The last on stretch is 2.7

Currently the quickstart documents how to expose the webui via nginx, but only at the root of a domain.

The following configuration works-for-me to expose the webui under a subdir.

location /rspamd/ {
  proxy_pass       http://localhost:11334/;

  proxy_set_header Host      $host;
  proxy_set_header X-Real-IP $remote_addr;
}

The important part is to not miss the trailing '/' at the end of location directive.
For the rest, proxy_pass does the job (also requires the trailing '/' there), and no rewrite is necessary.

It would be nice to have it documented somewhere.

during update of Ubuntu i lost the rspamd.
if i now start with apt-get install rspamd follow failure shown
Die folgenden Pakete haben unerfüllte Abhängigkeiten:
rspamd : Hängt ab von: libc++1-13 (>= 1:13.0.1~++20220120110844+75e33f71c2da) ist aber nicht installierbar
Hängt ab von: libc++abi1-13 (>= 1:13.0.1~++20220120110844+75e33f71c2da) ist aber nicht installierbar
Hängt ab von: libunwind-13 (>= 1:13.0.1~++20220120110844+75e33f71c2da) ist aber nicht installierbar

First install of rspamd worked without problems.

The Fedora package download instructions are blended in with CentOS 7/8 instructions. It's not clear what should be done for Fedora, presumably adding the CentOS 8 repo, which is what I did as Fedora itself does not package rspamd.

The yum instructions are likewise probably meant to be dnf for Fedora now. I see via git blame that these instructions have not been updated for years. How valid / reliable are they?

$ docker run --rm -it fedora:37 bash
$ curl https://rspamd.com/rpm-stable/centos-8/rspamd.repo > /etc/yum.repos.d/rspamd.repo
$ rpm --import https://rspamd.com/rpm-stable/gpg.key
$ dnf update


$ dnf install rspamd

Last metadata expiration check: 0:01:12 ago on Mon Feb  6 21:43:04 2023.
Error: 
 Problem: conflicting requests
  - nothing provides libicudata.so.60()(64bit) needed by rspamd-3.4-1.x86_64
  - nothing provides libicui18n.so.60()(64bit) needed by rspamd-3.4-1.x86_64
  - nothing provides libicuio.so.60()(64bit) needed by rspamd-3.4-1.x86_64
  - nothing provides libicuuc.so.60()(64bit) needed by rspamd-3.4-1.x86_64
(try to add '--skip-broken' to skip uninstallable packages)


$ dnf install libicu

Last metadata expiration check: 0:02:38 ago on Mon Feb  6 21:43:04 2023.
Dependencies resolved.
==========================================================================================================================
 Package                    Architecture               Version                           Repository                  Size
==========================================================================================================================
Installing:
 libicu                     x86_64                     71.1-2.fc37                       fedora                      10 M

The package depends on .so.60, while current Fedora release has a much higher version:

$ ls -1 /usr/lib64/libicu*

/usr/lib64/libicudata.so.71
/usr/lib64/libicudata.so.71.1
/usr/lib64/libicui18n.so.71
/usr/lib64/libicui18n.so.71.1
/usr/lib64/libicuio.so.71
/usr/lib64/libicuio.so.71.1
/usr/lib64/libicutest.so.71
/usr/lib64/libicutest.so.71.1
/usr/lib64/libicutu.so.71
/usr/lib64/libicutu.so.71.1
/usr/lib64/libicuuc.so.71
/usr/lib64/libicuuc.so.71.1

This has been a problem for a while, see this Sep 2022 report for Fedora 36. Is Fedora still supported? Are the install instructions outdated for Fedora support?

I have not checked, but it would be good to know if aarch64 is also supported on Fedora.

how to use milter to remove headers from /checkv2 response and calculated score

Request:

curl "http://localhost:11333/checkv2" -H "Subject: Test Subject" -d 'Some spam content'

Response:

{
    "is_skipped": false,
    "score": 10.4,
    "required_score": 15,
    "action": "add header",
    "thresholds": {
        "reject": 15,
        "add header": 6,
        "greylist": 4
    },
    "symbols": {
        "ARC_NA": {
            "name": "ARC_NA",
            "score": 0,
            "metric_score": 0,
            "description": "ARC signature absent"
        },
        "MISSING_FROM": {
            "name": "MISSING_FROM",
            "score": 2,
            "metric_score": 2,
            "description": "Missing From: header"
        },
        "MISSING_TO": {
            "name": "MISSING_TO",
            "score": 2,
            "metric_score": 2,
            "description": "To header is missing"
        },
        "MISSING_SUBJECT": {
            "name": "MISSING_SUBJECT",
            "score": 0.5,
            "metric_score": 2,
            "description": "Subject header is missing"
        },
        "MISSING_DATE": {
            "name": "MISSING_DATE",
            "score": 1,
            "metric_score": 1,
            "description": "Message date is missing"
        },
        "MIME_GOOD": {
            "name": "MIME_GOOD",
            "score": -0.1,
            "metric_score": -0.1,
            "description": "Known content-type",
            "options": [
                "text/plain"
            ]
        },
        "DMARC_NA": {
            "name": "DMARC_NA",
            "score": 0,
            "metric_score": 0,
            "description": "No DMARC record",
            "options": [
                "No From header"
            ]
        },
        "R_DKIM_NA": {
            "name": "R_DKIM_NA",
            "score": 0,
            "metric_score": 0,
            "description": "Missing DKIM signature"
        },
        "MIME_TRACE": {
            "name": "MIME_TRACE",
            "score": 0,
            "metric_score": 0,
            "options": [
                "0:+"
            ]
        },
        "HFILTER_HOSTNAME_UNKNOWN": {
            "name": "HFILTER_HOSTNAME_UNKNOWN",
            "score": 2.5,
            "metric_score": 2.5,
            "description": "Unknown client hostname (PTR or FCrDNS verification failed)"
        },
        "RCVD_COUNT_ZERO": {
            "name": "RCVD_COUNT_ZERO",
            "score": 0,
            "metric_score": 0,
            "description": "Message has no Received headers",
            "options": [
                "0"
            ]
        },
        "MISSING_MID": {
            "name": "MISSING_MID",
            "score": 2.5,
            "metric_score": 2.5,
            "description": "Message id is missing"
        }
    },
    "messages": {},
    "message-id": "undef",
    "time_real": 0.01236,
    "milter": {
        "remove_headers": {
            "X-Spam": 0
        }
    }
}

rspamd version: 3.5

Requests on www.rspamd.org and rspamd.org do provide the .com certificate and thus are not working (for sure :80 redirects to :443). Since all 4 DNS records (org/com, www/www) point to the same IP, I assume those are in your possession.

