WebPanel > How to
[Howto] Install Rspamd
Netino:
Howto Instal Rspamd Antispam
This howto describes the main steps to get and start working with Rspamd, in particular with the following setup:
- CentOS 7
- Postfix MTA
- Redis cache
- Dovecot with Sieve plugin to sort mail and learn by moving messages to Junk folder
Attention: Use this how to at your own risk and make a backup before trying it. This howto should only be used for advanced users.
Rspamd is a fast, astonishing fast, and light open source spam filtering system which utilizes multiple techniques to prevent spam from reaching your mailbox.
I simply couldn't install stably spamassassin in the server. Looking for alternatives, I found it, and it seemed much better in almost every aspects.
Rspamd is actively developed and appears to be a much more modern project. Written in C, it is quite fast and integrates directly into postfix as a milter. It uses bayesian filtering and machine learning to learn what users consider to be spam and ham, global, by domain and by user. However, it also incorporates much many other anti-spam measures: RBL checks, SPF/DKIM/DMARC/ARC validation, DCC bulk mail checks, antivirus checks, and greylisting, to name a few. In addition, it has some other useful features like DKIM signing of outgoing mail, automatic whitelisting when you reply to someone, and a web interface where you can see spam checking results in real time.
Rspamd is an advanced spam filtering system supporting a variety of filtering mechanisms including regular expressions, statistical analysis and custom services such as URL black lists. Each message is analysed by rspamd and given a spam score. According to this spam score and the user’s settings rspamd recommends an action for the MTA to apply to the message- for example to pass, reject or add a header. Rspamd is designed to process hundreds of messages per second simultaneously.
It replaces amavisd-new, spamassassin, opendmarc, Policyd-SPF in just one software.
I could save about 1.0 Gb of memory with just this replacement, and Rspamd now takes up only 98Mb of memory, ie 10 times less !.
Each E-mail was analyzed in one to two minutes, and is now analyzed in 2 to 3 seconds!
I've been using it for over a year now.
What you need to know:
-General: all information below are important but need to be checked.
-General: this howto was made using CentOS7 server x64, so there could be differences to other distributions, and must be adapted some paths!
-Rspamd: Do not edit any default configuration file in /etc/rspamd/. Rspamd is designed to load configuration files from the /etc/rspamd/local.d/ folder, where is store customizations. Take a look into the documentation for available configs and parameters.
-Spamassassin: It is needed to disable spamassassin, but you can import almost all your spamassassin rules, include custom rules, and use it in Rspamd. To migrate, more information at <https://rspamd.com/doc/tutorials/migrate_sa.html>.
-Redis: This installation is really is not needed, but is strongly recommended, is a *astonishingly* fast database. If for some reason you won't install, supress all steps 'for redis use' in configuration. The steps 'with redis use' are affected by redis use, and must be adapted before you use it. The other steps are not using redis, or are unaffected by redis.
-Opendkim: Despite this configuration no longer use opendkim, as CWP uses it as the "default" configuration for automatic domain creation with DKIM support, the proposed configuration here makes use of the DKIM keys installed by opendkim, so I tried to maintain the structure of the DKIM key files for you can use it normally, preserving the autocreation of DKIM keys at CWP, so you do not need to make any changes to the existing structure, just by including the user '_rspamd' in the opendkim group.
Installing and Configuring Rspamd
=================================
Access ssh as root in your server.
- Install Rspamd, as: https://rspamd.com/downloads.html, executing these commands as 'root':
--- Code: ---# curl http://rspamd.com/rpm-stable/centos-7/rspamd.repo > /etc/yum.repos.d/rspamd.repo
# rpm --import http://rspamd.com/rpm-stable/gpg.key
# yum update
# yum install rspamd
(don't start it yet)
--- End code ---
- Install Redis
--- Code: ---# yum install redis
# systemctl start redis
# systemctl enable redis
--- End code ---
- Test if is Redis is working. Execute:
--- Code: ---# redis-cli ping
--- End code ---
the result must be 'PONG'.
