Postfix <-> rspamd integration

Started by Taym, February 09, 2021, 03:49:01 PM

Previous topic - Next topic
Print
Go Down Pages1 2
User actions
February 09, 2021, 03:49:01 PM Last Edit: February 09, 2021, 03:51:57 PM by Taym
Hello everyone,

Apologies as I am sure this is quite basic, but I am new to Postfix-rspamd integration and I could not find an answer so far. How do you tell postfix to scan all incoming mail with rspamd, precisely, in opnSense of course?

Both Postfix and rspamd are up and running, but they appear not to be talking to each other.

I can confirm that Postfix is successfully receiving mail and sending it to my internal mail-server.
I can also confirm rspamd is also up and running: I have activated its webGui (thanks to help received here on the forum), and there I can see it is in fact not yet scanning anything.

Thank you!
Taym
February 09, 2021, 05:42:01 PM #1
What does rspamd log tell?
February 09, 2021, 10:58:14 PM #2
Thank you for replying.

Where do I find the log? There's no log that I can find in the openSense GUI.
Taym
February 10, 2021, 04:44:39 PM #3
Bump. :)

To focus my question a bit more: where do you tell Postfix to use rspamd, precisely?
I simply checked the "Enable rspamd inegration" box in the Antispam tab. Not sure this is enough.
Taym
February 11, 2021, 04:47:11 PM #4
I followed these steps and it worked for me:
https://docs.opnsense.org/manual/how-tos/mailgateway.html


All services (redis, clamav, rspamd, postfix) must of course be enabled and the milter protocol should be kept on the "IPv6" setting. You actually enable rspamd in the Antispam tab of the postfix settings.
February 11, 2021, 07:20:38 PM #5
Quote from: Taym on February 10, 2021, 04:44:39 PM
Bump. :)

To focus my question a bit more: where do you tell Postfix to use rspamd, precisely?
I simply checked the "Enable rspamd inegration" box in the Antispam tab. Not sure this is enough.
That's enough
Just tick that
(Unoffial Community) OPNsense Telegram Group: https://t.me/joinchat/0o9JuLUXRFpiNmJk

PM for paid support
February 11, 2021, 09:24:40 PM #6
Quote from: Taym on February 10, 2021, 04:44:39 PM
Bump. :)

To focus my question a bit more: where do you tell Postfix to use rspamd, precisely?
I simply checked the "Enable rspamd inegration" box in the Antispam tab. Not sure this is enough.

tail -f /var/log/rspamd/rspamd.log
February 12, 2021, 08:08:31 PM #7
Quote from: lfirewall1243 on February 11, 2021, 07:20:38 PM
Just tick that

Thanks. Issue is somewhere else then.
Taym
February 12, 2021, 08:28:25 PM #8 Last Edit: February 13, 2021, 12:54:33 AM by Taym
Quote from: mimugmail on February 11, 2021, 09:24:40 PM
tail -f /var/log/rspamd/rspamd.log

Thank you so much. Here it is:

