Re: HOW TO: RSPAMD integration
Posted: Fri Feb 07, 2020 4:48 pm
Thanks! It took me a while to train it to block all spam but now it blocks all incoming emails
Thanks! It took me a while to train it to block all spam but now it blocks all incoming emails
Code: Select all
.ifdef RSPAMD
warn set acl_m1 = no
warn condition = ${if exists {/etc/exim4/domains/$domain/antispam}{yes}{no}}
set acl_m1 = yes
.endif
Code: Select all
.ifdef RSPAMD
accept hosts = +relay_from_hosts
accept condition = ${if eq{$interface_port}{587}}
accept authenticated = *
# If message size is less than 500k and the domain has antispam enabled, scan the message with rspamd
# This will set variables as follows: $spam_action, $spam_score, $spam_score_int (spam score x10), $spam_report, $spam_bar
# So we add these as headers, first removing any existing ones
warn condition = ${if < {$message_size}{500K}}
condition = ${if eq{$acl_m1}{yes}{yes}{no}}
spam = nobody:true
remove_header = x-spam-bar : x-spam-score : x-spam-report : x-spam-status
add_header = X-Spam-Score: $spam_score_int
add_header = X-Spam-Report: $spam_report
add_header = X-Spam-Action: $spam_action
set acl_m2 = $spam_score_int
# add x-spam-bar header if score is positive
warn condition = ${if >{$spam_score_int}{0}}
add_header = X-Spam-Bar: $spam_bar
# use greylisting if action is soft reject
defer message = Please try again later
condition = ${if eq{$spam_action}{soft reject}}
# Hard reject if spam action is reject
deny message = Message discarded as high-probability spam
condition = ${if eq{$spam_action}{reject}}
# Tag mesage as spam-report header when spam action is "add header"
warn
condition = ${if eq{$spam_action}{add header}}
add_header = X-Spam-Status: Yes
# add x-spam-status header if message action is "rewrite subject"
warn
condition = ${if eq{$spam_action}{rewrite subject}}
add_header = X-Spam-Status: Yes
.endif
plutocrat wrote: ↑Wed Apr 15, 2020 8:49 amReplaced original email, as it might have been confusing. OK, so on Ubuntu, there is one key change to the original poster's config. In the check_rcpt section, you set a variable acl_m1 depending on whether a file exists for that domain:Its crucial to note that for Ubuntu, the path is /etc/exim4 rather than /etc/exim which the Centos example used.!Code: Select all
.ifdef RSPAMD warn set acl_m1 = no warn condition = ${if exists {/etc/exim4/domains/$domain/antispam}{yes}{no}} set acl_m1 = yes .endif
Once you have that set, the conditions for scanning the mail work fine, specifically this one which has now been correctly set:
condition = ${if eq{$acl_m1}{yes}{yes}{no}}
I've been tweaking the exim config. Currently it looks like this:
Code: Select all
.ifdef RSPAMD accept hosts = +relay_from_hosts accept condition = ${if eq{$interface_port}{587}} accept authenticated = * # If message size is less than 500k and the domain has antispam enabled, scan the message with rspamd # This will set variables as follows: $spam_action, $spam_score, $spam_score_int (spam score x10), $spam_report, $spam_bar # So we add these as headers, first removing any existing ones warn condition = ${if < {$message_size}{500K}} condition = ${if eq{$acl_m1}{yes}{yes}{no}} spam = nobody:true remove_header = x-spam-bar : x-spam-score : x-spam-report : x-spam-status add_header = X-Spam-Score: $spam_score_int add_header = X-Spam-Report: $spam_report add_header = X-Spam-Action: $spam_action set acl_m2 = $spam_score_int # add x-spam-bar header if score is positive warn condition = ${if >{$spam_score_int}{0}} add_header = X-Spam-Bar: $spam_bar # use greylisting if action is soft reject defer message = Please try again later condition = ${if eq{$spam_action}{soft reject}} # Hard reject if spam action is reject deny message = Message discarded as high-probability spam condition = ${if eq{$spam_action}{reject}} # Tag mesage as spam-report header when spam action is "add header" warn condition = ${if eq{$spam_action}{add header}} add_header = X-Spam-Status: Yes # add x-spam-status header if message action is "rewrite subject" warn condition = ${if eq{$spam_action}{rewrite subject}} add_header = X-Spam-Status: Yes .endif
I don't understand what you're asking.
Code: Select all
echo 1 > /proc/sys/vm/overcommit_memory
Code: Select all
rspamadm configwizard
Code: Select all
(...)
