On mån, 2024/09/16 at 11:41:24 +0200, Richard via dovecot wrote:
On 16.09.24 09:50, Sirius wrote:
On sön, 2024/09/15 at 14:30:19 +0200, Richard via dovecot wrote:
[snip]
I do the same as you.
Not exactly. I'm on rspamd 3.9.1-1~82f43560f~bookworm. From rspamd's repo.
Ah, that may be the source of your problems.
I have this in the plugin {} section of dovecot.conf:
# This will automatically move spam into Junk/ and when you move a message # into Junk, it will tell rspamd that it is spam for Bayes learning. Moving # false positives out of Junk/ will teach rspamd that it is ham. sieve_plugins = sieve_imapsieve sieve_extprograms sieve_extensions = +editheader +imapflags +mboxmetadata +notify +servermetadata +spamtest +spamtestplus +virustest
I only have sieve_global_extensions enabled. As user scripts aren't supposed to be able to access external programs I don't see any benefit configuring that setting
I did it in case I want to have stricter personal settings than the rest of my family. The default global sieve cuts spam off at a score of 10. Personally, I may end up lowering that to 8.0-8.5 somewhere.
[snip]
sieve_global_extensions = +vnd.dovecot.pipe +vnd.dovecot.environment
I only had +vnd.dovecot.pipe in here. Let's the if adding +vnd.dovecot.environment changes anything.
sieve_spamtest_status_type = score sieve_spamtest_status_header = X-Spam_score: (-?[[:digit:]]+\.[[:digit:]]) sieve_spamtest_max_value = 6 sieve_before = /etc/dovecot/sieve/global-spam.sieve
I never configured these. What are their use? I've just set up another sieve script (which seems to be working just fine) to sort out all messages marked as spam into the users junk directory. Is this just to do that?
This comes from https://github.com/darix/dovecot-sieve-antispam-rspamd/ which is what I ended up adapting as it was not an exact match for my environment.
First two lines does the spam testing based on the score rspamd have assigned the incoming message (hence the last three sieve extensions in the section above).
The only other thing was to get the password out of /etc/rspamd/worker-controller.inc and put it in /etc/dovecot/rspamd-controller.password (or whatever file your learn-{sp,h}am script points at to get the password). It needed to be pointed at 127.0.0.1:11334 for the socket.
What is the password needed for? Because manually executing rspamc doesn't ask for some password either. The worker-controller.inc does point at 127.0.0.1 and ::1, but no port seems to be configured.
When you connect to rspamd controller (port 11334), it is authenticated. Presumably so that not just anyone can report spam/ham and mess up the scoring. If it runs only on loopback and there is no port-forwarding, authentication is perhaps unnecessary, but it makes sense to have it enabled anyway if someone else can log into the system as a regular user.
root@debian:~# cat /etc/dovecot/rspamd-controller.conf.sh # Path to file containing the controller password # (Or, if it doesn't start with '/' or '.', the password itself. # But it might leak the password through ps to other users) RSPAMD_CONTROLLER_PASSWORD=/etc/dovecot/rspamd-controller.password # passed to rspamc with the -h option (host and port) RSPAMD_CONTROLLER_SOCKET=127.0.0.1:11334 # if set uses curl instead of rspamc; should start with http: or https: RSPAMD_CONTROLLER_HOST= # classifier to learn for (default by rspamc: bayes), e.g.
bayes_userRSPAMD_CLASSIFIER=bayesFrom what I remember, it was somewhat fiddly to get this working as I was not intimately familiar with rspamd, nor dovecot or sieve, but this works and it works well. Relatively low incident rate of false positives after a some weeks.
We used to have the same for quite a while now, without needing any of that. I guess the last rspamd update was just borked that much that it won't work for the time being. Some messages aren't even processed at all...
Worth checking how rspamc calls into rspamd (maybe you use a socket in /run or similar) and see if they have defaulted to authentication on for the sockets. Or roll rspamd back to previous version for the time being.
-- Kind regards,
/S