Text only | Text with Images

OPNsense Forum

International Forums => German - Deutsch => Topic started by: Cordial on January 22, 2021, 09:33:21 AM

Title: RspamD - Spamfunktion
Post by: Cordial on January 22, 2021, 09:33:21 AM
Moin zsam,

Hab seit paar Tagen die OPNsense als Mail GW voll im Einsatz. Generell viel weniger Spams, bis garnicht, aber bekomme manchmal Emails zugestellt, die eigentlich auf Blacklist stehen, z. B.:

https://prnt.sc/xfi8b3

Hier der Log vom Postfix:

Code Select
2021-01-22T08:41:30 postfix/smtp[5736] B0C4527365: to=<meineMail>, relay=192.168.3.4[192.168.3.4]:25, delay=78, delays=78/0.06/0.02/0.28, dsn=2.6.0, status=sent (250 2.6.0 <442ab49d66e2cc508a9adc8ebbd9661e@www.austriadoktor24.xyz> [InternalId=139191300128806, Hostname=MeinMailserver] 199794 bytes in 0.234, 832,363 KB/sec Queued mail for delivery)
2021-01-22T08:41:30 postfix/smtpd[94637] disconnect from host.cholbe.com[67.225.182.250] ehlo=2 starttls=1 mail=1 rcpt=1 data=1 quit=1 commands=7
2021-01-22T08:41:30 postfix/qmgr[37410] B0C4527365: from=<support@shebanin.com>, size=196673, nrcpt=1 (queue active)
2021-01-22T08:40:12 postfix/cleanup[4573] B0C4527365: message-id=<442ab49d66e2cc508a9adc8ebbd9661e@www.austriadoktor24.xyz>
2021-01-22T08:40:12 postfix/smtpd[94637] B0C4527365: client=host.cholbe.com[67.225.182.250]

Ist sauber im Posteingang angekommen. Ich verstehe nicht warum.
Title: Re: RspamD - Spamfunktion
Post by: mimugmail on January 22, 2021, 10:20:10 AM
Was sagt denn das rspamd log zu der Mail?
Title: Re: RspamD - Spamfunktion
Post by: Cordial on January 22, 2021, 10:33:42 AM
Ja klar. Hätte ich natürlich mit einfügen sollen. Musste bissel suchen, aber hier das Log vom RspamD:

