From 4116c046bc733159dde3bcf19fdb5ea6c1c84d20 Mon Sep 17 00:00:00 2001 From: Alberto Bertogli Date: Mon, 1 Jun 2020 20:08:16 +0100 Subject: [PATCH] hooks: Ignore rspamd's greylist action The default hook will use rspamc (the command-line client of rspamd) if it is installed. rspamc will emit one suggested action, and then the hook will interpret it and return accordingly. Because the possible actions returned by rspamc are user-configured, this patch adds a comment to make it clear that the hook will need adjustment if the configuration uses non-default actions. In particular, the greylisting module (which usually handles the "greylist" action) is not run when using rspamc. This can cause unnecessary rejections and is quite misleading. This patch removes the "greylist" action handling; now the default hook will only reject mail once it reaches rspamd's configured threshold for direct rejection. In the future, a more custom integration with rspamd might be added to allow for rspamd-based greylisting, but until then this is a more reasonable default. Thanks to Jonas Seydel (thor77) and Max Mazurov (fox.cpp@disroot.org) for noticing this issue, helping investigate, and discussing the course of action. --- etc/chasquid/hooks/post-data | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/etc/chasquid/hooks/post-data b/etc/chasquid/hooks/post-data index 87fa507..ef23de6 100755 --- a/etc/chasquid/hooks/post-data +++ b/etc/chasquid/hooks/post-data @@ -48,12 +48,14 @@ fi if command -v rspamc >/dev/null; then + # Note the actions emitted by rspamc come from the thresholds + # configured in /etc/rspamd/actions.conf. + # The ones handled here are common defaults, but they might require + # adjusting to match your rspamd configuration. + # Note that greylisting is disabled in rspamc by design, so the + # "greylist" action is ignored here to prevent false rejections. ACTION=$( rspamc < "$TF" 2>/dev/null | grep Action: | cut -d " " -f 2- ) case "$ACTION" in - greylist) - echo "greylisted, please try again" - exit 75 # temporary error - ;; reject) echo "spam detected" exit 20 # permanent error