Messages

I have:

https://openphish.com/feed.txt
http://data.phishtank.com/data/online-valid.csv

... isn't working because of typo:

Code Select Expand

whitelist_ip

should be

Code Select Expand

whitelisted_ip

https://rspamd.com/doc/modules/greylisting.html

Regards

See Page 29, the whole manual is a good read.

https://www.heinlein-support.de/sites/default/files/SLAC_2019_Rspamd-neue-Konzepte-im-AntiSpam.pdf

[override.d]

Thanks again.

Is this the file? I'm asking because it is in a different location than you indicated.

Thanks!

Just create that folder override.d

https://rspamd.com/doc/faq.html#what-are-the-locald-and-overrided-directories

Thank you so much!
(I wonder why isn't the WebGUI acrive by default?)

Good question, tbh I don't know.

[/usr/local/etc/rspamd/override.d/worker-controller.inc]

Hello you, there is a handy WebGUI for Rspamd, but its hidden and you need to tinker a bit to make it visible.

1. First you need to create a file in

/usr/local/etc/rspamd/override.d/worker-controller.inc

with this:

bind_socket = "*:11334";

2. restart rspamd, now the WebGUI should be reachable via

http://192.168.100.1:11334 (IP should the LAN IP of your firewall)

https://rspamd.com/webui/

3. If you like a nice Link in the service section of the WebUI, create another file in:

/usr/local/opnsense/mvc/app/models/OPNsense/Links/Menu/Menu.xml (missing folders must be created)

with this content:

<menu>
    <Services>
        <Rspamd-Web VisibleName="Rspamd Web" cssClass="fa fa-envelope fa-fw" isExternal="Y" url="http://192.168.100.1:11334/" />
    </Services>
</menu>

(same here, IP should the LAN IP of your firewall)

now execute following command in the shell:

/usr/local/etc/rc.configure_plugins

4 . Refresh your browser, there should now be a link in services like here:



5. Or just tail the rspamd log

tail -f /var/log/rspamd/rspamd.log

Hope that was helpful. ;)

There is a way, where your edits will survive a plugin/system update:

https://docs.opnsense.org/development/backend/templates.html

Still it would be 1000 times better, to have this in the WebGUI as an option.

[/usr/local/opnsense/service/templates/OPNsense/Proxy/]

Do these settings remain after a reboot?

Yes they do if you edit the template files in

/usr/local/opnsense/service/templates/OPNsense/Proxy/

files in

/usr/local/etc/squid

will not, but a os-web-proxy update will overwrite them here as well.

I not 100% on this, but it may help.
https://forum.opnsense.org/index.php?topic=6516.msg27986#msg27986

Unfortunately, in this case it will not work.

Maybe a little late but anyway  ;D

https://forum.opnsense.org/index.php?topic=21045.0

[Services: Web Proxy: Administration]

Long time lurker, first time poster.

Coming from pfSense to OPNSense, still trying making things to how I'm used to. In pfSense there is a option in Squid, where you can enable SSL inspection with custom config, which let you do things like SSLBump on the LAN interface and just Splice on the WIFI interface. So you don't get TLS errors about brocken certificates and so on, but sill maintain a layer of protection with SNI and acl blacklisting.

Unfortunately in OPNSense there is no such option for the Web Proxy, but with a little tinkering I figured out how to make it here work as well.

We need to modify one file, which maybe get overwrite on updates, but any way here we go:

1. In Services: Web Proxy: Administration, enable Enable SSL inspection apply.

2. You need to edit /usr/local/opnsense/service/templates/OPNsense/Proxy/squid.conf

from

# setup ssl bump acl's
acl bump_step1 at_step SslBump1
acl bump_step2 at_step SslBump2
acl bump_step3 at_step SslBump3
acl bump_nobumpsites ssl::server_name "/usr/local/etc/squid/nobumpsites.acl"

# configure bump
{% if helpers.exists('OPNsense.proxy.forward.sslurlonly') and OPNsense.proxy.forward.sslurlonly == '1' %}
ssl_bump peek bump_step1 all
ssl_bump splice all
ssl_bump peek bump_step2 all
ssl_bump splice bump_step3 all
ssl_bump bump

{% else %}
ssl_bump peek bump_step1 all
ssl_bump peek bump_step2 bump_nobumpsites
ssl_bump splice bump_step3 bump_nobumpsites
ssl_bump stare bump_step2
ssl_bump bump bump_step3
{% endif %}

to

# setup ssl bump acl's
acl bump_step1 at_step SslBump1
acl bump_step2 at_step SslBump2
acl bump_step3 at_step SslBump3
acl bump_nobumpsites ssl::server_name "/usr/local/etc/squid/nobumpsites.acl"
acl splice_only src 10.10.10.0/24
acl splice_only src 10.10.20.9
acl splice_only src 192.168.0.13

# configure bump
{% if helpers.exists('OPNsense.proxy.forward.sslurlonly') and OPNsense.proxy.forward.sslurlonly == '1' %}
ssl_bump peek bump_step1 all
ssl_bump splice all
ssl_bump peek bump_step2 all
ssl_bump splice bump_step3 all
ssl_bump bump

{% else %}
ssl_bump peek bump_step1 all
ssl_bump peek bump_step2 bump_nobumpsites
ssl_bump peek bump_step2 splice_only
ssl_bump splice bump_step3 bump_nobumpsites
ssl_bump splice bump_step3 splice_only
ssl_bump stare bump_step2
ssl_bump bump bump_step3
{% endif %}

and save the changes. (bold)

3. Next in Services: Web Proxy: Administration, just hit apply.

Now you should have full SSL inspection everywhere, expect on clients in the 10.10.10.0/24 network or single IPs like 10.10.20.9 and 192.168.0.13 which only get spliced, so they don't need a cert to be installed and thus have no cert errors.

Hope someone will find this useful, maybe a dev can make this as an option in the WebGUI of the Web Proxy.

Thanks