To avoid duplicate content, these domains should also redirect to rspamd.com - but with a valid cert ;)

The website https://rspamd.com/downloads.html describes, how to install the latest rspamd version and that one should not use the outdated version from the default Debian/Ubuntu repositories.

If you are going to install rspamd on a IPv6-only system, you will face issues, because rspam.com does not offer an IPv6 address.

Adding - as described - the repository http://rspamd.com/apt-stable/ on an IPv6-only system has no effect and the installation of the latest rspamd version will not work - therefor it will fall back to the outdated rspamd version found in the default Debian/Ubuntu repositories.

On https://rspamd.com/doc/modules/rbl.html, the documentation states

default_unknown: if set to false, do not yield a result unless the response received from the RBL is defined in its related returncodes {} subsection, else return the default symbol for the RBL (false by default).

However, this contradicts the current default config:

https://github.com/rspamd/rspamd/blob/333b82b2bf8b014b55268881897251d55c3cdca0/conf/modules.d/rbl.conf#L18

Link to ucl.md under

local_addrs or local_networks

which describe what a MAP or a LIST are ( See #650 )

Show example in ucl.md of what a network MAP or LIST looks like.

in tutorial doc/tutorials/feedback_from_users_with_IMAPSieve.md, in Folders section, there is instruction to create two folders report_ham and report_spam, but sieve script report-spam.sieve also sends mail to third folder report_spam_reply

Hi,

I had opened a ticket in the wrong repo. I repeat it here:

Original ticket was here:

rspamd/rspamd#953 (comment)

I am pretty sure, this is not the optimal place for my question, but I don't know a better place.

My eyes are bad in two ways: One is I am red/green blind, as are 11% of all men. Reading the code snippet boxes is nearly impossible.

At the other side I also have MAcula Degeneration and I need to switch colors to inverse. This makes the code boxes as well unreadable. So for people like me, the documentation for this project is in some way unreachable.

What I ask is, if it was possible to use a different collor scheme. Ideally, the code boxes would also be based on a white background.

I hope there is some chance that this could be changed :-) I really love this project and I would very much love to dive deeper into it, if I could read the docs ;-)

Best wishes

Christian

Add paragraph with example

"THIS IS A MAP"

<>

Add example paragraph

"THIS IS A LIST"

Add example list

In local.d, config files have help comments at the top that refer to specific documentation pages. I propose standardization and correction for the worker configs.

Currently:

• worker-controller.inc > no link in file
• worker-fuzzy.inc > doc/fuzzy_storage.html
• worker-normal.inc > doc/workers/rspamd_proxy.html (yes, copy/paste error)
• worker-proxy.inc > doc/workers/rspamd_proxy.html

Suggested:

• worker-controller.inc > doc/workers/controller.html (page exists, this is a core correction)
• worker-fuzzy.inc > doc/workers/fuzzy_storage.html (page exists, this is a core correction)
• worker-normal.inc > doc/workers/normal.html (page exists, this is a core correction)
• worker-proxy.inc > doc/workers/proxy.html (we know it's rspamd, copy page and link/forward from current page)

https://rspamd.com/doc/faq.html

      <li><a href="#what-are-enable_password-and-password-for-webui">What are <code>enable_password</code> and <code>password</code> for WebUI</a></li>

That link doesn't work because of missed underscore in bookmark:

<h3 id="what-are-enablepassword-and-password-for-webui">What are <code>enable_password</code> and <code>password</code> for WebUI</h3>

The "OpenPhish" link is pointing to "openphsih.com", but the correct URL is "openphish.com".

Is "weight" the same as "score" ? A symbol definition object supports both properties 'weight' and 'score', which I believe are synonyms. The terms are often used interchangeably. Is there any distinction in thoughts, discussions, or code?

If this is the same concept, I'll adjust text when it seems the docs imply a distinction. Usually, the doc seems inconsistent, for example with notes like this (contrived example) "here is how to change the weight: score=1; ", and elsewhere, "here is how to change the score: weight=1; ".

--
The definition of "Metrics" doesn't really clarify what a metric is. Is it the same as a "group"?

The weight of rules is defined in metrics. Each metric is a set of grouped rules with specific weights.

The metric section was deprecated in v1.7 according to the metrics.conf file. Was just the file deprecated? Or does that mean the metric section itself was deprecated, and replaced with actions and groups?

If the term "metric" no longer has a specific meaning, can we remove that term in the docs as well, or at least remove the implication that the term has specific meaning?

The metrics.html page is titled "Rspamd Metrics", and the link from the menu is "Symbols scores and metrics setup", but the word "metric" is only found a few places on the page, not as a keyword. There is a reference to the metric section in this FAQ.

The metrics option is defined in metric_exporter.conf. Is that exporter now deprecated as well? Or has the code been changed, just without a doc change?

This note on "composite weight rules" mentions a metric as a grouping, but doesn't actually explain that:

Composites can record symbols in a metric or record their weights. That could be used to create non-captive composites.

What does it mean by "recording symbols in a metric"?
And what is a "non-captive" composite?

With clarifications, I'll make doc updates.
Thanks

For what it's worth, I've been banging my head for a couple days trying to get rspamd to sign outgoing email. I'll spare you the details but I eventually found the answer here:

https://groups.google.com/d/msg/rspamd/H21EzSabVE8/Ukf4t_ZHAwAJ

And in fact, removing the setting milter_mail_macros from /etc/postfix/main.cf solved the problem nicely. I haven't yet looked at why, but I'm putting this up as an issue because all the tutorials I've looked at include that line. It looks very much like it's no longer needed.

So if rspamd.log has lines containing stuff like:

• dkim_signing; lua_dkim_tools.lua:43: ignoring unauthenticated mail
• DMARC_POLICY_SOFTFAIL(0.10){ : No valid SPF, No valid DKIM;none;}

try removing milter_mail_macros before pulling hair.