- Change Redis configuration in file /etc/redis.conf:
--- Code: ---maxmemory 500mb
maxmemory-policy volatile-lru
--- End code ---
- and after change the system configuration: (for redis use)
--- Code: ---# echo 1 > /proc/sys/vm/overcommit_memory
--- End code ---
- add at file /etc/sysctl.conf (for redis use)
--- Code: ---vm.overcommit_memory = 1
--- End code ---
- and update the system configuration:
--- Code: ---# sysctl -p
--- End code ---
- ... and restart redis:
--- Code: ---# systemctl restart redis
--- End code ---
- Create the file /etc/rspamd/local.d/redis.conf with the following content: (for redis use)
--- Code: ---servers = "127.0.0.1";
--- End code ---
- file /etc/rspamd/local.d/options.inc
--- Code: ---dns {
enable_dnssec = true;
timeout = 4s;
retransmits = 5;
}
--- End code ---
- file /etc/rspamd/local.d/worker-normal.inc
--- Code: ---bind_socket = "127.0.0.1:11333";
--- End code ---
- file /etc/rspamd/local.d/worker-proxy.inc
--- Code: ---bind_socket = "127.0.0.1:11332";
milter = yes;
timeout = 120s;
upstream "local" {
default = yes;
self_scan = yes;
}
[code]
- file /etc/rspamd/local.d/logging.inc
[code]
type = "file";
filename = "/var/log/rspamd/rspamd.log";
level = "error";
debug_modules = [];
--- End code ---
- Create the user password (use your own password instead 'P4ssvv0rD')
--- Code: ---# rspamadm pw --encrypt -p P4ssvv0rD
$2$htwknhydfj45j58nuej1kffpegykzmer$i9pup6hpz3izzz3iqi99kohokmtfbnoh1k1oz3ph33xio6sgr41b
--- End code ---
... and use it in the below file.
# /etc/rspamd/local.d/worker-controller.inc
--- Code: ---bind_socket = "127.0.0.1:11334";
# password for normal user
password = "$2$htwknhydfj45j58nuej1kffpegykzmer$i9pup6hpz3izzz3iqi99kohokmtfbnoh1k1oz3ph33xio6sgr41b";
# password for 'admin'
# create this admin password with the rspamd utilities
enable_password = ""
secure_ip = "127.0.0.1";
--- End code ---
- file /etc/rspamd/local.d/classifier-bayes.conf (for redis)
--- Code: ---servers = "127.0.0.1";
backend = "redis";
autolearn = true;
new_schema = true;
expire = 8640000;
--- End code ---
- file /etc/rspamd/local.d/milter_headers.conf
--- Code: ---use = ["x-spamd-bar", "x-spam-level", "authentication-results"];
authenticated_headers = ["authentication-results"];
extended_spam_headers = true;
routines {
spam-header {
header = "X-Spam-Flag";
value = "YES";
remove = 1;
}
authentication-results {
header = "Authentication-Results";
remove = 1;
# SPF/DKIM/DMARC symbols in case these are redefined
spf_symbols {
pass = "R_SPF_ALLOW";
fail = "R_SPF_FAIL";
softfail = "R_SPF_SOFTFAIL";
neutral = "R_SPF_NEUTRAL";
temperror = "R_SPF_DNSFAIL";
none = "R_SPF_NA";
permerror = "R_SPF_PERMFAIL";
}
dkim_symbols {
pass = "R_DKIM_ALLOW";
fail = "R_DKIM_REJECT";
temperror = "R_DKIM_TEMPFAIL";
none = "R_DKIM_NA";
permerror = "R_DKIM_PERMFAIL";
}
dmarc_symbols {
pass = "DMARC_POLICY_ALLOW";
permerror = "DMARC_BAD_POLICY";
temperror = "DMARC_DNSFAIL";
none = "DMARC_NA";
reject = "DMARC_POLICY_REJECT";
softfail = "DMARC_POLICY_SOFTFAIL";
quarantine = "DMARC_POLICY_QUARANTINE";
}
}
}
--- End code ---
- Include '_rspamd' user at group 'opendkim':
--- Code: ---# usermod -a -G opendkim _rspamd
--- End code ---
- Create the file '/etc/rspamd/local.d/dkim_signing.conf' with the following content:
(you can suppress the lines starting with '#', but I do not recommend)
--- Code: ---# If false, messages with empty envelope from are not signed
allow_envfrom_empty = true;
# If true, envelope/header domain mismatch is ignored
allow_hdrfrom_mismatch = false;
# If true, multiple from headers are allowed (but only first is used)
allow_hdrfrom_multiple = false;
# If true, username does not need to contain matching domain
allow_username_mismatch = true;
# If false, messages from authenticated users are not selected for signing
auth_only = true;
# Default path to key, can include '$domain' and '$selector' variables
path = "/etc/opendkim/userkeys/$domain/$selector.private";