Code Select
2021-01-22 08:40:11 #42502(rspamd_proxy) <50d28f>; proxy; proxy_accept_socket: accepted milter connection from 127.0.0.1 port 3684
2021-01-22 08:40:12 #42502(rspamd_proxy) <50d28f>; milter; rspamd_milter_process_command: got connection from 67.225.182.250:59198
2021-01-22 08:40:54 #43422(controller) <9i1dgi>; map; http_map_finish: data is not modified for server www.openphish.com, next check at Fri, 22 Jan 2021 07:45:54 GMT (timer based)
2021-01-22 08:41:28 #42502(rspamd_proxy) <50d28f>; proxy; proxy_backend_master_error_handler: abnormally closing connection from backend: [::1]:11333, error: IO write error: Broken pipe, retries left: 4
2021-01-22 08:41:28 #42502(rspamd_proxy) <50d28f>; proxy; proxy_backend_master_error_handler: retry connection to: 127.0.0.1 retries left: 4
2021-01-22 08:41:28 #45043(normal) <6fdd02>; task; rspamd_worker_body_handler: accepted connection from 127.0.0.1 port 63961, task ptr: 00000479F26E64A0
2021-01-22 08:41:28 #45043(normal) <6fdd02>; task; rspamd_message_parse: loaded message; id: <442ab49d66e2cc508a9adc8ebbd9661e@www.austriadoktor24.xyz>; queue-id: <B0C4527365>; size: 196436; checksum: <2f1b7950467126566a4420189b4e90b4>
2021-01-22 08:41:28 #45043(normal) <6fdd02>; task; rspamd_mime_part_detect_language: detected part language: de
2021-01-22 08:41:28 #45043(normal) <6fdd02>; task; rspamd_mime_part_detect_language: detected part language: de
2021-01-22 08:41:29 #45043(normal) <6fdd02>; task; rspamd_symcache_finalize_item: slow rule: RBL_SENDERSCORE(275): 774.15 ms; enable slow timer delay
2021-01-22 08:41:29 #45043(normal) <6fdd02>; task; rspamd_symcache_finalize_item: slow rule: SEM_URIBL_UNKNOWN(269): 841.44 ms
2021-01-22 08:41:29 #45043(normal) <6fdd02>; task; rspamd_symcache_finalize_item: slow rule: DWL_DNSWL(266): 1091.19 ms; enable slow timer delay
2021-01-22 08:41:29 #45043(normal) <6fdd02>; task; rspamd_symcache_finalize_item: slow rule: SEM_URIBL_FRESH15_UNKNOWN(282): 1065.21 ms
2021-01-22 08:41:29 #45043(normal) <6fdd02>; task; rspamd_symcache_finalize_item: slow rule: RBL_SEM(268): 1256.79 ms; enable slow timer delay
2021-01-22 08:41:30 #45043(normal) <6fdd02>; task; rspamd_symcache_finalize_item: slow rule: MX_INVALID(258): 1687.15 ms; enable slow timer delay
2021-01-22 08:41:30 #45043(normal) <6fdd02>; task; rspamd_spf_maybe_return: stored record for shebanin.com (0x31529cc1615bd89d) in LRU cache for 2909 seconds, 6/2000 elements in the cache
2021-01-22 08:41:30 #45043(normal) <6fdd02>; task; rspamd_symcache_finalize_item: slow rule: SPF_CHECK(288): 1889.99 ms; enable slow timer delay
2021-01-22 08:41:30 #45043(normal) <6fdd02>; task; rspamd_symcache_finalize_item: slow rule: HFILTER(236): 2004.50 ms; enable slow timer delay
2021-01-22 08:41:30 #45043(normal) <6fdd02>; task; rspamd_redis_connected: skip obtaining bayes tokens for BAYES_HAM of classifier bayes: not enough learns 0; 200 required
2021-01-22 08:41:30 #45043(normal) <6fdd02>; task; rspamd_redis_connected: skip obtaining bayes tokens for BAYES_SPAM of classifier bayes: not enough learns 0; 200 required
2021-01-22 08:41:30 #45043(normal) <6fdd02>; task; rspamd_stat_classifiers_process: skip statistics as SPAM class is missing
2021-01-22 08:41:30 #45043(normal) <6fdd02>; lua; greylist.lua:318: Score too low - skip greylisting
2021-01-22 08:41:30 #45043(normal) <6fdd02>; task; rspamd_task_write_log: id: <442ab49d66e2cc508a9adc8ebbd9661e@www.austriadoktor24.xyz>, qid: <B0C4527365>, ip: 67.225.182.250, from: <support@shebanin.com>, (default: F (no action): [3.98
/150.00] [HTML_SHORT_LINK_IMG_1(2.00){},HAS_INTERSPIRE_SIG(1.00){},MID_RHS_WWW(0.50){},MX_INVALID(0.50){},FORGED_SENDER(0.30){fbl@office.de;support@shebanin.com;},R_SPF_ALLOW(-0.20){+a;},MIME_GOOD(-0.10){multipart/related;multipart/alter
native;text/plain;},HAS_LIST_UNSUB(-0.01){},ARC_NA(0.00){},ASN(0.00){asn:32244, ipnet:67.225.128.0/17, country:US;},DMARC_NA(0.00){office.de;},FROM_HAS_DN(0.00){},FROM_NEQ_ENVFROM(0.00){fbl@office.de;support@shebanin.com;},HAS_PHPMAILER_
SIG(0.00){},HAS_REPLYTO(0.00){support@shebanin.com;},HAS_X_ANTIABUSE(0.00){},HAS_X_AS(0.00){support@shebanin.com;},HAS_X_GMSV(0.00){support@shebanin.com;},HAS_X_SOURCE(0.00){},MIME_TRACE(0.00){0:+;1:+;2:+;3:~;4:~;},RCPT_COUNT_ONE(0.00){1
;},RCVD_COUNT_TWO(0.00){2;},RCVD_TLS_ALL(0.00){},RCVD_VIA_SMTP_AUTH(0.00){},REPLYTO_DOM_NEQ_FROM_DOM(0.00){},R_DKIM_NA(0.00){},TO_DN_ALL(0.00){},TO_MATCH_ENVRCPT_ALL(0.00){}]), len: 196436, time: 2198.909ms, dns req: 41, digest: <2f1b795
0467126566a4420189b4e90b4>, rcpts: <meineMail>, mime_rcpts: <meineMail>
2021-01-22 08:41:30 #45043(normal) <6fdd02>; task; rspamd_protocol_http_reply: regexp statistics: 0 pcre regexps scanned, 4 regexps matched, 187 regexps total, 69 regexps cached, 0B scanned using pcre, 3.91KiB scanned total
Title: Re: RspamD - Spamfunktion
Post by: mimugmail on January 22, 2021, 01:30:17 PM
Hm, der war aber nicht auf ner Blacklist so wie ich das lese ...
Title: Re: RspamD - Spamfunktion
Post by: Cordial on January 22, 2021, 01:57:23 PM
Aktuell ist der Host auch "nur" noch bei 5 Anbietern auf der Blacklist laut Mxtoolbox. Vorhin waren es 6. Evtl. hat sich das überschnitten oder so. War ja nur die eine Mail, was aufgefallen ist.
Title: Re: RspamD - Spamfunktion
Post by: Cordial on February 04, 2021, 08:21:39 AM
Moin,

Ich habe beim RspamD die Symbols Dkim/SPF angepasst, aber irgendwie greifen die nicht. Habe den Rspamdienst natürlich neu gestartet. Hier mal ein Haeder:

Code Select
X-Spamd-Result: default: False [6.90 / 9.00];
ARC_NA(0.00)[];
FROM_HAS_DN(0.00)[];
TO_MATCH_ENVRCPT_ALL(0.00)[];
HTML_SHORT_LINK_IMG_1(2.00)[];
TO_DN_NONE(0.00)[];
DMARC_NA(0.00)[PILLOZDEGAGOY.us];
AUTH_NA(1.00)[];
RCPT_COUNT_ONE(0.00)[1];
MISSING_MID(2.50)[];
SUBJ_EXCESS_QP(1.20)[];
MIME_HTML_ONLY(0.20)[];
R_SPF_NA(0.00)[no SPF record];
RCVD_COUNT_ZERO(0.00)[0];
R_DKIM_NA(0.00)[];
MIME_TRACE(0.00)[0:~];
ASN(0.00)[asn:8075, ipnet:104.40.0.0/13, country:US];
GREYLIST(0.00)[pass,body]
X-Spam: Yes


Hier meine Symboleinstellung zu Dkim/SPF:

https://prnt.sc/y8mv7z
https://prnt.sc/y8mxua

Hab ich was vergessen?
Text only | Text with Images