Hope that helps.

Hello everyone,

I am trying to block malicious domains in the attachments like this

In the local.d/multimap.conf add:
reject_content {
type = "content";
filter = "full";
map = "${LOCAL_CONFDIR}/local.d/content.map";
symbol = "REJECT_CONTENT";
prefilter = true;
action = "reject";
regexp = true;
}

In the content.map: /local.d/content.map add
#content filter
/\bstupid.in\b/i
(blank line)

I have tested sending mail with an attachment notepad file containing the word stupid.in but it did not block it.
But in the body of the mail if i write stupid.in in the message then it is blocking.
How to get rspamd to scan attachments for words and block them . Someone please advise. Thank you.

In the documentation for the RBL module, it mentions that monitored_domain can be set to "INVALID". My attempts to probe what effect this has exactly didn't get very far so I had to search for it in the rspamd sources. The only match in a recursive grep is in an old ChangeLog entry. Probing git sources implies that the last reference was removed when the C version of the module was removed - I guess that was deprecated in favour of a lua module.

If I am correct in my conclusion that this feature has been removed, could it perhaps also be removed from the documentation.

Otherwise, it isn't entirely clear to me whether this was doing a RBL query for the literal domain "INVALID" or whether that value has a specific meaning. And what this would mean where queries for an IP are expected. The initial reason, I looked into this is that I was informed that a system I maintain was doing queries for 127.0.0.1 which was assumed to be a configuration mistake. I suspect the actual cause was this monitoring but was unsure whether the best course of action was to set disable_monitoring = true or to set monitored_domain. The documentation could provide more clue as to what effect this "monitoring" has. If the query fails, does it just log something or does it disable that block list, either for a set period or until rspamd is restarted? And with what regularity is the monitoring performed?

I can't see a damn thing.

Hello,
In the documentation on page https://rspamd.com/doc/migration.html#migration-to-rspamd-20 it says:

ip_score module has been replaced by reputation module. The existing rules should be automatically converted to reputation rules. The name of symbol has also been changed to two symbols: SENDER_REP_SPAM and SENDER_REP_HAM. The scores of IP_SCORE should be automatically applied to new symbols. The data collected from ip_score plugin will be LOST unevitably. The main reason behind it was the significant flaw of the old plugin that caused reputation never expire.

What happens when you update a single node in a rspamd cluster that uses a single Redis database?
Should all cluster nodes be updated at the same time?

Thanks!

Sorry I can't give the requested detail. The problem is indicated by entries in the rspamd log such as:
2020-10-28 16:03:39 #192490(rspamd_proxy) rspamd_crash_sig_handler: caught fatal signal 11(Segmentation fault), pid: 192490, trace:
2020-10-28 16:03:39 #192490(rspamd_proxy) rspamd_print_crash: 0: 0000FFFF93EEF634:
2020-10-28 16:03:39 #192490(rspamd_proxy) rspamd_print_crash: 1: 0000000000284D91:

This occurs every time an email is sent from outside the mail server to a mailbox handled by the mail server. The email does not appear in the rspamd history. Emails generated within the mail server seem to be handled correctly, and appear in the history.

I can't go further with diagnosis because there seems to be no rspamd-dbg in the armhf repo and I have not been able to generate any core dumps.

This is based on the rspamd included in the Ubuntu 20.10 repository. So far as I can tell, there is no ARM version available in the rspamd repository, at least by specifying arch=armhf or arch=arm64.

Ref : The section "Rule weights" implies a discussion of "weights". But the first line reads :

"Rule weights are usually defined in the metrics section and contain the following data: score triggers for different actions, symbol scores, symbol descriptions, symbol group definitions".

So, the specific topic of weights is just a part of the information covered. The general topic is more about the different ways available to define rules.

Also, from above: "score triggers for different actions" and "symbol scores", isn't that the same thing?

Suggestions:

1. Rename this section to something like "Ways to define Rules".
2. Where the text says "Define scores...", change to "Define symbols".
3. Similarly, for this sentence: "Please bear in mind that the scores you define directly from Lua have lower priority and are overriden by scores defined in the groups.conf file. WebUI defined scores have even higher priority."
   • Change to "Please bear in mind that the symbols you define directly from Lua have lower priority and are overriden by symbols defined in other configuration files. WebUI defined symbos have even higher priority."
4. Move and rename the section "Rspamd symbols" higher up in the doc to introduce concepts, and change the name to "Rspamd Rules", since that section describes rule types, including filters, and not just symbols.

In general, I'd like to make other changes like this, are we agreed that changes like this make sense?

Thanks.

Hi,

is this the current spec file that is used to build the CentOS packages?

If it is, the info regarding the CentOS builds in the downloads section is wrong.
That spec file does not enable neither Hyperscan nor LuaJIT on CentOS.
Hyperscan is not even in there and LuaJIT is enabled for Fedora and openSUSE only.
Both requirements are met since EPEL 8, so there is no reason to gimp current CentOS builds.

If this is not the current spec file, than where is it?
I'd like to build rspamd for RHEL 9 and a somewhat current spec file would help quite a bit.

Thanks.

Now at version 2.2. redis key isn't include per_user name, it only have RS_.
But before 2.0, i can use my custom userid for per_user.
my config is:

classifier "bayes" {
    tokenizer {
    name = "osb";
    }
    name = "base";
    backend = "redis";
    min_tokens = 11;
    min_learns = 200;
    autolearn = false;
    new_schema = true;

    per_user = <<EOD
return function(task)
    local rcpt = task:get_header('USER_ID')

    if (rcpt ~= nil and rcpt ~= '') then
        return rcpt
    end

    return nil
end
EOD

    statfile {
        symbol = "BAYES_HAM";
        spam = false;
    }
    statfile {
        symbol = "BAYES_SPAM";
        spam = true;
    }
    learn_condition = 'return require("lua_bayes_learn").can_learn';
}

feature require "Using Lua scripts for per_user classifier".
Does this feature still work?

This ticket documents a series of updates that are being applied to dmarc.md.
As usual there are a number of trivial cleanup details and content clarifications. But the current doc is not adequate to guide a user/admin smoothly through this area. Significant changes are required to bring the material up to date, and to guide a user/admin smoothly through configuration. This is especially true now with code changes recently made in v3.3.