#SPAMASSASSIN = yes
RSPAMD = yes
SPAM_SCORE = 50
#CLAMD = yes <<< If you use clamava, you may leave it uncommented
(...)
.ifdef RSPAMD
spamd_address = 127.0.0.1 11333 variant=rspamd
.endif
(...)
acl_check_rcpt:
(...)
.ifdef RSPAMD
warn set acl_m1 = no
warn condition = ${if exists {/etc/exim/domains/$domain/antispam}{yes}{no}}
set acl_m1 = yes
.endif
accept
(...)
acl_check_data:
(...)
#RSPAMD https://www.rspamd.com/doc/integration.html
.ifdef RSPAMD
warn !authenticated = *
hosts = !+relay_from_hosts
condition = ${if < {$message_size}{500K}}
condition = ${if eq{$acl_m1}{yes}{yes}{no}}
spam = nobody:true
add_header = X-Spam-Score: $spam_score_int
add_header = X-Spam-Report: $spam_report
set acl_m2 = $spam_score_int
# use greylisting available in rspamd v1.3+
defer message = Please try again later
condition = ${if eq{$spam_action}{soft reject}}
# use for discarding spam email
deny message = Message discarded as high-probability spam (from $sender_address to $recipients)
condition = ${if eq{$spam_action}{reject}}
# Remove foreign headers
warn remove_header = x-spam-bar : x-spam-score : x-spam-report : x-spam-status
# add spam header
warn condition = ${if !eq{$acl_m2}{} {yes}{no}}
condition = ${if >{$acl_m2}{SPAM_SCORE} {yes}{no}}
add_header = X-Spam-Status: Yes
.endif
(...)
Code: Select all
(...)
location ~ \.php$ {
include /usr/local/vesta/nginx/conf/fastcgi_params;
fastcgi_param SCRIPT_FILENAME /usr/local/vesta/web/$fastcgi_script_name;
fastcgi_param QUERY_STRING $query_string;
fastcgi_pass unix:/var/run/vesta-php.sock;
fastcgi_intercept_errors on;
break;
}
location /rspamd/ {
proxy_pass http://localhost:11334/;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
(...)
Code: Select all
apt-get install -y lsb-release wget # optional
CODENAME=`lsb_release -c -s`
wget -O- https://rspamd.com/apt-stable/gpg.key | apt-key add -
echo "deb [arch=amd64] http://rspamd.com/apt-stable/ $CODENAME main" > /etc/apt/sources.list.d/rspamd.list
echo "deb-src [arch=amd64] http://rspamd.com/apt-stable/ $CODENAME main" >> /etc/apt/sources.list.d/rspamd.list
apt-get update
apt-get --no-install-recommends install rspamd -y
Code: Select all
apt install redis-server -y
sed -i 's/supervised no/supervised systemd/' /etc/redis/redis.conf
sed -i 's/# maxmemory <bytes>/maxmemory 100mb/' /etc/redis/redis.conf
sed -i 's/# maxmemory-policy noeviction/maxmemory-policy volatile-ttl/' /etc/redis/redis.conf
systemctl restart redis.service
echo 1 > /proc/sys/vm/overcommit_memory
sed -i 's/ReadWriteDirectories=-\/var\/run\/redis/ReadWriteDirectories=-\/run\/redis/' /lib/systemd/system/redis-server.service
sed -i 's/Type=forking/Type=notify/' /lib/systemd/system/redis-server.service
systemctl enable /lib/systemd/system/redis-server.service
sysctl vm.overcommit_memory=1
sed -i 's/# Protects against creating or following links under certain conditions/sysctl vm.overcommit_memory=1/' /etc/sysctl.conf
apt-get install hugepages -y
hugeadm --thp-never
sed -i '$i /usr/bin/hugeadm --thp-never' /etc/rc.local
systemctl edit redis-server
Code: Select all
[Service]
Type=notify
Code: Select all
systemctl daemon-reload
systemctl restart redis.service
systemctl enable rspamd
systemctl enable redis
systemctl start rspamd
systemctl start redis
Code: Select all
sed -i 's/ANTISPAM_SYSTEM=\'spamassasin\'/ANTISPAM_SYSTEM=\'rspamd\'/' /etc/redis/redis.conf
service vesta restart
Code: Select all
sed -i 's/# requirepass foobared/requirepass CHANGETHISTOSOMETHINGREALLYLONGTOHAVEASECUREPASSWORD/' /etc/redis/redis.conf
Code: Select all
Failed to enable unit: Refusing to operate on linked unit file redis.service