# Default selector to use
selector = "default";
# If false, messages from local networks are not selected for signing
sign_local = true;
# Map file of IP addresses/subnets to consider for signing
# sign_networks = "/some/file"; # or url
# Symbol to add when message is signed
symbol = "DKIM_SIGNED";
# Whether to fallback to global config
try_fallback = true;
# Domain to use for DKIM signing: can be "header" (MIME From), "envelope" (SMTP From) or "auth" (SMTP username)
use_domain = "header";
# Domain to use for DKIM signing when sender is in sign_networks ("header"/"envelope"/"auth")
use_domain_sign_networks = "header";
# Domain to use for DKIM signing when sender is a local IP ("header"/"envelope"/"auth")
use_domain_sign_local = "header";
# Whether to normalise domains to eSLD
use_esld = true;
# Whether to get keys from Redis
# Not using redis, keys coming from files in /etc/opendkim
use_redis = false;
# Hash for DKIM keys in Redis
key_prefix = "DKIM_KEYS";
--- End code ---
Create a soft link (the files normally are identical)
--- Code: ---# cd /etc/rspamd/local.d/; ln -s dkim_signing.conf arc.conf
--- End code ---
- Create the file '/etc/rspamd/local.d/mx_check.conf' with the following content:
--- Code: ---# Set this to enable the module
enabled = true;
# connection timeout in seconds
timeout = 30.0;
# symbol yielded if no MX is connectable
symbol_bad_mx = "MX_INVALID";
# symbol yielded if no MX is found
symbol_no_mx = "MX_MISSING";
# symbol yielded if MX is connectable
symbol_good_mx = "MX_GOOD";
# lifetime of redis cache - 1 day by default
expire = 86400;
# lifetime of redis cache for no valid mxes - 2 hours by default
expire_novalid = 7200;
# greylist first message with invalid MX (require greylist plugin)
greylist_invalid = false;
# prefix used for redis key
key_prefix = "rmx";
# module-specific redis-server configuration
servers = "127.0.0.1";
# a map of specific domains that should be excluded from MX check
# exclude_domains = "/etc/rspamd/local.d/local_wl_domains.map.inc";
--- End code ---
- file /etc/rspamd/local.d/dmarc.conf
--- Code: ---servers = "127.0.0.1";
# Enables storing reporting information to redis
#reporting = true;
# If Redis server is not configured below, settings from redis {} will be used
#servers = "127.0.0.1:6379"; # Servers to use for reads and writes (can be a list)
# Alternatively set read_servers / write_servers to split reads and writes
# To set custom prefix for redis keys:
#key_prefix = "dmarc_";
# Actions to enforce based on DMARC disposition (empty by default)
actions = {
quarantine = "add_header";
reject = "reject";
}
# Ignore "pct" setting for some domains
# no_sampling_domains = "/etc/rspamd/dmarc_no_sampling.domains";
--- End code ---
- file /etc/rspamd/local.d/force_actions.conf
--- Code: ---# Rules are defined in the rules {} block
rules {
VIRUS_DETECTED {
action = "reject";
expression = "CLAM_VIRUS";
# message setting sets SMTP message returned by mailer
message = "Rejected due to suspicion of virus";
honor_action = ["reject"];
}
}
--- End code ---
- file /etc/rspamd/local.d/fuzzy_check.conf
--- Code: ---timeout = 4s;
retransmits = 3;
--- End code ---
- file /etc/rspamd/local.d/neural.conf (with redis use)
--- Code: ---servers = "127.0.0.1";
enabled = true;
dbname = "2"; # Redis setup
# local.d/neural_group.conf
symbols = {
"NEURAL_SPAM" {
weight = 3.0; # sample weight
description = "Neural network spam";
}
"NEURAL_HAM" {
weight = -3.0; # sample weight
description = "Neural network ham";
}
}
--- End code ---
- file /etc/rspamd/local.d/phishing.conf
--- Code: ---phishtank_enabled = true;
phishtank_map = "https://rspamd.com/phishtank/online-valid.json.zst";
# Enable openphish support (default disabled)
openphish_enabled = true;
# URL of feed, default is public url:
openphish_map = "https://www.openphish.com/feed.txt";
openphish_premium = false;
