HOW TO: RSPAMD integration

[dreiggy]

Hi everyone :)

I have replaced spamassassin with rspamd. I think maybe it will be suitable and for your servers ;) My tutorial is only covering CentOS7 installation, but I think you should be able to do this and with other distros.

Why rspamd is better, please look here:
https://www.rspamd.com/comparison.html
https://www.rspamd.com/performance.html

Ok, so lets start. First you should remove / disable spamassassin (I don't describe how to do this). In my opinion, you can just stop and disable autostart of spamassassin.

1) rspamd and redis installation

Code: Select all

curl https://rspamd.com/rpm-stable/centos-7/rspamd.repo > /etc/yum.repos.d/rspamd.repo
rpm --import https://rspamd.com/rpm-stable/gpg.key
yum update
yum install rspamd redis

Addtional you may tune a little bit redis. Add to bottom of /etc/redis.conf add:

Code: Select all

maxmemory 100mb
maxmemory-policy volatile-ttl

For saving data to disk, it is also useful to setup overcommit memory behavior which might be useful for loaded systems. It could be done in Linux by using the following command:

Code: Select all

echo 1 > /proc/sys/vm/overcommit_memory

Enable and start rspamd and redis:

Code: Select all

systemctl enable rspamd
systemctl enable redis
systemctl start rspamd
systemctl start redis

At the end run rspamd configuration wizard (I chose default options):

Code: Select all

rspamadm configwizard

More information about installing read here: https://www.rspamd.com/downloads.html

2) Lets start integration with exim!
Please make backup of original exim.conf!

Edit /etc/exim/exim.conf

Code: Select all

(...)

#SPAMASSASSIN = yes
RSPAMD = yes
SPAM_SCORE = 50
#CLAMD =  yes <<< If you use clamava, you may leave it uncommented

(...)

.ifdef RSPAMD
spamd_address = 127.0.0.1 11333 variant=rspamd
.endif

(...)

acl_check_rcpt:

(...)

.ifdef RSPAMD
  warn    set acl_m1    = no

  warn    condition     = ${if exists {/etc/exim/domains/$domain/antispam}{yes}{no}}
          set acl_m1    = yes
.endif

  accept

(...)

acl_check_data:

(...)

#RSPAMD https://www.rspamd.com/doc/integration.html
.ifdef RSPAMD
  warn   !authenticated = *
         hosts          = !+relay_from_hosts
         condition      = ${if < {$message_size}{500K}}
         condition      = ${if eq{$acl_m1}{yes}{yes}{no}}
         spam           = nobody:true
         add_header     = X-Spam-Score: $spam_score_int
         add_header     = X-Spam-Report: $spam_report
         set acl_m2     = $spam_score_int

  # use greylisting available in rspamd v1.3+
  defer  message    = Please try again later
         condition  = ${if eq{$spam_action}{soft reject}}

  # use for discarding spam email
  deny   message    = Message discarded as high-probability spam (from $sender_address to $recipients)
         condition  = ${if eq{$spam_action}{reject}}

  # Remove foreign headers
  warn   remove_header = x-spam-bar : x-spam-score : x-spam-report : x-spam-status

  # add spam header
  warn   condition      = ${if !eq{$acl_m2}{} {yes}{no}}
         condition      = ${if >{$acl_m2}{SPAM_SCORE} {yes}{no}}
         add_header     = X-Spam-Status: Yes

.endif

(...)

3) Rspamd interface from vestacp

Add rspamd web interface location to vesta-nginx: /usr/local/vesta/nginx/conf/nginx.conf

Code: Select all

(...)
        location ~ \.php$ {
            include         /usr/local/vesta/nginx/conf/fastcgi_params;
            fastcgi_param   SCRIPT_FILENAME /usr/local/vesta/web/$fastcgi_script_name;
            fastcgi_param   QUERY_STRING    $query_string;
            fastcgi_pass    unix:/var/run/vesta-php.sock;
            fastcgi_intercept_errors        on;
            break;
        }

        location /rspamd/ {
            proxy_pass       http://localhost:11334/;
            proxy_set_header Host      $host;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        }
(...)

