39 #28690(normal) <9039de>; task; rspamd_message_parse: found 3 parts in message
2019-12-31 03:01:39 #28690(normal) <9039de>; task; rspamd_task_process: completed stage 4
2019-12-31 03:01:39 #28690(normal) <9039de>; task; rspamd_task_process: need more work on stage 8
2019-12-31 03:01:39 #28690(normal) <9039de>; task; rspamd_task_process: need more processing on stage 8
2019-12-31 03:01:39 #28690(normal) <9039de>; task; rspamd_task_process: completed stage 8
2019-12-31 03:01:39 #28690(normal) rspamd_crash_sig_handler: caught fatal signal 11(Segmentation fault), pid: 28690, trace:
2019-12-31 03:01:39 #28690(normal) rspamd_print_crash: 0: 00007FA047B58676: strlen()+0x26
2019-12-31 03:01:39 #28690(normal) rspamd_print_crash: 1: 00007FA048CF449F: rspamd_vprintf_common()+0xd3f
2019-12-31 03:01:39 #28690(normal) rspamd_print_crash: 2: 00007FA048CE5B1B: rspamd_conditional_debug()+0x19b
2019-12-31 03:01:39 #28690(normal) rspamd_print_crash: 3: 00007FA048D70399: rspamd_stem_words()+0xf9
2019-12-31 03:01:39 #28690(normal) rspamd_print_crash: 4: 00007FA048D87C45: rspamd_message_process()+0x1745
2019-12-31 03:01:39 #28690(normal) rspamd_print_crash: 5: 00007FA048D5782D: rspamd_task_process()+0x37d
2019-12-31 03:01:39 #28690(normal) rspamd_print_crash: 6: 00007FA048D57A4D: rspamd_task_process()+0x59d
2019-12-31 03:01:39 #28690(normal) rspamd_print_crash: 7: 00007FA048D57A4D: rspamd_task_process()+0x59d
2019-12-31 03:01:39 #28690(normal) rspamd_print_crash: 8: 00007FA048D5742D: rspamd_task_fin()+0x1d
2019-12-31 03:01:39 #28690(normal) rspamd_print_crash: 9: 00007FA048D2C0C1: rspamd_session_remove_event_full()+0x311
2019-12-31 03:01:39 #28690(normal) rspamd_print_crash: 10: 00007FA048EBB271: rdns_process_read()+0x401
2019-12-31 03:01:39 #28690(normal) rspamd_print_crash: 11: 00007FA049944721: ev_invoke_pending()+0x71
2019-12-31 03:01:39 #28690(normal) rspamd_print_crash: 12: 00007FA0499453FC: ev_run()+0xcbc
2019-12-31 03:01:39 #28690(normal) rspamd_print_crash: 13: 00000000004169FF: _init()+0xd31f
2019-12-31 03:01:39 #28690(normal) rspamd_print_crash: 14: 00007FA048D63544: rspamd_fork_worker()+0xb64
2019-12-31 03:01:39 #28690(normal) rspamd_print_crash: 15: 00000000004166C7: _init()+0xcfe7
2019-12-31 03:01:39 #28690(normal) rspamd_print_crash: 16: 00007FA049944721: ev_invoke_pending()+0x71
2019-12-31 03:01:39 #28690(normal) rspamd_print_crash: 17: 00007FA0499453FC: ev_run()+0xcbc
2019-12-31 03:01:39 #28690(normal) rspamd_print_crash: 18: 0000000000414D4E: _init()+0xb66e
2019-12-31 03:01:39 #28690(normal) rspamd_print_crash: 19: 00007FA047AF82E1: __libc_start_main()+0xf1
2019-12-31 03:01:39 #28690(normal) rspamd_print_crash: 20: 000000000040B44A: _init()+0x1d6a
2019-12-31 03:01:39 #28690(normal) rspamd_print_crash: 21: 0000000000000000: <unknown>
2019-12-31 03:01:39 #28690(normal) rspamd_crash_sig_handler: please see Rspamd FAQ to learn how to dump core files and how to fill a bug report
2019-12-31 03:01:39 #14708(main) <f5362b>; main; rspamd_check_termination_clause: normal process 28690 terminated abnormally with exit code 0 by signal: Segmentation fault but NOT created core file (throttled=no); core file limits: 0 current, -1 max
Environement:
Behaviour:
Stacktrace:
2020-07-23 10:37:03 #10628(controller) rspamd_crash_sig_handler: caught fatal signal 11(Segmentation fault), pid: 10628, trace:
2020-07-23 10:37:03 #10628(controller) rspamd_print_crash: 0: 000055B355697398: <unknown>
2020-07-23 10:37:03 #10628(controller) rspamd_print_crash: 1: 00007F2F216683DA: rspamd_session_pending()+0x5a