# For premium feed, change that to your personal URL, e.g.
# openphish_map = "https://openphish.com/samples/premium_feed.json";
--- End code ---
- Change this to true in that file, if premium feed is enabled (paid service)
--- Code: ---openphish_premium = true;
--- End code ---
- file /etc/rspamd/local.d/replies.conf (with redis use)
--- Code: ---# This setting is non-default & may be desirable
action = "no action";
# These are default settings you may want to change
expire = 86400;
key_prefix = "rr";
message = "Message is reply to one we originated";
symbol = "REPLY";
# Module specific redis configuration
servers = "127.0.0.1";
--- End code ---
# /etc/rspamd/local.d/surbl.conf
--- Code: ---# List of domains that are not checked by surbl
whitelist = "file://$CONFDIR/surbl-whitelist.inc";
# Additional exceptions for TLD rules
exceptions = "file://$CONFDIR/2tld.inc";
redirector_hosts_map = "/etc/rspamd/redirectors.inc";
rules {
"SURBL_MULTI" {
# DNS suffix for this rule
suffix = "multi.surbl.org";
bits {
# List of bits ORed when reply is given
JP_SURBL_MULTI = 64;
AB_SURBL_MULTI = 32;
MW_SURBL_MULTI = 16;
PH_SURBL_MULTI = 8;
WS_SURBL_MULTI = 4;
SC_SURBL_MULTI = 2;
}
}
"URIBL_MULTI" {
suffix = "multi.uribl.com";
bits {
URIBL_BLACK = 2;
URIBL_GREY = 4;
URIBL_RED = 8;
}
}
"RAMBLER_URIBL" {
suffix = "uribl.rambler.ru";
# Also check images
images = true;
}
"DBL" {
suffix = "dbl.spamhaus.org";
# Do not check numeric URL's
noip = true;
}
"SPFBL_URIBL" {
suffix = "uribl.spfbl.net";
resolve_ip = false;
ips {
URIBL_SPFBL = "127.0.0.2";
}
}
"SEM_URIBL_UNKNOWN" {
suffix = "uribl.spameatingmonkey.net";
bits {
SEM_URIBL = 2;
}
noip = true;
}
"SEM_URIBL_FRESH15_UNKNOWN" {
suffix = "fresh15.spameatingmonkey.net";
bits {
SEM_URIBL_FRESH15 = 2;
}
noip = true;
}
}
--- End code ---
- file /etc/rspamd/local.d/url_redirector.conf (with redis use)
--- Code: ---# How long to cache dereferenced links in Redis (default 1 day)
expire = 1d;
# Timeout for HTTP requests (10 seconds by default)
timeout = 10; # 10 seconds by default
# How many nested redirects to follow (default 1)
nested_limit = 1;
# Prefix for keys in redis (default "rdr:")
key_prefix = "rdr:";
# Check SSL certificates (default false)
check_ssl = false;
max_size = 10k; # maximum body to process
--- End code ---
- file /etc/rspamd/local.d/url_reputation.conf (with redis use)
--- Code: ---# Enable
enabled = true;