Add link to top menu: /usr/local/vesta/web/templates/admin/panel.html

ADD:

Code: Select all

<div class="l-menu__item <?php if($TAB == 'RSPAMD' ) echo 'l-menu__item--active' ?>"><a target="_blank" href="/rspamd/"><?=__('Rspamd')?></a></div>

RIGHT AFTER:

Code: Select all

<div class="l-menu__item <?php if($TAB == 'SERVER' ) echo 'l-menu__item--active' ?>"><a href="/list/server/"><?=__('Server')?></a></div>

Restart vestacp panel:

Code: Select all

service vesta restart

[salvatorenz]

Hi,

Thanks for the great guide, I have tried this and it works on latest version with centos 7.6 but will not allow sending or receiving emails.
550 error is received. Is any setup for dovecot needed? or setting in rspamd?

[dreiggy]

Hi,

Thanks for the great guide, I have tried this and it works on latest version with centos 7.6 but will not allow sending or receiving emails.
550 error is received. Is any setup for dovecot needed? or setting in rspamd?

Hi,

no, here is no need any changes to dovecot. What exact error you are getting in exim or dovecot?

[salvatorenz]

I've managed to have time to install again, incoming mail is fine and can connect to rspamd
It is sending email that does not go through since install of rspamd.

Spam assassin and clamav not installed. no error message when sending from outlook or mailbird.

I did test sending to gmail and cc to sending email address, nothing appeared in gmail but received cc email to sending account
so same location is fine

external email has the below in exim log
R=dnslookup T=remote_smtp defer (-53): retry time not reached for any host

Can ping and telnet to external mailserver

resolv.conf using 8.8.8.8 and 8.8.4.4
ptr set
all dns is set correctly.

Just about to try turn of named and set to cloudflare for dns

[salvatorenz]

Hi,

Thanks for the great guide, I have tried this and it works on latest version with centos 7.6 but will not allow sending or receiving emails.
550 error is received. Is any setup for dovecot needed? or setting in rspamd?

Hi,

no, here is no need any changes to dovecot. What exact error you are getting in exim or dovecot?

All working now had to change localhost to 127.0.0.1 in a few settings on redis

[salvatorenz]

Hi,

no, here is no need any changes to dovecot. What exact error you are getting in exim or dovecot?

Hi,

Have installed on second install and no problems all working well.
Now trying to integrate the dovecot sieve / exin mta for any missed in the inbox marked as spam will go to rspamd learning (it's how I think it works... maybe wrong) for example spam like this "1st Page Ranking of GOOGLE" passes through. found plenty of guides for postfix but not exim.

I have the sieve filter integrate with roundcude from the guide here viewtopic.php?f=12&t=11363 on the Vesta forum.

[Elfy]

All,

You can easily add RSPAMD as the spam system service so it shows up in the Server tab like so:


Simply edit /usr/local/vesta/conf/vesta.conf from:

Code: Select all

ANTISPAM_SYSTEM='spamassasin'

to:

Code: Select all

ANTISPAM_SYSTEM='rspamd'

Then restart the vesta service:

Code: Select all

service vesta restart

[dreiggy]

Hi,

Have installed on second install and no problems all working well.
Now trying to integrate the dovecot sieve / exin mta for any missed in the inbox marked as spam will go to rspamd learning (it's how I think it works... maybe wrong) for example spam like this "1st Page Ranking of GOOGLE" passes through. found plenty of guides for postfix but not exim.

I have the sieve filter integrate with roundcude from the guide here viewtopic.php?f=12&t=11363 on the Vesta forum.

You may try to read this article part about "Learning spam/ham messages", here is nice idea how to implement spam learn with dovecot: https://www.evilcoder.org/2017/04/08/th ... to-rspamd/

[compiz]

Does this work for all domains in the server or just for the domain name of the server?
Thank you very much for the guide :)

[dreiggy]

Does this work for all domains in the server or just for the domain name of the server?
Thank you very much for the guide :)

Yes, it works globally for all domains.