Examples of proposed content revisions

• The introduction on this page needs to clarify exactly what this module does.
• Clarification is required for configuration of each feature of this module, including determination of disposition, actions, Redis logging, and outbound reporting of aggregate data to domain owners.
• Clarifications and references are required regarding the Redis details - for using the common redis configs or for using Redis configs that are specific to DMARC processing.
• Details have changed and enhancements have been made in v3 related to exclusion of eSLDs for sampling, and also for reporting
• The munging section is recent, adequate, and only requires trivial tweaks.

( Many of these changes are already complete and in-progress. )

My intent for this ticket is that I will offer a series of small PRs to get the content current and complete, without striving for ideal. Subsequent tickets can move forward with refinements and enhancements. I understand the material and am qualified to do all of the work described here. But there are nuances that require confirmations and corrections from @vstakhov, and with respect for his time and to ensure quality, my intent is to move through this slowly.

I'm hoping @fatalbanana, @moisseev, and others will offer to help vet this material and comment. As noted in #502, this might be a good project to get other eyes on the process, get suggestions for content, and get other participation from the user base. A Discussion section in this repo would help, so that tickets like this for specific actions can be separated from random comments and suggestions.

Thanks for your time.

We need to add a description of r regexp flag to the regexp module documentation.

Hi, I found some typos in here https://github.com/rspamd/rspamd.com/blob/master/doc/configuration/composites.md#composite-weight-rules.

If I am guessing right, the ~ should be meaning to keep the symbol while remove the weight? So it should be

• If C is ~A & B, then rule A is preserved, but it's weight is removed,
  leading to the total weight of W_c only

instead of

• If C is ~A & B, then rule A is preserved, but it's weight is removed,
  leading to the total weight of W_a only

Then in few lines below:

If we rewrite the previous example but replace - with ~ then DATE_IN_PAST will be removed (however, its weight won't be removed):

This does not making sense.

By the way, the second example is no difference with the first example.

Any ideas? But actually what is the meaning of ~? Clarify it, then others are just correcting typos in the doc.

I checked the regexp module page, and could not make a working .conf file.

Specifically, I found this in the code:

reconf['MICROSOFT_SPAM'] = {
  -- https://technet.microsoft.com/en-us/library/dn205071(v=exchg.150).aspx
  re = 'X-Forefront-Antispam-Report=/SFV:SPM/H',
  score = 4.0,
  description = "Microsoft says the message is spam",
  group = 'upstream_spam_filters'
}

And wanted an expression like:

re = 'X-Forefront-Antispam-Report=/SFV:SPM/iH'

But the regexp page speaks only about regexp, and Internal functions, but not how to use them.

Which internal function do we call to say "yup, definitely spam, drop this shit"? Why perform all those binary checks (internal functions) if the regexp itself is the check we need?

Please show an example (and document it) that can go in local.d/regexp.conf - Ideally one that will immediately a) learn spam and reject or b) drop or discard

Today, with milter-regex, the syntax there is clear, e.g.:

discard
header /^X-Microsoft-Antispam$/i /.*BCL\:[1-9]*/i

discard
header /^X-Forefront-Antispam-Report$/i /.*SFV\:SPM.*/i

In the documentation max_rcpts is mentioned as a configuration option, but judging by the code it actually should be max_rcpt.

After enabling the SPAMHAUS_ZEN_URIBL, I noticed rspamd checked the IP addresses URLs in a message resolved to against this RBL.

While this is perfectly fine and absolutely the behaviour I want, it contradicts to the documentation of the RBL-specific parameters, where email is referred to as "email addresses found in a message-body". Despite having only the email check set, SPAMHAUS_ZEN_URIBL actually behaves like the urls check would have been set.

This looks like a minor inconsistency in the documentation to me. SPAMHAUS_ZEN_URIBL, as it is configured in conf/modules.d/rbl.conf at the time of writing, works as intended if enabled.

Hi,
I tried to add my rspamd webui to my apache webserver via proxy as described in https://github.com/rspamd/rspamd.com/blob/master/doc/faq.md#how-to-use-the-webui-behind-a-proxy-server, but after several fails I realized that the docs are wrong here.

First of all the minor problem: I suggest do replace the Location block in apache config:

<Location /rspamd>
	Order allow,deny
	Allow from all
</Location>

with a version that works for apache2 as well as with the newer ones, because the current faq entry doesn't reflect the new syntax:

<Location /rspamd>
 <IfVersion >= 2.3>
      Require all granted
  </IfVersion>
  <IfVersion < 2.3>
      Order allow,deny
      Allow from all
  </IfVersion>
</Location>

Sadly, for the second problem I don't have a fix at hand, because I'm not sure if this is fixable by docs or must fixed in the code.
Currently, the docs say

RewriteRule ^/rspamd$ /rspamd/ [R,L]
RewriteRule ^/rspamd/(.*) http://localhost:11334/$1 [P,L]

Problem is, that this doesn't work for the webui. The main page does indeed get loaded, but all referrals (like the logo image, the css stylesheets etc) are broken. I think this is because (for example) the logo is referenced in the code as
<img src="./img/rspamd_logo_navbar.png" alt="Rspamd">
Because of the ./ in the beginning of the URI, the browser tries to open https://hostname.domain.tld/img/rspamd_logo_navbar.png instead of https://hostname.domain.tld/rspamd/img/rspamd_logo_navbar.png, which makes the webui unusable.

Also, using proxy is also available for apache, e.g.

	ProxyPass "http://localhost:11334/"
	ProxyPassReverse "http://localhost:11334/"

but this also fails due to the above mentioned URL problem. Currently, the only solution is to place the webui proxy into a separate <VirtualHost> container where you can omit the /rspamd location.

I hope it's clear what I'm trying to report, if not, don't hesitate to ask for more input :)

Frank

Default modules.d/hfilter.conf says:

Module documentation can be found at https://rspamd.com/doc/modules/hfilter.html

but this pages leads to a 404 not found.

Please add documentation for the hfilter module.

