Netino

On 1/10/2024 at 4:36 AM, torettos said:

Yes this is good question ... or better way to filtering incoming and outgoing e-mail?

You can define outgoing limit too, limiting the authenticated user limit:

user: limit per authenticated user (useful for outbound limits)

On 1/7/2024 at 5:29 PM, Plamen K. said:

I understand thank you!

Only one question can you make me know how to make limit from 5 e-mail (for example) for minute for every e-mail?

For exmple:

one@example.com send 3 emails - it's OK

Two@example.com send 300 emails -will be blocked

 

There are some examples here:

https://rspamd.com/doc/modules/ratelimit.html

You can define any arbitrary limit to your server.

# local.d/ratelimit.conf
  rates {
    # Selector based ratelimit
    some_limit = {
      selector = 'user.lower';
      # You can define more than one bucket, however, you need to use array syntax only
      bucket = [
      {
        burst = 100;
        rate = "10 / 1min";
      },
      {
        burst = 10;
        rate = "100 / 1min";
      }]
    }
    # Predefined ratelimit
    to = {
      bucket = {
        burst = 100;
        rate = 0.01666666666666666666; # leak 1 message per minute
      }
    }
    # or define it with selector
    other_limit_alt = {
      selector = 'rcpts:addr.take_n(5)';
      bucket = {
        burst = 100;
        rate = "1 / 1m"; # leak 1 message per minute
      }
    }
  }

As that page mentions, "In Rspamd, the fundamental concept of ratelimiting is known as the leaked bucket principle. This approach can be illustrated as a bucket with a limited capacity and a small hole at the bottom. As messages are received, they accumulate in the bucket and are gradually released through the hole, without any delay but instead are counted. Once the bucket’s capacity has been reached, a temporary rejection is triggered, unless the remaining space is adequate for additional messages to be accepted. Since the messages are continuously leaking, the bucket’s capacity is eventually restored, enabling the processing of new messages after a certain amount of time."

I appreciate the deference, and the memory, thank you!

But to be able to carry out a successful installation, it is necessary to know your email server, in detail how it works: its security, its blocks, its permissions, its redirects, your politics in DKIM, SPF, DMARC, ARC, ..., the problems of your users, and this takes time. And unfortunately I can't help you with this installation, due to a matter of time. I don't have time this month, and I surely won't have time next month either. May be in another, too.
Maybe on the CWP Forum itself, or even on the Rspamd forum, you can find someone who can help you.

I think the easiest way for you would be to install Comodo WAF (web application firewall), via ModSecurity.
Access the CWP Panel -> Security -> ModSecurity. In Profile, choose Comodo WAF, and in Engine, choose to process the rules.
Comodo's WAF rules are recommended to use as they are much simpler and easier to deal with.

10 hours ago, Plamen K. said:

Hello,

thank you for yours answers ... in case if i disabled spamassassin and opendkim won't it be worse than if i use the line provided by Sandeep?
What is the difference and which would you recommend?
Is there a way to monitor outgoing emails from the server and not allow SPAM to be sent?
Last question what would be the best way to control emails? ... free or paid - it doesn't matter.

 

Thank you in advance!

 

By using Rspamd, you are actually replacing spamassassin. So, it is completely unnecessary to use it.
IN the case of Opendkim, you are disabling it, but you are not stopping using Opendkim's entire DKIM framework. you use the same files in Rspamd. So, when any changes occur via the CWP panel, Rspamd recognizes them and uses them.

Which Sandeep "line" are you referring to?

Rspamd consumes much less resources than spamassassin, being much more configurable. You can even use spamassassin rules in Rspamd.

Yes, Rspamd allows monitor outgoing mails, but this can also be done by postfix.
With Rspamd you assign a score, and you can limit the sending of email messages that are above this limit. Or a combination of rules, or any other rule you set.

Of course, if you can pay, and tools are offered to let you know what is happening with your mail messages, yes, is very good, and it would be easier. The point is that most paid antispam gateways offer a standard service.
And if you yourself want to know what you want to do, or need to be done, setting up your own antispam server is better.
In terms of effectiveness and efficiency, the difference precision between a paid server and a Rspamd is negligible. A well configured Rspamd server can learn very well from  theis artificial intelligence algorith (Rspamd Neural Networks), or bayesian score, and there would be no qualitative difference between them. We are potentially talking about numbers on the order of 10^e-4 difference. But for you to make a good configuration it may take some time, on the order of a few months, for you to reach an optimal level. Maybe we didn't have the spamtrap network that paid companies have, and that could make a difference. The use of anti-spam blacklists is not recommended. But you can use the postfix postscreen tool, and make a reputation server, based on a mix score of antispam blacklists.

And, yes, as more processing capacity, better to use more resources in Rspamd, and this cost money, anyway.

It seems like a good configuration, except for the parameter:
tmp_table_size = 64MB

This resource is used per connection, so it should be calculated as follows:
tmp_table_size = [total memory available] / max_connections

For a server with 4Gb total memory, with max_connections = 200, it should be something around:
tmp_table_size = 20.5Mb

Or, reduce max_connections to a more realistic number, compatible with the user's needs.