2020-07-23 10:37:03 #10628(controller) rspamd_print_crash: 2: 000055B35569A497: <unknown>
2020-07-23 10:37:03 #10628(controller) rspamd_print_crash: 3: 00007F2F21627AFE: rspamd_http_router_new()+0x60e
2020-07-23 10:37:03 #10628(controller) rspamd_print_crash: 4: 00007F2F2162835C: rspamd_http_connection_new_keepalive()+0x12c
2020-07-23 10:37:03 #10628(controller) rspamd_print_crash: 5: 00007F2F21586948: http_parser_execute()+0xf78
2020-07-23 10:37:03 #10628(controller) rspamd_print_crash: 6: 00007F2F21627D96: rspamd_http_router_new()+0x8a6
2020-07-23 10:37:03 #10628(controller) rspamd_print_crash: 7: 00007F2F2118EA9E: ev_invoke_pending()+0x5e
2020-07-23 10:37:03 #10628(controller) rspamd_print_crash: 8: 00007F2F211944E8: ev_run()+0xf08
2020-07-23 10:37:03 #10628(controller) rspamd_print_crash: 9: 000055B3556969A3: <unknown>
2020-07-23 10:37:03 #10628(controller) rspamd_print_crash: 10: 00007F2F2162B240: rspamd_fork_worker()+0x550
2020-07-23 10:37:03 #10628(controller) rspamd_print_crash: 11: 000055B355690436: <unknown>
2020-07-23 10:37:03 #10628(controller) rspamd_print_crash: 12: 000055B355690772: <unknown>
2020-07-23 10:37:03 #10628(controller) rspamd_print_crash: 13: 000055B355689563: <unknown>
2020-07-23 10:37:03 #10628(controller) rspamd_print_crash: 14: 00007F2F20FEB09B: __libc_start_main()+0xeb
2020-07-23 10:37:03 #10628(controller) rspamd_print_crash: 15: 000055B3556899FA: <unknown>
2020-07-23 10:37:03 #10628(controller) rspamd_crash_sig_handler: please see Rspamd FAQ to learn how to dump core files and how to fill a bug report
A coredump is available. When I open it with gdb, it shows:
Reading symbols from /usr/bin/rspamd...(no debugging symbols found)...done.
[New LWP 10628]
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
Core was generated by `rspamd: controller process (localhost:11334) '.
Program terminated with signal SIGSEGV, Segmentation fault.
#0 0x000055b355697398 in ?? ()
Hello,
the FAQ says under point "Which backend should I use for statistics"
# rspamadm statconvert -d bayes.spam.sqlite -h 127.0.0.1:6379 -s BAYES_SPAM
# rspamadm statconvert -d bayes.ham.sqlite -h 127.0.0.1:6379 -s BAYES_HAM \
-c learn_cache.sqlite
But these commands don't seem to be valid anymore for 1.8. Actually I have the current 1.8.1 experimental snapshot installed:
# r# rspamadm statconvert -d bayes.spam.sqlite -h 127.0.0.1:6379 -s BAYES_SPAM
No spam-db specified
It seems that you must specify --spam-db and --ham-db now at once. Not in 2 seperate commands
$ git diff
diff --git a/_layouts/downloads.html b/_layouts/downloads.html
index d930212..1837c2f 100644
--- a/_layouts/downloads.html
+++ b/_layouts/downloads.html
@@ -4,7 +4,7 @@
<h2>Download</h2>
<p>
<!-- download button with tooltip -->
- <a class="btn btn-primary" href="https://github.com/vstakhov/rspamd/archive/1.6.5.tar.gz" data-toggle="tooltip" data-placement="bottom" title="Download the most recent stable version as source tarball">Download rspamd-1.6.5</a>
+ <a class="btn btn-primary" href="https://github.com/vstakhov/rspamd/archive/1.7.7.tar.gz" data-toggle="tooltip" data-placement="bottom" title="Download the most recent stable version as source tarball">Download rspamd-1.7.7</a>
<!-- github button -->
<iframe style="vertical-align: middle;" src="{{ site.baseurl }}/github-btn.html?user=vstakhov&repo=rspamd&type=watch&count=true&size=large" allowtransparency="true" frameborder="0" scrolling="0" width="215" height="38"></iframe>
</p>
The docs specify following instruction how to install rspamd on debian.