I have some random crash since last version 2.2 on Debian 9.11 with exim and dovecot. Here is the log :

2019-12-31 03:01:39 #28690(normal) <9039de>; task; rspamd_task_load_message: got input of length 0
2019-12-31 03:01:39 #28690(normal) <9039de>; task; rspamd_task_process: completed stage 1
2019-12-31 03:01:39 #28690(normal) <9039de>; task; rspamd_task_process: completed stage 2
2019-12-31 03:01:39 #28690(normal) <9039de>; task; rspamd_message_parse: construct mime parser from string length 2529
2019-12-31 03:01:39 #28690(normal) <9039de>; task; rspamd_mime_headers_process: start processing headers
2019-12-31 03:01:39 #28690(normal) <9039de>; task; rspamd_mime_headers_process: go to state: 99->4
2019-12-31 03:01:39 #28690(normal) <9039de>; task; rspamd_mime_header_add: add new raw header X-Envelope-From: <[email protected]>
2019-12-31 03:01:39 #28690(normal) <9039de>; task; rspamd_mime_headers_process: go to state: 99->4
2019-12-31 03:01:39 #28690(normal) <9039de>; task; rspamd_mime_header_add: add new raw header X-Envelope-To: fr***@******.com
2019-12-31 03:01:39 #28690(normal) <9039de>; task; rspamd_mime_headers_process: go to state: 99->3
2019-12-31 03:01:39 #28690(normal) <9039de>; task; rspamd_mime_headers_process: go to state: 99->3
2019-12-31 03:01:39 #28690(normal) <9039de>; task; rspamd_mime_headers_process: go to state: 99->3
2019-12-31 03:01:39 #28690(normal) <9039de>; task; rspamd_mime_headers_process: go to state: 99->3
2019-12-31 03:01:39 #28690(normal) <9039de>; task; rspamd_mime_headers_process: go to state: 99->4
2019-12-31 03:01:39 #28690(normal) <9039de>; task; rspamd_mime_header_add: add new raw header Received: from msa508.odn.ne.jp ([210.134.90.8] helo=cmsa508.odn.ne.jp) by srv1.e******.org with esmtp (Exim 4.89) (envelope-from <[email protected]>) id 1im6qo-00066V-KQ for fr***@*******.com; Tue, 31 Dec 2019 03:01:39 +0100
2019-12-31 03:01:39 #28690(normal) <9039de>; task; rspamd_mime_headers_process: go to state: 99->3
2019-12-31 03:01:39 #28690(normal) <9039de>; task; rspamd_mime_headers_process: go to state: 99->3
2019-12-31 03:01:39 #28690(normal) <9039de>; task; rspamd_mime_headers_process: go to state: 99->4
2019-12-31 03:01:39 #28690(normal) <9039de>; task; rspamd_mime_header_add: append raw header Received: from vmsa508.odn.ne.jp by cmsa508.odn.ne.jp with ESMTP id <[email protected]> for <fr***@e******.com>; Tue, 31 Dec 2019 11:01:34 +0900
2019-12-31 03:01:39 #28690(normal) <9039de>; task; rspamd_mime_headers_process: go to state: 99->3
2019-12-31 03:01:39 #28690(normal) <9039de>; task; rspamd_mime_headers_process: go to state: 99->3
2019-12-31 03:01:39 #28690(normal) <9039de>; task; rspamd_mime_headers_process: go to state: 99->4
2019-12-31 03:01:39 #28690(normal) <9039de>; task; rspamd_mime_header_add: append raw header Received: from msrg5081.rgserv.odn.ne.jp by vmsa508.odn.ne.jp with ESMTP id <[email protected]> for <fr***@e******.com>; Tue, 31 Dec 2019 11:01:34 +0900
2019-12-31 03:01:39 #28690(normal) <9039de>; task; rspamd_mime_headers_process: go to state: 99->3
2019-12-31 03:01:39 #28690(normal) <9039de>; task; rspamd_mime_headers_process: go to state: 99->4
2019-12-31 03:01:39 #28690(normal) <9039de>; task; rspamd_mime_header_add: append raw header Received: from pop01.odn.ne.jp (123.21.9.122) by msrg5081.rgserv.odn.ne.jp (9.0.018.07.06) id 5DFC332E00C2F818 for fr***@e******.com; Tue, 31 Dec 2019 11:01:34 +0900
2019-12-31 03:01:39 #28690(normal) <9039de>; task; rspamd_mime_headers_process: go to state: 99->4
2019-12-31 03:01:39 #28690(normal) <9039de>; task; rspamd_mime_header_add: add new raw header To: "fr***" <fr***@e******.com>
2019-12-31 03:01:39 #28690(normal) <9039de>; task; rspamd_mime_headers_process: go to state: 99->4
2019-12-31 03:01:39 #28690(normal) <9039de>; task; rspamd_mime_header_add: add new raw header From: Gerdolle David Sci Immodag <[email protected]>
2019-12-31 03:01:39 #28690(normal) <9039de>; task; rspamd_mime_headers_process: go to state: 99->3
2019-12-31 03:01:39 #28690(normal) <9039de>; task; rspamd_mime_headers_process: go to state: 99->4
2019-12-31 03:01:39 #28690(normal) <9039de>; task; rspamd_mime_header_add: add new raw header Content-Type: multipart/alternative; boundary="Apple-Mail-9E0B7B38-AFE3-420B-B1AC-740015D68AB3"
2019-12-31 03:01:39 #28690(normal) <9039de>; task; rspamd_mime_headers_process: go to state: 99->4
2019-12-31 03:01:39 #28690(normal) <9039de>; task; rspamd_mime_header_add: add new raw header Message-ID: <[email protected]>
2019-12-31 03:01:39 #28690(normal) <9039de>; task; rspamd_mime_headers_process: go to state: 99->4