# Key prefix for redis - default "Ur."
key_prefix = "Ur.";
# Symbols to insert - defaults as shown
symbols {
white = "URL_REPUTATION_WHITE";
black = "URL_REPUTATION_BLACK";
grey = "URL_REPUTATION_GREY";
neutral = "URL_REPUTATION_NEUTRAL";
}
# DKIM/DMARC/SPF allow symbols - defaults as shown
foreign_symbols {
dmarc = "DMARC_POLICY_ALLOW";
dkim = "R_DKIM_ALLOW";
spf = "R_SPF_ALLOW";
}
# SURBL metatags to ignore - default as shown
ignore_surbl = ["URIBL_BLOCKED", "DBL_PROHIBIT", "SURBL_BLOCKED"];
# Amount of samples required for scoring - default 5
threshold = 5;
# Maximum number of TLDs to update reputation on (default 1)
update_limit = 1;
# Maximum number of TLDs to query reputation on (default 100)
query_limit = 100;
# If true, try to find most 'relevant' URL (default true)
relevance = true;
--- End code ---
- file /etc/rspamd/local.d/url_tags.conf (with redis use)
--- Code: ---# cache some URL tags in redis
enabled = true;
--- End code ---
- file /etc/rspamd/override.d/antivirus.conf
--- Code: ---# multiple scanners could be checked, for each we create a configuration block with an arbitrary name
clamav {
# If set force this action if any virus is found (default unset: no action is forced)
action = "reject";
# if `true` only messages with non-image attachments will be checked (default true)
# attachments_only = false;
scan_mime_parts = false;
# If `max_size` is set, messages > n bytes in size are not scanned
#max_size = 20000000;
# symbol to add (add it to metric if you want non-zero weight)
symbol = "CLAM_VIRUS";
# type of scanner: "clamav", "fprot", "sophos" or "savapi"
type = "clamav";
# If set true, log message is emitted for clean messages
log_clean = true;
# For "savapi" you must also specify the following variable
#product_id = 12345;
# For "savapi" you can enable logging for clean messages
#log_clean = true;
# servers to query (if port is unspecified, scanner-specific default is used)
# can be specified multiple times to pool servers
# can be set to a path to a unix socket
servers = "127.0.0.1:3310";
# `whitelist` points to a map of IP addresses. Mail from these addresses is not scanned.
whitelist = "/etc/rspamd/antivirus.wl";
}
--- End code ---
- You can download maps and fuzzy keys from 'maps.rspamd.com'.
Currently, it has two ip addresses: 88.99.142.95 and 212.24.145.107.
So, you need to release it at firewall, to the port 11335 outbound to maps.rspamd.com.
- Change the file /etc/csf/csf.allow, including at final:
--- Code: ---udp|out|d=11335|d=88.99.142.95
tcp|out|d=11335|d=212.24.145.107
udp|out|d=11335|d=212.24.145.107
--- End code ---
- Start rspamd
--- Code: ---# systemctl start rspamd
--- End code ---
Check with the folloing command:
--- Code: ---# ps auxww | grep rspamd
--- End code ---
At this point, if all it's ok and there is no typing wrong, Rspamd must be working, it will result in:
--- Code: ---_rspamd 5166 0.0 0.0 304072 2864 ? SNs Dez06 0:00 rspamd: main process
_rspamd 5171 0.0 0.8 474132 31944 ? SNL Dez06 0:26 rspamd: rspamd_proxy process (127.0.0.1:11332)
_rspamd 5172 0.0 0.9 362124 35768 ? SN Dez06 0:28 rspamd: controller process (127.0.0.1:11334)
_rspamd 5173 0.0 0.6 358404 25972 ? SN Dez06 0:07 rspamd: normal process (127.0.0.1:11333)
_rspamd 5174 0.0 0.1 304072 6580 ? SN Dez06 0:12 rspamd: hs_helper process
--- End code ---
It is working, but no functional yet.
Now, we must to configure Postfix.
(...FOLLOWS AT PART 2, BELOW)
Netino:
CONTINUATION...
