Incoming Mail is blocked by spamhaus filter while on WHITELIST

[cracker0dks]

Classification

• [X] Deliverability issue

Reproducibility

• [X] Always

Description

Mail gets blocked by spamhaus even if it is allowed by env variable: -e WHITELIST_SPAM_ADDRESSES="out@side.com"

Expected results

Incoming mail from the address

Actual results

2021-02-23T16:41:20.838958+00:00 mail postfix/smtpd[1333]: NOQUEUE: reject: RCPT from hash.dip0.t-ipconnect.de[SenderIpAddress]: 554 5.7.1 Service unavailable; Client host [SenderIpAddress] blocked using zen.spamhaus.org; https://www.spamhaus.org/query/ip/[SenderIpAddress]; from=<out@side.com> to=<mail@mymailserver.com> proto=SMTP helo=<mydomain.com>

Question

How can I get around that filter? Please help, thanks :)

[AndrewSav]

From looking at the code the WHITELIST_SPAM_ADDRESSES setting gets added to /etc/rspamd/local.d/settings.conf If you believe that this is not done correctly, we probably can fix that, we just need to know how to do this correctly. Otherwise it could be rspamd problem and may be they could help better.

I'll try to find some tome to look at what /etc/rspamd/local.d/settings.conf looks like in maiserver after WHITELIST_SPAM_ADDRESSES is added, and read rspamd doco on how this setting is supposed to work, but you are welcome to do this yourself if you do not want to wait for me - if you do please report back here. Any other suggestions are also welcome.

Update:

this is what I end up with in my /etc/rspamd/local.d/settings.conf

whitelist {
  priority = low;
  rcpt = ["test@example.com","another@domain.tld"];
  want_spam = yes;
}

This is the rspamd doco about this file: https://rspamd.com/doc/configuration/settings.html, it seems to be pretty unspecific.

In DEBUG_MODE I can see this lines from rspamd:

mailserver      | 2021-02-23T19:09:21.781680+00:00 mail rspamd[1159]: <78z3bq>; cfg; rspamd_config_register_settings_id: register new settings id 1792875810 (whitelist)
mailserver      | 2021-02-23T19:09:21.784052+00:00 mail rspamd[1159]: <78z3bq>; lua; settings.lua:1038: loaded 1 elements of settings

This seems to indicate that the white list settings were successfully loaded by rspamd.

Googling around whitelist and rspamd reveals that a simple whitelisting is not trivial in rspamd.

See 1 2 3.

My conclusion, is that this definitely can be improved but unlikely in the context of "minimal maintenance", it looks what is required is to understand how rspamd whitelisting works, and then implementing it and testing it in the mailserver. Another avenue to pursue may be to try and get help with rspamd community, to understand why the /etc/rspamd/local.d/settings.conf whitelist does not do what it seems to intend to be doing, although, it's quite possible that it's not what it seems it is, the documentation does not quite spell it out.

Any help appreciated.

[cracker0dks]

Thanks for your help. My /etc/rspamd/local.d/settings.conf is looking the same but this has no impact. I also get this message on server start: [INFO] out@side.com added to rspamd whitelist So this should be ok. I will give it an other try tomorrow.

[sknight80]

@cracker0dks any luck?

[cracker0dks]

No, but I think this might not even be a rspamd problem because this mail is not even showing in the rspamd webgui. I also added the IP to /etc/rspamd/local.d/ip_whitelist.map doc and this also had no effect. The log also says ...postfix/smtpd[1333]: NOQUEUE: reject... isn't that a hint that this is blocked by postfix ?

EDIT: Found this: https://discourse.mailinabox.email/t/help-with-noqueue-rejects/4115 so I will try the solution given

[sknight80]

Oh yeah, now I remember! The custom RBL list. In the past or maybe somewhere, I still have some solution for this. Let me look at tonight. If I do have one, I will create a PR.

[cracker0dks]

@sknight80 thanks, that would be great 👍

[sknight80]

@cracker0dks you are lucky! I have that modification. Let me create a PR.

CC: @AndrewSav

[AndrewSav]

Can some one other than @sknight80 confirm it works? I did not have this problem so it's harder for me to test.

[sknight80]

Yes. Will doa test on one of my server. Will report back

[sknight80]

I merged the changes and I think it is available under v1.1.7 version. @AndrewSav , @SaraSmiseth am I right?

[SaraSmiseth]

Github release and tag looks good.

You forgot to push it to https://hub.docker.com/r/mailserver2/mailserver/tags?page=1&ordering=last_updated

See https://github.com/mailserver2/mailserver/blob/master/VERSIONING.md

[sknight80]

Right! I fixed it! :)

[cracker0dks]

Thanks for your work. I tested it and it still don't work in my case. Same msg: Client host [SenderIpAddress] blocked using zen.spamhaus.org; https://www.spamhaus.org/query/ip/[SenderIpAddress]; from=<out@side.com> to=<mail@mymailserver.com> proto=SMTP helo=<mydomain.com Is this because it blocks the SenderIpAddress ? So I need to whitelist the IP? If so, the problem is that this is not coming from a static IP, can I also Whitelist a subnet? I already set it at: -e RELAY_NETWORKS="87.192.0.0/10" ... so this mail should go through anyway (but isn't). Thanks for your support.

[sknight80]

How does it look like your rbl_override file?

[sknight80]

You can add domain name to the rbl_override file, for example:

10.10.10.10 OK
12.23.34.45 OK
mail.freemailer.tld OK
domain.com OK

Have you tried this one?

[cracker0dks]

My rbl_override was empty (Should it not?). I added my domains, and the subnet but did not work, same message as before.

[AndrewSav]

@cracker0dks, sorry we did not get any traction here, I was wondering what you ended up with? Did you mange to make it work, or have you moved on? I still stand by my earlier comment, if the improvements done by sknight80 did not work for you. I just wanted to confirm how you dealt with this in the end.

[cracker0dks]

No problem. Not working still. I've ended up with a workaround not using email at all^^

[AndrewSav]

Ok, based on this I'm closing this for now, if anyone comes across a similar issue and can help help work with rspamd, please open a new one, with a good description what's happening, and what rspamd settings we should have that we do not already have. Thanks.