git » chasquid » commit 4116c04

hooks: Ignore rspamd's greylist action

author Alberto Bertogli
2020-06-01 19:08:16 UTC
committer Alberto Bertogli
2020-06-01 20:05:02 UTC
parent b6248f3089d7df93035bbbc0c11edf50709d5eb0

hooks: Ignore rspamd's greylist action

The default hook will use rspamc (the command-line client of rspamd) if
it is installed. rspamc will emit one suggested action, and then the
hook will interpret it and return accordingly.

Because the possible actions returned by rspamc are user-configured,
this patch adds a comment to make it clear that the hook will need
adjustment if the configuration uses non-default actions.

In particular, the greylisting module (which usually handles the
"greylist" action) is not run when using rspamc. This can cause
unnecessary rejections and is quite misleading.

This patch removes the "greylist" action handling; now the default hook
will only reject mail once it reaches rspamd's configured threshold for
direct rejection.

In the future, a more custom integration with rspamd might be added to
allow for rspamd-based greylisting, but until then this is a more
reasonable default.

Thanks to Jonas Seydel (thor77) and Max Mazurov (fox.cpp@disroot.org)
for noticing this issue, helping investigate, and discussing the course
of action.

etc/chasquid/hooks/post-data +6 -4

diff --git a/etc/chasquid/hooks/post-data b/etc/chasquid/hooks/post-data
index 87fa507..ef23de6 100755
--- a/etc/chasquid/hooks/post-data
+++ b/etc/chasquid/hooks/post-data
@@ -48,12 +48,14 @@ fi
 
 
 if command -v rspamc >/dev/null; then
+	# Note the actions emitted by rspamc come from the thresholds
+	# configured in /etc/rspamd/actions.conf.
+	# The ones handled here are common defaults, but they might require
+	# adjusting to match your rspamd configuration.
+	# Note that greylisting is disabled in rspamc by design, so the
+	# "greylist" action is ignored here to prevent false rejections.
 	ACTION=$( rspamc < "$TF" 2>/dev/null | grep Action: | cut -d " " -f 2- )
 	case "$ACTION" in
-		greylist)
-			echo "greylisted, please try again"
-			exit 75  # temporary error
-			;;
 		reject)
 			echo "spam detected"
 			exit 20  # permanent error