All of the following parameters must be considered per connection:
sort_buffer_size
read_buffer_size
read_rnd_buffer_size
join_buffer_size
thread_stack
binlog_cache_size
tmp_table_size

The following parameters make up the base memory consumed by mariadb, which is consumed only once:
key_buffer_size
query_cache_size
innodb_buffer_pool_size
innodb_additional_mem_pool_size
innodb_log_buffer_size

You can use the following script to calculate the total memory to be consumed by mariadb/mysql, included per connection:

#!/bin/sh
# you might want to add some user authentication here
mysql -e "show variables; show status" | awk '
{
VAR[$1]=$2
}
END {
MAX_CONN = VAR["max_connections"]
MAX_USED_CONN = VAR["Max_used_connections"]
BASE_MEM=VAR["key_buffer_size"] + VAR["query_cache_size"] + VAR["innodb_buffer_pool_size"] + VAR["innodb_additional_mem_pool_size"] + VAR["innodb_log_buffer_size"]
MEM_PER_CONN=VAR["read_buffer_size"] + VAR["read_rnd_buffer_size"] + VAR["sort_buffer_size"] + VAR["join_buffer_size"] + VAR["binlog_cache_size"] + VAR["thread_stack"] + VAR["tmp_table_size"]
MEM_TOTAL_MIN=BASE_MEM + MEM_PER_CONN*MAX_USED_CONN
MEM_TOTAL_MAX=BASE_MEM + MEM_PER_CONN*MAX_CONN
printf "+------------------------------------------+--------------------+\n"
printf "| %40s | %15.3f MB |\n", "key_buffer_size", VAR["key_buffer_size"]/1048576
printf "| %40s | %15.3f MB |\n", "query_cache_size", VAR["query_cache_size"]/1048576
printf "| %40s | %15.3f MB |\n", "innodb_buffer_pool_size", VAR["innodb_buffer_pool_size"]/1048576
printf "| %40s | %15.3f MB |\n", "innodb_additional_mem_pool_size", VAR["innodb_additional_mem_pool_size"]/1048576
printf "| %40s | %15.3f MB |\n", "innodb_log_buffer_size", VAR["innodb_log_buffer_size"]/1048576
printf "+------------------------------------------+--------------------+\n"
printf "| %40s | %15.3f MB |\n", "BASE MEMORY", BASE_MEM/1048576
printf "+------------------------------------------+--------------------+\n"
printf "| %40s | %15.3f MB |\n", "sort_buffer_size", VAR["sort_buffer_size"]/1048576
printf "| %40s | %15.3f MB |\n", "read_buffer_size", VAR["read_buffer_size"]/1048576
printf "| %40s | %15.3f MB |\n", "read_rnd_buffer_size", VAR["read_rnd_buffer_size"]/1048576
printf "| %40s | %15.3f MB |\n", "join_buffer_size", VAR["join_buffer_size"]/1048576
printf "| %40s | %15.3f MB |\n", "thread_stack", VAR["thread_stack"]/1048576
printf "| %40s | %15.3f MB |\n", "binlog_cache_size", VAR["binlog_cache_size"]/1048576
printf "| %40s | %15.3f MB |\n", "tmp_table_size", VAR["tmp_table_size"]/1048576
printf "+------------------------------------------+--------------------+\n"
printf "| %40s | %15.3f MB |\n", "MEMORY PER CONNECTION", MEM_PER_CONN/1048576
printf "+------------------------------------------+--------------------+\n"
printf "| %40s | %18d |\n", "Max_used_connections", MAX_USED_CONN
printf "| %40s | %18d |\n", "max_connections", MAX_CONN
printf "+------------------------------------------+--------------------+\n"
printf "| %40s | %15.3f MB |\n", "TOTAL (MIN)", MEM_TOTAL_MIN/1048576
printf "| %40s | %15.3f MB |\n", "TOTAL (MAX)", MEM_TOTAL_MAX/1048576
printf "+------------------------------------------+--------------------+\n"
}'

Note that the 'Max_used_connections' parameter gives a realistic number for the total number of connections since the last start of the mariadb server, and can be used to adjust the 'max_connections' parameter.

Regards,
Netino

On 12/28/2023 at 11:57 PM, Starburst said:

I've successfully updated AlmaLinux 8.x to 9.x

Took awhile to get the sequence right, but stuck on PHP 7.4.33.

Just waiting on CWP 9 now.

You may not be able to use the PHP selector, it was not still working with Almalinux 9.

Regards,

Netino

On 12/22/2023 at 5:38 AM, torettos said:

Hello Sandeep,

i have a sоme questions for this "fast, free and open-source spam filtering system": Rspamd

1. I fund this theme in CWP forum (from Netino) how to install and configurated with CWP ... the steps is actuals?
2. Did you have experience and observation with this spam system?
3. Do you recommend it?

Thank you in advance and have a nice day!

 

Hi,

I was the one who posted that tutorial.

Thank you for reading it.
Yes, the steps are updated.
The longest steps are those for configuring Rspamd itself. It fits almost like a glove with CWP, only a few adaptations are needed, such as disabling spamassassin, and opendkim, but still offering complete integration with the opendkim installation, using it.

With Rspamd there is the additional advantage that you can use it as an antispam gateway, and an message antivirus gateway for all your servers (if you have more than just one), just by changing a single line in postfix (in /etc/postfix/main.cf):

smtpd_milters = inet:Your-Server-IP:11332

(of course you can use autossh as a secure bridge between one server and another)

Regards,

Netino