2019-12-31 03:01:39 #28690(normal) <9039de>; task; rspamd_mime_header_add: add new raw header Date: Mon, 30 Dec 2019 17:01:33 -0900
2019-12-31 03:01:39 #28690(normal) <9039de>; task; rspamd_mime_headers_process: go to state: 99->4
2019-12-31 03:01:39 #28690(normal) <9039de>; task; rspamd_mime_header_add: add new raw header MIME-Version: 1.0
2019-12-31 03:01:39 #28690(normal) <9039de>; task; rspamd_mime_header_add: add new raw header Subject: Re: Re: (7)
2019-12-31 03:01:39 #28690(normal) <9039de>; task; rspamd_mime_headers_process: start processing headers
2019-12-31 03:01:39 #28690(normal) <9039de>; task; rspamd_mime_headers_process: go to state: 99->4
2019-12-31 03:01:39 #28690(normal) <9039de>; task; rspamd_mime_header_add: add new raw header Content-Type: text/plain; charset=utf-8; format=flowed
2019-12-31 03:01:39 #28690(normal) <9039de>; task; rspamd_mime_header_add: add new raw header Content-Transfer-Encoding: 7bit
2019-12-31 03:01:39 #28690(normal) <9039de>; task; rspamd_mime_headers_process: start processing headers
2019-12-31 03:01:39 #28690(normal) <9039de>; task; rspamd_mime_headers_process: go to state: 99->4
2019-12-31 03:01:39 #28690(normal) <9039de>; task; rspamd_mime_header_add: add new raw header Content-Type: text/html; charset=utf-8
2019-12-31 03:01:39 #28690(normal) <9039de>; task; rspamd_mime_header_add: add new raw header Content-Transfer-Encoding: 7bit
2019-12-31 03:01:39 #28690(normal) <9039de>; task; rspamd_message_parse: found 3 parts in message
2019-12-31 03:01:39 #28690(normal) <9039de>; task; rspamd_task_process: completed stage 4
2019-12-31 03:01:39 #28690(normal) <9039de>; task; rspamd_task_process: need more work on stage 8
2019-12-31 03:01:39 #28690(normal) <9039de>; task; rspamd_task_process: need more processing on stage 8
2019-12-31 03:01:39 #28690(normal) <9039de>; task; rspamd_task_process: completed stage 8
2019-12-31 03:01:39 #28690(normal) rspamd_crash_sig_handler: caught fatal signal 11(Segmentation fault), pid: 28690, trace: 
2019-12-31 03:01:39 #28690(normal) rspamd_print_crash: 0: 00007FA047B58676: strlen()+0x26
2019-12-31 03:01:39 #28690(normal) rspamd_print_crash: 1: 00007FA048CF449F: rspamd_vprintf_common()+0xd3f
2019-12-31 03:01:39 #28690(normal) rspamd_print_crash: 2: 00007FA048CE5B1B: rspamd_conditional_debug()+0x19b
2019-12-31 03:01:39 #28690(normal) rspamd_print_crash: 3: 00007FA048D70399: rspamd_stem_words()+0xf9
2019-12-31 03:01:39 #28690(normal) rspamd_print_crash: 4: 00007FA048D87C45: rspamd_message_process()+0x1745
2019-12-31 03:01:39 #28690(normal) rspamd_print_crash: 5: 00007FA048D5782D: rspamd_task_process()+0x37d
2019-12-31 03:01:39 #28690(normal) rspamd_print_crash: 6: 00007FA048D57A4D: rspamd_task_process()+0x59d
2019-12-31 03:01:39 #28690(normal) rspamd_print_crash: 7: 00007FA048D57A4D: rspamd_task_process()+0x59d
2019-12-31 03:01:39 #28690(normal) rspamd_print_crash: 8: 00007FA048D5742D: rspamd_task_fin()+0x1d
2019-12-31 03:01:39 #28690(normal) rspamd_print_crash: 9: 00007FA048D2C0C1: rspamd_session_remove_event_full()+0x311
2019-12-31 03:01:39 #28690(normal) rspamd_print_crash: 10: 00007FA048EBB271: rdns_process_read()+0x401
2019-12-31 03:01:39 #28690(normal) rspamd_print_crash: 11: 00007FA049944721: ev_invoke_pending()+0x71
2019-12-31 03:01:39 #28690(normal) rspamd_print_crash: 12: 00007FA0499453FC: ev_run()+0xcbc
2019-12-31 03:01:39 #28690(normal) rspamd_print_crash: 13: 00000000004169FF: _init()+0xd31f
2019-12-31 03:01:39 #28690(normal) rspamd_print_crash: 14: 00007FA048D63544: rspamd_fork_worker()+0xb64
2019-12-31 03:01:39 #28690(normal) rspamd_print_crash: 15: 00000000004166C7: _init()+0xcfe7
2019-12-31 03:01:39 #28690(normal) rspamd_print_crash: 16: 00007FA049944721: ev_invoke_pending()+0x71
2019-12-31 03:01:39 #28690(normal) rspamd_print_crash: 17: 00007FA0499453FC: ev_run()+0xcbc
2019-12-31 03:01:39 #28690(normal) rspamd_print_crash: 18: 0000000000414D4E: _init()+0xb66e
2019-12-31 03:01:39 #28690(normal) rspamd_print_crash: 19: 00007FA047AF82E1: __libc_start_main()+0xf1
2019-12-31 03:01:39 #28690(normal) rspamd_print_crash: 20: 000000000040B44A: _init()+0x1d6a
2019-12-31 03:01:39 #28690(normal) rspamd_print_crash: 21: 0000000000000000: <unknown>
2019-12-31 03:01:39 #28690(normal) rspamd_crash_sig_handler: please see Rspamd FAQ to learn how to dump core files and how to fill a bug report
2019-12-31 03:01:39 #14708(main) <f5362b>; main; rspamd_check_termination_clause: normal process 28690 terminated abnormally with exit code 0 by signal: Segmentation fault but NOT created core file (throttled=no); core file limits: 0 current, -1 max