apt-get install -y lsb-release wget # optional
CODENAME=`lsb_release -c -s`
wget -O- https://rspamd.com/apt-stable/gpg.key | apt-key add -
echo "deb [arch=amd64] http://rspamd.com/apt-stable/ $CODENAME main" > /etc/apt/sources.list.d/rspamd.list
echo "deb-src [arch=amd64] http://rspamd.com/apt-stable/ $CODENAME main" >> /etc/apt/sources.list.d/rspamd.list
apt-get update
apt-get --no-install-recommends install rspamd
This is highly insecure as it is adding non-Debian keys to the global trusted keyring - and will stop working in the near future. See
Correct instructions are:
sudo apt-get install -y lsb-release wget # optional
CODENAME=`lsb_release -c -s`
sudo mkdir -p /etc/apt/keyrings
wget -O- https://rspamd.com/apt-stable/gpg.key | gpg --dearmor | sudo tee /etc/apt/keyrings/rspamd.gpg > /dev/null
echo "deb [arch=amd64 signed-by=/etc/apt/keyrings/rspamd.gpg] http://rspamd.com/apt-stable/ $CODENAME main" | sudo tee /etc/apt/sources.list.d/rspamd.list
echo "deb-src [arch=amd64 signed-by=/etc/apt/keyrings/rspamd.gpg] http://rspamd.com/apt-stable/ $CODENAME main" | sudo tee -a /etc/apt/sources.list.d/rspamd.list
sudo apt-get update
sudo apt-get --no-install-recommends install rspamd
Hello. We are running rspamd on our server, and it fails on a lot of emails:
Core dump attached.
rspamd-595120.zip
I don't think many people know about the spamd/rspamd.com repo which contains all of the site documentation.
Can we add more references around the code project and in the docs themselves, so that people know where to go to ask questions about doc content and note issues with the doc pages?
I'm also hoping we can create a Discussions section in the docs repo. If someone asks "how does this feature work?", that's a question for the rspamd code project. But if they say "I don't understand this text", that's a doc issue. It would be helpful to separate those components.
When someone asks a question in one of the Support groups, the answers are lost if not transferred into the documentation. The time taken to answer a question in one medium doesn't help those monitoring another. It would be better if the answer is always "Here is the answer, someone should create a ticket to get this into the docs". With a ticket created, perhaps some discussion to formulate good docs, and a reference to the original Q&A, we can then refer back from the doc for more complete information on a lot of topics.
If this initiative is approved, I'll take the time to add notes to the ReadMe pages, Support, and other places, and I'll monitor some of the discussion areas to encourage people to contribute doc notes and/or to submit requests for specific doc changes.
Thanks.
I landed first in the DKIM (C module) documentation and used it to signing outgoing emails. It works fine, however I only then realized that there is the DKIM signing module. There should be a reference in the DKIM C module description.
https://rspamd.com/doc/modules/ratelimit.html#composable-ratelimits
local custom_keywords = {}
local d = {}
custom_keywords.customrl = function(task)
local rspamd_logger = require "rspamd_logger"
-- create map
d['badusers'] = rspamd_config:add_map({
['url']= '/etc/rspamd/badusers.map',
['type'] = 'set',
['description'] = 'Bad users'
})
-- get authenticated user
local user = task:get_user()
-- define a ratelimit
-- a ratelimit can be defined in simplified form (10 / 1m) or as a bucket config (table)
local crl = "10 / 1m"
if not user then return end -- no user, return nil
if d['badusers']:get_key(user) then
rspamd_logger.infox(rspamd_config, "User %s is bad, returning custom ratelimit %s", user, crl)
-- return redis hash to store rl data and a ratelimit
-- our redis hash will be "rs_custom_rl_john.doe" assuming user == john.doe
return "rs_customrl_" .. user, crl
else
return -- user is not in map, return nil
end
end
return custom_keywords
This code does not work (at least for me). This is always false, even if the username is in the .map file:
if d['badusers']:get_key(user) then
Only if I move the following code out of the function (move before the function, after "local d = {}"), then it works:
d['badusers'] = rspamd_config:add_map({
['url']= '/etc/rspamd/badusers.map',
['type'] = 'set',
['description'] = 'Bad users'
})
I don't know why, but now the map is loaded, and ratelimiting works as expected 😄
Hi,
It seems due to recent security changes in apt in debian unstable it's not possible to download rspamd anymore:
apt-get update
E: The repository 'http://rspamd.com/apt-stable sid Release' does no longer have a Release file.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
According to manpage this should resolve the issue:
ARCHIVE CONFIGURATION
If you want to provide archive signatures in an archive under your
maintenance you have to:
· Create a toplevel Release file, if it does not exist already. You
can do this by running apt-ftparchive release (provided in
apt-utils).
