Authentication Bypass in MailboxImportServlet vulnerability (reminder)
https://blog.zimbra.com/2022/08/authentication-bypass-in-mailboximportservlet-vulnerability/

Rspamd: Fast, free and open-source spam filtering system

Discuss your pilot or production implementation with other Zimbra admins or our engineers.
imx
Advanced member
Advanced member
Posts: 142
Joined: Sat Sep 13, 2014 12:30 am

Re: Rspamd: A replacement for Spamassassin & Postscreen

Postby imx » Tue Jul 26, 2022 9:53 am

I've noticed that when I mark something as 'SPAM' from a regular email account, the transfer to the spam training account is caught/soft rejected by RSpamd - so it never makes it to the training account.

Whitelisting the IP address won't really work, i.e the server IP address, as this would then whitelist outbound email from the web mail. Is there a way to ignore the training accounts ( zmprov -l gacf zimbraAmavisQuarantineAccount zimbraSpamIsSpamAccount zimbraSpamIsNotSpamAccount) that I've missed?

I ran a search through this thread, but didn't find anything. I guess I'll start reading the 22+ pages....


imx
Advanced member
Advanced member
Posts: 142
Joined: Sat Sep 13, 2014 12:30 am

Re: Rspamd: A replacement for Spamassassin & Postscreen

Postby imx » Tue Jul 26, 2022 10:52 am

https://rspamd.com/doc/configuration/settings.html

Presumably a local settings override for the training accounts:

Code: Select all

whitelist {
   priority = low;
   rcpt = "postmaster@example.com";
   want_spam = yes;
}


.....want_spam option. This option disable ALL Rspamd rules, even history or data exporting. Actually, it is a full bypass of all Rspamd processing


EDIT:

Yup, then it works as it should:

Code: Select all

20220726105705 Starting spam/ham extraction from system accounts.
2022-07-26 10:57:07,642 [main] INFO : Total messages processed: 1
2022-07-26 10:57:09,828 [main] INFO : Total messages processed: 1


Code: Select all

su - zimbra
zmprov -l gacf zimbraAmavisQuarantineAccount zimbraSpamIsSpamAccount zimbraSpamIsNotSpamAccount


vi /etc/rspamd/local.d/settings.conf

Code: Select all

training_spam {
   priority = low;
   rcpt = "spam.xxxxxxx@mail.xxxxx.com";
   want_spam = yes;
}

training_ham {
   priority = low;
   rcpt = "ham.xxxxxx@mail.xxxxxx.com";
   want_spam = yes;
}

virus_quarantine {
   priority = low;
   rcpt = "virus-quarantine.xxxxx@mail.xxxxxx.com";
   want_spam = yes;
}


Code: Select all

rspamadm configtest
syntax OK


... then restart rspam
phoenix
Ambassador
Ambassador
Posts: 27085
Joined: Fri Sep 12, 2014 9:56 pm
Location: Liverpool, England

Re: Rspamd: A replacement for Spamassassin & Postscreen

Postby phoenix » Tue Jul 26, 2022 11:08 am

I don't use that file and I've never had any problem sending an email to the Junk folder. Ffor marking domains and individual email addresses as spam I use the following:

https://gist.github.com/kvaps/25507a87dc287e6a620e1eec2d60ebc1
Regards

Bill

Rspamd: A high performance spamassassin replacement

Per ardua ad astra
imx
Advanced member
Advanced member
Posts: 142
Joined: Sat Sep 13, 2014 12:30 am

Re: Rspamd: A replacement for Spamassassin & Postscreen

Postby imx » Tue Jul 26, 2022 11:12 am

phoenix wrote:I don't use that file and I've never had any problem sending an email to the Junk folder. Ffor marking domains and individual email addresses as spam I use the following:

https://gist.github.com/kvaps/25507a87dc287e6a620e1eec2d60ebc1


I suspect you would with HAM training, i.e the reverse, if it's already been caught as spam, ending up in the junk folder, its not going to let you redirect/mark as HAM... I would suspect.

Anyway, it's there if anyone else needs/wants it. Seems silly to NOT tell it to skip the training accounts, in my view.
phoenix
Ambassador
Ambassador
Posts: 27085
Joined: Fri Sep 12, 2014 9:56 pm
Location: Liverpool, England

Re: Rspamd: A replacement for Spamassassin & Postscreen

Postby phoenix » Tue Jul 26, 2022 11:23 am

imx wrote:I suspect you would with HAM training, i.e the reverse, if it's already been caught as spam, ending up in the junk folder, its not going to let you redirect/mark as HAM... I would suspect.
No, the reverse is possible and, again, marking something as not spam doesn't have any effect other than moving it to the Inbox etc.

imx wrote:Anyway, it's there if anyone else needs/wants it. Seems silly to NOT tell it to skip the training accounts, in my view.
AFAIK, the settings file is for applying more/different settings to inbound mail other than it's just "spam" and, as I mentioned, I don't use that feature as it's not applicable to my inbound email but I can see why it would be useful in a larger environment.
Regards

Bill

Rspamd: A high performance spamassassin replacement

Per ardua ad astra
imx
Advanced member
Advanced member
Posts: 142
Joined: Sat Sep 13, 2014 12:30 am

Re: Rspamd: A replacement for Spamassassin & Postscreen

Postby imx » Tue Jul 26, 2022 11:32 am

phoenix wrote:No, the reverse is possible and, again, marking something as not spam doesn't have any effect other than moving it to the Inbox etc.


If I click 'Not Spam' from the Junk folder in the web UI it automatically forwards the email to the ham training account - as well as moving it to the Inbox - also if I just move an email out of the Junk box, it does the same. I can see it in the rspam history logs.

... but hey, perhaps my deployment is just some weird exception.

Return to “Administrators”

Who is online

Users browsing this forum: Google [Bot] and 37 guests