Environement:

• Debian 10
• Apache Webserver as proxy
• Packages from rspamd debian repos (Version 2.5-156~buster)

Behaviour:

• I upload any message in the webui (just typing a few chars is sufficient)
• submit
• Controller always segfaults

Stacktrace:

2020-07-23 10:37:03 #10628(controller) rspamd_crash_sig_handler: caught fatal signal 11(Segmentation fault), pid: 10628, trace: 
2020-07-23 10:37:03 #10628(controller) rspamd_print_crash: 0: 000055B355697398: <unknown>
2020-07-23 10:37:03 #10628(controller) rspamd_print_crash: 1: 00007F2F216683DA: rspamd_session_pending()+0x5a
2020-07-23 10:37:03 #10628(controller) rspamd_print_crash: 2: 000055B35569A497: <unknown>
2020-07-23 10:37:03 #10628(controller) rspamd_print_crash: 3: 00007F2F21627AFE: rspamd_http_router_new()+0x60e
2020-07-23 10:37:03 #10628(controller) rspamd_print_crash: 4: 00007F2F2162835C: rspamd_http_connection_new_keepalive()+0x12c
2020-07-23 10:37:03 #10628(controller) rspamd_print_crash: 5: 00007F2F21586948: http_parser_execute()+0xf78
2020-07-23 10:37:03 #10628(controller) rspamd_print_crash: 6: 00007F2F21627D96: rspamd_http_router_new()+0x8a6
2020-07-23 10:37:03 #10628(controller) rspamd_print_crash: 7: 00007F2F2118EA9E: ev_invoke_pending()+0x5e
2020-07-23 10:37:03 #10628(controller) rspamd_print_crash: 8: 00007F2F211944E8: ev_run()+0xf08
2020-07-23 10:37:03 #10628(controller) rspamd_print_crash: 9: 000055B3556969A3: <unknown>
2020-07-23 10:37:03 #10628(controller) rspamd_print_crash: 10: 00007F2F2162B240: rspamd_fork_worker()+0x550
2020-07-23 10:37:03 #10628(controller) rspamd_print_crash: 11: 000055B355690436: <unknown>
2020-07-23 10:37:03 #10628(controller) rspamd_print_crash: 12: 000055B355690772: <unknown>
2020-07-23 10:37:03 #10628(controller) rspamd_print_crash: 13: 000055B355689563: <unknown>
2020-07-23 10:37:03 #10628(controller) rspamd_print_crash: 14: 00007F2F20FEB09B: __libc_start_main()+0xeb
2020-07-23 10:37:03 #10628(controller) rspamd_print_crash: 15: 000055B3556899FA: <unknown>
2020-07-23 10:37:03 #10628(controller) rspamd_crash_sig_handler: please see Rspamd FAQ to learn how to dump core files and how to fill a bug report

A coredump is available. When I open it with gdb, it shows:

Reading symbols from /usr/bin/rspamd...(no debugging symbols found)...done.
[New LWP 10628]
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
Core was generated by `rspamd: controller process (localhost:11334) '.
Program terminated with signal SIGSEGV, Segmentation fault.
#0  0x000055b355697398 in ?? ()

Hello,

the FAQ says under point "Which backend should I use for statistics"

# rspamadm statconvert -d bayes.spam.sqlite -h 127.0.0.1:6379 -s BAYES_SPAM
# rspamadm statconvert -d bayes.ham.sqlite -h 127.0.0.1:6379 -s BAYES_HAM \
-c learn_cache.sqlite

But these commands don't seem to be valid anymore for 1.8. Actually I have the current 1.8.1 experimental snapshot installed:

# r# rspamadm statconvert -d bayes.spam.sqlite -h 127.0.0.1:6379 -s BAYES_SPAM
No spam-db specified

It seems that you must specify --spam-db and --ham-db now at once. Not in 2 seperate commands

The docs specify following instruction how to install rspamd on debian.

apt-get install -y lsb-release wget # optional
CODENAME=`lsb_release -c -s`
wget -O- https://rspamd.com/apt-stable/gpg.key | apt-key add -
echo "deb [arch=amd64] http://rspamd.com/apt-stable/ $CODENAME main" > /etc/apt/sources.list.d/rspamd.list
echo "deb-src [arch=amd64] http://rspamd.com/apt-stable/ $CODENAME main" >> /etc/apt/sources.list.d/rspamd.list
apt-get update
apt-get --no-install-recommends install rspamd

This is highly insecure as it is adding non-Debian keys to the global trusted keyring - and will stop working in the near future. See

• https://michael-prokop.at/blog/2021/02/16/how-to-properly-use-3rd-party-debian-repository-signing-keys-with-apt/
• https://wiki.debian.org/DebianRepository/UseThirdParty
• https://manpages.debian.org/testing/apt/apt-key.8.en.html

Correct instructions are:

sudo apt-get install -y lsb-release wget # optional
CODENAME=`lsb_release -c -s`
sudo mkdir -p /etc/apt/keyrings
wget -O- https://rspamd.com/apt-stable/gpg.key | gpg --dearmor | sudo tee /etc/apt/keyrings/rspamd.gpg > /dev/null
echo "deb [arch=amd64 signed-by=/etc/apt/keyrings/rspamd.gpg] http://rspamd.com/apt-stable/ $CODENAME main" | sudo tee /etc/apt/sources.list.d/rspamd.list
echo "deb-src [arch=amd64 signed-by=/etc/apt/keyrings/rspamd.gpg] http://rspamd.com/apt-stable/ $CODENAME main"  | sudo tee -a /etc/apt/sources.list.d/rspamd.list
sudo apt-get update
sudo apt-get --no-install-recommends install rspamd

Hello. We are running rspamd on our server, and it fails on a lot of emails:

Core dump attached.
rspamd-595120.zip

I don't think many people know about the spamd/rspamd.com repo which contains all of the site documentation.

Can we add more references around the code project and in the docs themselves, so that people know where to go to ask questions about doc content and note issues with the doc pages?

I'm also hoping we can create a Discussions section in the docs repo. If someone asks "how does this feature work?", that's a question for the rspamd code project. But if they say "I don't understand this text", that's a doc issue. It would be helpful to separate those components.

When someone asks a question in one of the Support groups, the answers are lost if not transferred into the documentation. The time taken to answer a question in one medium doesn't help those monitoring another. It would be better if the answer is always "Here is the answer, someone should create a ticket to get this into the docs". With a ticket created, perhaps some discussion to formulate good docs, and a reference to the original Q&A, we can then refer back from the doc for more complete information on a lot of topics.

If this initiative is approved, I'll take the time to add notes to the ReadMe pages, Support, and other places, and I'll monitor some of the discussion areas to encourage people to contribute doc notes and/or to submit requests for specific doc changes.

Thanks.

