rspamd icon indicating copy to clipboard operation
rspamd copied to clipboard

Published 20 hours ago verified publisher icon rspamd

[BUG] Confusing headers when mails are forwarded internally

Open cruftex opened this issue 6 months ago • 3 comments

Prerequisites

  • [x] Put an X between the brackets on this line if you have done all of the following:
    • Read about bug reporting in general: https://rspamd.com/doc/faq.html#how-to-report-bugs-found-in-rspamd
    • Enabled relevant debugging logs: https://rspamd.com/doc/faq.html#how-to-debug-some-module-in-rspamd
    • Checked the FAQs about Core files in case of fatal crash: https://rspamd.com/doc/faq.html#how-to-figure-out-why-rspamd-process-crashed
    • Tried ASAN package and obtained the ASAN report (if possible): https://rspamd.com/doc/faq.html#asan-builds
    • Checked that your issue isn't already filed: https://github.com/issues?utf8=%E2%9C%93&q=is%3Aissue+user%3Arspamd
    • Checked that there is not already an experimental package or master branch

Describe the bug

I am receiving mails from a contact form and then have a sieve rule to forward those to another mailbox. The incoming mails are not marked as spam because of IP whitelist. The forwarded mail is marked as spam.

This bug is about the resulting mail headers in this case. Which are:

X-Rspamd-Action: no action
X-Rspamd-Server: hugo
X-Rspamd-Queue-Id: 26FAB3ECFB
X-Spamd-Result: default: False [0.90 / 15.00];
	R_SPF_FAIL(1.00)[-all];
	MIME_GOOD(-0.10)[text/plain];
	MIME_TRACE(0.00)[0:+];
	TO_DOM_EQ_FROM_DOM(0.00)[];
	FREEMAIL_REPLYTO(0.00)[gmail.com];
	ASN(0.00)[asn:24940, ipnet:157.192.0.0/16, country:DE];
	IP_WHITELIST(0.00)[157.192.21.224];
	REPLYTO_DOM_NEQ_FROM_DOM(0.00)[];
	R_DKIM_NA(0.00)[];
	FROM_HAS_DN(0.00)[];
	FROM_EQ_ENVFROM(0.00)[];
	HAS_REPLYTO(0.00)[[email protected]]
X-Rspamd-Pre-Result: action=no action;
	module=multimap;
	Matched map: IP_WHITELIST
X-Spam: Yes

Steps to Reproduce

  1. Enable extended headers
    "milter_headers": {
        "extended_spam_headers": true,
        "use": []
    },
  1. Setup forwarding from incoming mail to another internal user/mailbox
  2. IP whitelist the originating server
  3. Send mail with reply-to set to external mail address (contact form behavior)

Expected behavior

I expect that, if a header is added (X-Spam), the extended_spam_headers will show the corresponding cause.

From studying the documentation and setup, I assume that the "X-Spam" header is working independent of the extended headers. Maybe the documentation can be improved to make this clearer.

Versions

3.7.4 on Ubuntu 22.04

cruftex avatar Feb 13 '24 04:02 cruftex

I investigated this further.

The documentation of extended_spam_headers says:

Add “extended Rspamd headers” to messages [NOT originated from authenticated users or our_networks](https://www.rspamd.com/doc/modules/milter_headers.html#scan-results-exposure-prevention) (default false)

And then the link says:

If desired, the [extended_headers_rcpt](https://www.rspamd.com/doc/modules/milter_headers.html#extended_headers_rcpt-162) option can be used to include the extended Rspamd headers in messages sent to specific recipients or domains, such as a list of domains the mail server is responsible for.

I added this as recommended. Now my milter_header.conf is:

# Add "extended Rspamd headers" (default false) (enables x-spamd-result, x-rspamd-server & x-rspamd-queue-id routines)
extended_spam_headers = true;

# When extended_spam_headers is enabled, also add extended Rspamd headers to messages if EVERY envelope recipient match this list (e.g. a list of domains mail server responsible for).
extended_headers_rcpt = ["@example.com"];

Now I get the desired result.

I wonder whether this is actually a good way to approach this problem. My instinct says that it maybe makes more sense to remove those headers, for mails that is really outbound, e.g. in the postfix settings. However, I am missing an option in rspamd to just always add these headers.

cruftex avatar Feb 13 '24 05:02 cruftex

I really don't understand if you are describing some issue in Rspamd. From a quick look it seems you have a discussion topic (e.g. you don't understand something) and not a problem with Rspamd itself.

vstakhov avatar Feb 14 '24 17:02 vstakhov

@vstakhov From the experience I have with this topic now, I see several things that could be improved in Rspamd and its documentation. If this fits better for you as a discussion topic, feel free to move it.

To clarify, here are the things that I would see as actionable:

spam_header, spam-header, X-Spam

When I Google for "spam_header rspamd" the first match is the milter module. When I use the documentation search, it is the same. When I search for "X-Spam" the first match is milter module, too. I recommend:

  • Document spam_header
  • Add a cross-reference in the milter module, especially at spam-header, that spam_header/X-Spam is a core functionality and not part of milter

I think the "X-Spam" header is quite central concept for a spam filter, it should be documented somehow. Sorry, in case I missed it, that's why I wrote how I searched for it above.

Extended headers not always added

I enabled extended headers, so I know why something is marked and filtered. However, extended headers are not always added when something is marked as spam, because of other logic.

Yes, there might be sensible information leaking out, if mails with this header get sent out externally. But other sensible internal headers should be removed, too. I don't think that is a problem that is best solved at this level.

An option to always add the headers should be added.

Extended headers always replaced

The documentation says "added", however, if previous headers exists, those are replaced. As I understand from the documentation, the setting "remove = 0" is removing all previous headers.

Again, an option to always add the headers should be added :)

cruftex avatar Feb 15 '24 02:02 cruftex