· Sign it. You can do this by running gpg --clearsign -o InRelease
Release and gpg -abs -o Release.gpg Release.
· Publish the key fingerprint, so that your users will know what key
they need to import in order to authenticate the files in the
archive. It is best to ship your key in its own keyring package
like Debian does with debian-archive-keyring to be able to
distribute updates and key transitions automatically later.
· Provide instructions on how to add your archive and key. If your
users can't acquire your key securely the chain of trust described
above is broken. How you can help users add your key depends on
your archive and target audience ranging from having your keyring
package included in another archive users already have configured
(like the default repositories of their distribution) to leveraging
the web of trust.
Whenever the contents of the archive change (new packages are added or
removed) the archive maintainer has to follow the first two steps
outlined above.
I am looking to migrate from SpamAssassin to Rspamd.
I am referring to Migrating from SA page i.e.
https://github.com/rspamd/rspamd.com/blob/master/doc/tutorials/migrate_sa.md
OR
https://rspamd.com/doc/tutorials/migrate_sa.html
Under Before you start -> Point number 1 -
There is link to https://rspamd.com/rspamd_statistics/
But this page gives 404 Not Found error.
So please check.
Hello
Just letting you know that https://rspamd.com/doc/rspamadm.html#rspamadm-statconvert does not work on Rspamd 2.4 producing an error along the lines of rspamadm_statconvert: No spam-db specified
However, the command on the FAQ page worked at https://rspamd.com/doc/faq.html#which-backend-should-i-use-for-statistics
Suggest you link to the FAQ article from rspamadm so you do not have update in multiple places.
Regards
It seems luaforge.net is gone. There is a link to the OSBF PDF on the SA Migration page which no longer exists. I have the PDF. Should we save it into this repo and link locally?
Dear all,
I am having a folder in local.d/blacklisted_ips in which there are multiple files containing malicious IPs.
Is there anyway to include a directory containing multiple files in the map variable in multimap.conf instead of a specific filename like ip_bl.map
Can I write like this for example? Please help me. Thank you. Main objective is to block all the files(they contain malicious ips list) under LOCAL_CONFDIR/local.d/blacklisted_ips directory.
local_bl_ip { type = "ip"; map = "$LOCAL_CONFDIR/local.d/blacklisted_ips"; symbol = "LOCAL_BL_IP"; description = "Local ip blacklist";score = 10;}
Does the above statement work?
Documentation of bayes autolearn is outdated I think.
In statistic.conf I see that autolearn seems to be an "autolearn" section:
https://github.com/rspamd/rspamd/blob/c9a38e190d244b1b035504be18d0fb9a6271d031/conf/statistic.conf#L45
On the current documentation page it looks like it's only one setting "autolearn = xxx", which seems to be outdated?
https://rspamd.com/doc/configuration/statistic.html#autolearning
Hi,
Can you clarify Redis statistics configuration and changes to make since 1.7 release ? Based on this commit is the following configuration valid ?
# local.d/statistic.conf
classifier "bayes" {
tokenizer {
name = "osb";
}
backend = "redis";
min_tokens = 11;
min_learns = 10;
autolearn = true;
# Use new schema (1.7+)
new_schema = true;
# Enable per user statistics
per_user = true;
# Expire bayes tokens
expire = 100d;
# Store not only probabilities, but full tokens, false by default
#store_tokens = true;
# Store bayes signatures
#signatures = true;
statfile {
symbol = "BAYES_HAM";
spam = false;
}
statfile {
symbol = "BAYES_SPAM";
spam = true;
}
learn_condition =<<EOD
return function(task, is_spam, is_unlearn)
local prob = task:get_mempool():get_variable('bayes_prob', 'double')
if prob then
local in_class = false
local cl
if is_spam then
cl = 'spam'
in_class = prob >= 0.95
else
cl = 'ham'
in_class = prob <= 0.05
end
if in_class then
return false,string.format('already in class %s; probability %.2f%%',
cl, math.abs((prob - 0.5) * 200.0))
end
end
return true
end
EOD
}
My configuration prior rspamd 1.7 is available here.
https://rspamd.com/doc/modules/neural.html says that neural is explicitly disabled by default, but this seems to be outdated. On a fresh install, the module seems enabled as reported by rspamadm configwizard
.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.