Configuring Postfix
===================
- Change/include in file /etc/postfix/main.cf
--- Code: ---milter_protocol = 6
milter_mail_macros = i {mail_addr} {client_addr} {client_name} {auth_authen}
# use accept just in case rspamd fails
milter_default_action = accept
smtpd_milters = inet:127.0.0.1:11332
non_smtpd_milters = inet:127.0.0.1:11332
--- End code ---
- Change the following in file /etc/postfix/master.cf:
Find:
--- Code: ---smtp inet n - n - - smtpd
-o content_filter=smtp-amavis:127.0.0.1:10024
-o receive_override_options=no_address_mappings
--- End code ---
...and change to:
--- Code: ---smtp inet n - n - - smtpd
# -o content_filter=smtp-amavis:127.0.0.1:10024
# -o receive_override_options=no_address_mappings
smtpd pass - - n - - smtpd
--- End code ---
Find:
--- Code: ---smtps inet n - n - - smtpd
-o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
--- End code ---
...and change to:
--- Code: ---smtps inet n - - - - smtpd
-o syslog_name=postfix/smtps
-o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
-o milter_macro_daemon_name=ORIGINATING
-o smtpd_sasl_type=dovecot
-o smtpd_sasl_path=private/auth
--- End code ---
Find:
--- Code: ---pickup fifo n - n 60 1 pickup
-o content_filter=
-o receive_override_options=no_header_body_checks
--- End code ---
...and change to:
--- Code: ---pickup fifo n - n 60 1 pickup
-o content_filter=
# -o receive_override_options=no_header_body_checks
--- End code ---
Find:
--- Code: ---submission inet n - n - - smtpd
-o smtpd_enforce_tls=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
--- End code ---
...and change to:
--- Code: ---submission inet n - - - - smtpd
# -o smtpd_tls_security_level=encrypt
-o syslog_name=postfix/submission
-o smtpd_tls_wrappermode=no
-o smtpd_sasl_auth_enable=yes
-o smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject
-o milter_macro_daemon_name=ORIGINATING
-o smtpd_sasl_type=dovecot
-o smtpd_sasl_path=private/auth
--- End code ---
Find and disable the entire 'spam/virus section' as the following:
--- Code: ---#
# spam/virus section
#
#smtp-amavis unix - - y - 2 smtp
# -o smtp_data_done_timeout=1200
# -o disable_dns_lookups=yes
# -o smtp_send_xforward_command=yes
#127.0.0.1:10025 inet n - y - - smtpd
# -o content_filter=
# -o smtpd_helo_restrictions=
# -o smtpd_sender_restrictions=
# -o smtpd_recipient_restrictions=permit_mynetworks,reject
# -o mynetworks=127.0.0.0/8
# -o smtpd_error_sleep_time=0
# -o smtpd_soft_error_limit=1001
# -o smtpd_hard_error_limit=1000
# -o receive_override_options=no_header_body_checks
# -o smtpd_helo_required=no
# -o smtpd_client_restrictions=
# -o smtpd_restriction_classes=
# -o disable_vrfy_command=no
# -o strict_rfc821_envelopes=yes
--- End code ---
- Restart Postfix, and disable amavisd-new
--- Code: ---# systemctl reload postfix
# systemctl disable amavisd-new
# systemctl stop amavisd-new
--- End code ---
Now you have your mail server funcional and working with rspamd.
Spamassassin
============
To migrate from Spamassassin, check <https://rspamd.com/doc/tutorials/migrate_sa.html>.
If you don’t have a lot of custom rules and primarily use the default ruleset then you shouldn’t use this plugin: many SA rules are already implemented natively in Rspamd so you won’t get any benefit from including such rules from SA.
But if you have custom rules, copy them to a the file, for example '/etc/rspamd/spam-rules/rules', and create a file '/etc/rspamd/local.d/spamassassin.conf' with the following content:
--- Code: ---ruleset = "/etc/rspamd/spam-rules/rules";
# Limit search size to 100 kilobytes for all regular expressions
match_limit = 120k;
# Those regexp atoms will not be passed through hyperscan:
#pcre_only = ["RULE1", "__RULE2"];
--- End code ---
Don't forget to restart rspamd.
- Dovecot + sieve
==================
You can configure your Dovecot to use sieve, to move E-mails automatically with the Rspamd's spam learning, following/reading 'Dovecot configuration', 'Sieve Scripts' and 'For Rspamd' sections in this Howto:
https://wiki.dovecot.org/HowTo/AntispamWithSieve
# So, to move spam mail automatically to folder 'Spam', create a file
# /var/vmail/domain.com/mailbox/sieve/roundcube.sieve, and include:
--- Code: ---require ["fileinto"];
if header :is "X-Spam" "Yes" {
fileinto "Junk";
}
--- End code ---
- Test your spam filter
Send an e-mail with the following body text content to one of your new mailboxes:
--- Code: ---XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X
--- End code ---
This e-mail should never arrive at its destination and Rspamd should show a rejected e-mail in its history log, at '/var/log/rspamd/rspamd.log' and in '/var/log/maillog' files.