Code Select
root@Argonath:/ # 2021-02-12 20:25:14 #45692(rspamd_proxy) <71cab1>; proxy; proxy_milter_error_handler: abnormally closing milter connection from: 127.0.0.1:11784, error: invalid protocol version: 4
Missing name for redirect.
root@Argonath:/ # 2021-02-12 20:25:21 #45692(rspamd_proxy) <e0475b>; proxy; proxy_accept_socket: accepted milter connection from 127.0.0.1 port 25664
Missing name for redirect.
root@Argonath:/ # 2021-02-12 20:25:21 #45692(rspamd_proxy) <e0475b>; milter; rspamd_milter_process_command: MTA specifies too old protocol: 4, aborting connection
Missing name for redirect.
root@Argonath:/ # 2021-02-12 20:25:21 #45692(rspamd_proxy) <e0475b>; proxy; proxy_milter_error_handler: abnormally closing milter connection from: 127.0.0.1:25664, error: invalid protocol version: 4
Missing name for redirect.
root@Argonath:/ # 2021-02-12 20:25:22 #45692(rspamd_proxy) <153dec>; proxy; proxy_accept_socket: accepted milter connection from 127.0.0.1 port 40959
Missing name for redirect.
root@Argonath:/ # 2021-02-12 20:25:22 #45692(rspamd_proxy) <153dec>; milter; rspamd_milter_process_command: MTA specifies too old protocol: 4, aborting connection
Missing name for redirect.
root@Argonath:/ # 2021-02-12 20:25:22 #45692(rspamd_proxy) <153dec>; proxy; proxy_milter_error_handler: abnormally closing milter connection from: 127.0.0.1:40959, error: invalid protocol version: 4
Missing name for redirect.
root@Argonath:/ # 2021-02-12 20:25:22 #45692(rspamd_proxy) <f9594e>; proxy; proxy_accept_socket: accepted milter connection from 127.0.0.1 port 2579
Missing name for redirect.
root@Argonath:/ # 2021-02-12 20:25:22 #45692(rspamd_proxy) <f9594e>; milter; rspamd_milter_process_command: MTA specifies too old protocol: 4, aborting connection
Missing name for redirect.
root@Argonath:/ # 2021-02-12 20:25:22 #45692(rspamd_proxy) <f9594e>; proxy; proxy_milter_error_handler: abnormally closing milter connection from: 127.0.0.1:2579, error: invalid protocol version: 4
Missing name for redirect.
root@Argonath:/ # 2021-02-12 20:25:35 #45692(rspamd_proxy) <21bb20>; proxy; proxy_accept_socket: accepted milter connection from 127.0.0.1 port 13861
Missing name for redirect.
root@Argonath:/ # 2021-02-12 20:25:35 #45692(rspamd_proxy) <21bb20>; milter; rspamd_milter_process_command: MTA specifies too old protocol: 4, aborting connection
Missing name for redirect.
root@Argonath:/ # 2021-02-12 20:25:35 #45692(rspamd_proxy) <21bb20>; proxy; proxy_milter_error_handler: abnormally closing milter connection from: 127.0.0.1:13861, error: invalid protocol version: 4
Missing name for redirect.
Taym
February 12, 2021, 08:39:00 PM #9
Have you enabled "shared forwarding" under your Firewall -> settings -> advanced?
(Unoffial Community) OPNsense Telegram Group: https://t.me/joinchat/0o9JuLUXRFpiNmJk

PM for paid support
February 12, 2021, 10:41:48 PM #10 Last Edit: February 12, 2021, 11:49:46 PM by Taym
Quote from: lfirewall1243 on February 12, 2021, 08:39:00 PM
Have you enabled "shared forwarding" under your Firewall -> settings -> advanced?
Yes. "Shared forwarding" is enabled. And, as far as I remember it has always been, as I never changed that.
Taym
February 13, 2021, 12:56:30 AM #11
Code Select

2021-02-13 00:55:15 #45692(rspamd_proxy) <6a4283>; proxy; proxy_milter_error_handler: abnormally closing milter connection from: 127.0.0.1:11396, error: invalid protocol version: 4
2021-02-13 00:55:18 #45692(rspamd_proxy) <144587>; proxy; proxy_accept_socket: accepted milter connection from 127.0.0.1 port 63305
2021-02-13 00:55:18 #45692(rspamd_proxy) <144587>; milter; rspamd_milter_process_command: MTA specifies too old protocol: 4, aborting connection
2021-02-13 00:55:18 #45692(rspamd_proxy) <144587>; proxy; proxy_milter_error_handler: abnormally closing milter connection from: 127.0.0.1:63305, error: invalid protocol version: 4


One more check to the log, in case it helps.
Taym
February 13, 2021, 06:29:01 AM #12
Is this the latest version? Which settings do you have in anti spam Tab in postfix plugin?
February 13, 2021, 11:37:13 AM #13
I believe they are the latest version you can get from within opnSense itself (Firmware -> Plugin / Packages / Updates).
In particular
Postfix 1.17
rspamd 1.10
Redis 1.1

In Postfix plugin:
Services -> Postfix -> General
Antispam tab
I have only two items
- Enable Rspamd integration: CHECKED
- Milter IP version: IPv4 (only other option being IPv6).

Taym
February 13, 2021, 11:43:47 AM #14
Ok, I switched the Milter IP Version to "IPv6" and it appears to be working!
I am confused as to what it is meant in by "IPv6" but... it is working!
Taym
Print
Go Up Pages1 2
User actions