I landed first in the DKIM (C module) documentation and used it to signing outgoing emails. It works fine, however I only then realized that there is the DKIM signing module. There should be a reference in the DKIM C module description.

https://rspamd.com/doc/modules/ratelimit.html#composable-ratelimits

local custom_keywords = {}
local d = {}

custom_keywords.customrl = function(task)
  local rspamd_logger = require "rspamd_logger"
  -- create map
  d['badusers'] = rspamd_config:add_map({
    ['url']= '/etc/rspamd/badusers.map',
    ['type'] = 'set',
    ['description'] = 'Bad users'
  })
  -- get authenticated user
  local user = task:get_user()
  -- define a ratelimit
  -- a ratelimit can be defined in simplified form (10 / 1m) or as a bucket config (table)
  local crl = "10 / 1m"
  if not user then return end -- no user, return nil
  if d['badusers']:get_key(user) then
    rspamd_logger.infox(rspamd_config, "User %s is bad, returning custom ratelimit %s", user, crl)
    -- return redis hash to store rl data and a ratelimit
    -- our redis hash will be "rs_custom_rl_john.doe" assuming user == john.doe
    return "rs_customrl_" .. user, crl
  else
    return -- user is not in map, return nil
  end
end

return custom_keywords

This code does not work (at least for me). This is always false, even if the username is in the .map file:
if d['badusers']:get_key(user) then

Only if I move the following code out of the function (move before the function, after "local d = {}"), then it works:

d['badusers'] = rspamd_config:add_map({
    ['url']= '/etc/rspamd/badusers.map',
    ['type'] = 'set',
    ['description'] = 'Bad users'
  })

I don't know why, but now the map is loaded, and ratelimiting works as expected 😄

Hi,
It seems due to recent security changes in apt in debian unstable it's not possible to download rspamd anymore:

apt-get update
E: The repository 'http://rspamd.com/apt-stable sid Release' does no longer have a Release file.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.

According to manpage this should resolve the issue:

ARCHIVE CONFIGURATION
       If you want to provide archive signatures in an archive under your
       maintenance you have to:

       ·   Create a toplevel Release file, if it does not exist already. You
           can do this by running apt-ftparchive release (provided in
           apt-utils).

       ·   Sign it. You can do this by running gpg --clearsign -o InRelease
           Release and gpg -abs -o Release.gpg Release.

       ·   Publish the key fingerprint, so that your users will know what key
           they need to import in order to authenticate the files in the
           archive. It is best to ship your key in its own keyring package
           like Debian does with debian-archive-keyring to be able to
           distribute updates and key transitions automatically later.

       ·   Provide instructions on how to add your archive and key. If your
           users can't acquire your key securely the chain of trust described
           above is broken. How you can help users add your key depends on
           your archive and target audience ranging from having your keyring
           package included in another archive users already have configured
           (like the default repositories of their distribution) to leveraging
           the web of trust.

       Whenever the contents of the archive change (new packages are added or
       removed) the archive maintainer has to follow the first two steps
       outlined above.

I am looking to migrate from SpamAssassin to Rspamd.

I am referring to Migrating from SA page i.e.

https://github.com/rspamd/rspamd.com/blob/master/doc/tutorials/migrate_sa.md
OR
https://rspamd.com/doc/tutorials/migrate_sa.html

Under Before you start -> Point number 1 -
There is link to https://rspamd.com/rspamd_statistics/

But this page gives 404 Not Found error.

So please check.

Hello

Just letting you know that https://rspamd.com/doc/rspamadm.html#rspamadm-statconvert does not work on Rspamd 2.4 producing an error along the lines of rspamadm_statconvert: No spam-db specified

However, the command on the FAQ page worked at https://rspamd.com/doc/faq.html#which-backend-should-i-use-for-statistics

Suggest you link to the FAQ article from rspamadm so you do not have update in multiple places.

Regards

It seems luaforge.net is gone. There is a link to the OSBF PDF on the SA Migration page which no longer exists. I have the PDF. Should we save it into this repo and link locally?

Dear all,

I am having a folder in local.d/blacklisted_ips in which there are multiple files containing malicious IPs.
Is there anyway to include a directory containing multiple files in the map variable in multimap.conf instead of a specific filename like ip_bl.map

Can I write like this for example? Please help me. Thank you. Main objective is to block all the files(they contain malicious ips list) under LOCAL_CONFDIR/local.d/blacklisted_ips directory.

local_bl_ip { type = "ip"; map = "$LOCAL_CONFDIR/local.d/blacklisted_ips"; symbol = "LOCAL_BL_IP"; description = "Local ip blacklist";score = 10;}

Does the above statement work?

Documentation of bayes autolearn is outdated I think.

In statistic.conf I see that autolearn seems to be an "autolearn" section:
https://github.com/rspamd/rspamd/blob/c9a38e190d244b1b035504be18d0fb9a6271d031/conf/statistic.conf#L45

On the current documentation page it looks like it's only one setting "autolearn = xxx", which seems to be outdated?
https://rspamd.com/doc/configuration/statistic.html#autolearning

Hi,

Can you clarify Redis statistics configuration and changes to make since 1.7 release ? Based on this commit is the following configuration valid ?

# local.d/statistic.conf

classifier "bayes" {

  tokenizer {
    name = "osb";
  }

  backend = "redis";
  min_tokens = 11;
  min_learns = 10;
  autolearn = true;

  # Use new schema (1.7+)
  new_schema = true;
  # Enable per user statistics
  per_user = true;
  # Expire bayes tokens
  expire = 100d;
  # Store not only probabilities, but full tokens, false by default
  #store_tokens = true;
  # Store bayes signatures
  #signatures = true;

  statfile {
    symbol = "BAYES_HAM";
    spam = false;
  }
  statfile {
    symbol = "BAYES_SPAM";
    spam = true;
  }

  learn_condition =<<EOD
return function(task, is_spam, is_unlearn)
  local prob = task:get_mempool():get_variable('bayes_prob', 'double')

  if prob then
    local in_class = false
    local cl
    if is_spam then
      cl = 'spam'
      in_class = prob >= 0.95
    else
      cl = 'ham'
      in_class = prob <= 0.05
    end

    if in_class then
      return false,string.format('already in class %s; probability %.2f%%',
        cl, math.abs((prob - 0.5) * 200.0))
    end
  end

  return true
end
EOD
}

My configuration prior rspamd 1.7 is available here.

https://rspamd.com/doc/modules/neural.html says that neural is explicitly disabled by default, but this seems to be outdated. On a fresh install, the module seems enabled as reported by rspamadm configwizard.