- Train Rspamd with existing spam mail (optional)
If you have mailboxes in Maildir-format with spam e-mails and normal e-mails, you can use them to train Rspamd on some real world examples. Copy those mailbox folders to your new server and execute commands like this:
-To train e-mails in /var/vmail/domain.com/mailbox/.Spam/cur as spam:
--- Code: ---find /var/vmail/domain.com/mailbox/.Spam/cur -type f -exec /usr/bin/rspamc learn_spam {} \;
--- End code ---
- Stop and disable spamassassin, if any:
--- Code: ---systemctl stop spamassassin
systemctl disable spamassassin
--- End code ---
- Stop and disable amavisd-new
--- Code: ---systemctl stop amavisd-new
systemctl disable amavisd-new
--- End code ---
- Stop and disable opendkim
--- Code: ---systemctl stop opendkim
systemctl disable opendkim
--- End code ---
-To train e-mails as “ham”:
--- Code: ---find /var/vmail/domain.com/mailbox/cur -type f -exec /usr/bin/rspamc learn_ham {} \;
find /var/vmail/domain.com/mailbox/.Sent/cur -type f -exec /usr/bin/rspamc learn_ham {} \;
--- End code ---
- To acess the Rspamd webinterface:
--- Code: ---ssh -p 32 -L 11334:localhost:11334 [Your IP ADDRESS]
--- End code ---
Remember: If you want to use the web interface instead shell, you will need to change all files to '_rspamd' user.
- And access in your browser:
http://localhost:11334
Enjoy it!
Regards,
Netino
pvanthony:
Is the above configuration for Rspamd verison 1.9?
Netino:
Yes, I'm running this configuration with rspamd version 1.9.0, to be more precise, with rspamd-1.9.0-3 rpm from their repository.
Regards,
Netino
DNA:
Hello Netino,
I am getting the following error:
--- Code: ---# rspamadm configtest
2020-10-18 13:20:15 #0(main) <>; lua; lua_cfg_transform.lua:452: both auth_only (true) and sign_authenticated (true) for dkim_signing are specified, prefer auth_only
2020-10-18 13:20:15 #0(main) <>; lua; lua_cfg_transform.lua:452: both auth_only (true) and sign_authenticated (false) for arc are specified, prefer auth_only
2020-10-18 13:20:15 #0(main) <>; lua; lua_cfg_transform.lua:242: conflicting names in surbl and rbl rules: SEM_URIBL_FRESH15_UNKNOWN, prefer surbl rule!
2020-10-18 13:20:15 #0(main) <>; lua; lua_cfg_transform.lua:242: conflicting names in surbl and rbl rules: SEM_URIBL_UNKNOWN, prefer surbl rule!
2020-10-18 13:20:15 #0(main) <>; lua; lua_cfg_transform.lua:242: conflicting names in surbl and rbl rules: URIBL_MULTI, prefer surbl rule!
2020-10-18 13:20:15 #0(main) <>; lua; lua_cfg_transform.lua:242: conflicting names in surbl and rbl rules: SURBL_MULTI, prefer surbl rule!
2020-10-18 13:20:15 #0(main) <>; lua; lua_cfg_transform.lua:242: conflicting names in surbl and rbl rules: DBL, prefer surbl rule!
syntax OK
--- End code ---
--- Code: ---CLAM_VIRUS_FAIL (0) [failed to scan and retransmits exceed]
--- End code ---
My Status :
--- Code: ---# rspamc stat
Results for command: stat (0.186 seconds)
Messages scanned: 142
Messages with action reject: 3, 2.11%
Messages with action soft reject: 0, 0.00%
Messages with action rewrite subject: 0, 0.00%
Messages with action add header: 3, 2.11%
Messages with action greylist: 3, 2.11%
Messages with action no action: 133, 93.66%
Messages treated as spam: 6, 4.22%
Messages treated as ham: 136, 95.77%
Messages learned: 129
Connections count: 0
Control connections count: 61
Pools allocated: 137
Pools freed: 191
Bytes allocated: 3.92GiB
Memory chunks allocated: 4294966837
Shared chunks allocated: 33
Chunks freed: 0
Oversized chunks: 2
Fuzzy hashes in storage "rspamd.com": 1519996981
Fuzzy hashes stored: 1519996981
Statfile: BAYES_SPAM type: redis; length: 0; free blocks: 0; total blocks: 0; free: 0.00%; learned: 0; users: 0; languages: 0
Statfile: BAYES_HAM type: redis; length: 0; free blocks: 0; total blocks: 0; free: 0.00%; learned: 3; users: 1; languages: 0
Total learns: 3
--- End code ---
Disabled:
SpamAssassin, Amavisd & Opendkim
Navigation
[0] Message Index
[#] Next page
Go to full version