MyWackoSite : rspamd

Hits : 10502
Last Edit: 06.09.2017 01.20

Rspamd

a mini tutorial on Rspamd^[link1]

Contents

Rspamd
- Installation
- Init File
- Start
- Postfix
- Training
- Auto Training
- Stats
- X-Spamd-Result
- Web Server
- Web Server Login
- Enable Service
- Reverse Proxy
- selinux
- IO write error
- wrapper

Installation

#  mkdir -pv rspamd
#  cd !$
#  wget -c https://rspamd.com/rpm-stable/centos-6/x86_64/rspamd-1.6.3-1.x86_64.rpm
#  wget -c https://rspamd.com/rpm-stable/centos-6/x86_64/gmime-2.6.20-5.el6.x86_64.rpm
#  yum -y install *

top

Init File

# vim /etc/init.d/rspamd 

# ebal, Wed, 06 Sep 2017 00:31:37 +0300
## RSPAMD_CONF_FILE="/etc/rspamd/rspamd.sysvinit.conf"
RSPAMD_CONF_FILE="/etc/rspamd/rspamd.conf"

# ln -s /etc/rspamd/rspamd.conf /etc/rspamd/rspamd.sysvinit.conf

top

Start

# /etc/init.d/rspamd restart
syntax OK
Stopping rspamd:                                           [FAILED]
Starting rspamd:                                           [  OK  ]

top

Postfix

milter

# ebal, Wed, 06 Sep 2017 00:51:42 +0300
 
 ## opendkim : 8891
 ## opendmarc: 8893
 ## 
 
 ## A list of Milter (mail filter) applications for new mail that does not arrive via the Postfix smtpd(8) server.
 non_smtpd_milters=inet:127.0.0.1:8891,inet:127.0.0.1:8893,inet:127.0.0.1:11332
 ## A list of Milter (mail filter) applications for new mail that arrives via the Postfix smtpd(8) server. 
 smtpd_milters=inet:127.0.0.1:8891,inet:127.0.0.1:8893, inet:127.0.0.1:11332
 
 # https://rspamd.com/doc/integration.html
 milter_protocol = 6
 milter_mail_macros = i {mail_addr} {client_addr} {client_name} {auth_authen}
 # skip mail without checks if something goes wrong
 milter_default_action = accept

top

Training

Training the Bayesian classifier

# cd /storage/vmails/balaskas.gr/evaggelos/.Spam/cur/ 
# find . -type f -exec rspamc learn_spam {} \;

Auto Training

via cron example:

@daily /bin/find /storage/vmails/balaskas.gr/evaggelos/.Spam/cur/ -type f -mtime -1 -exec rspamc learn_spam {} \;

top

Stats

# rspamc stat
Results for command: stat (0.012 seconds)
Messages scanned: 1
Messages with action reject: 0, 0.00%
Messages with action soft reject: 0, 0.00%
Messages with action rewrite subject: 0, 0.00%
Messages with action add header: 0, 0.00%
Messages with action greylist: 0, 0.00%
Messages with action no action: 1, 100.00%
Messages treated as spam: 0, 0.00%
Messages treated as ham: 1, 100.00%
Messages learned: 1948
Connections count: 1
Control connections count: 2220
Pools allocated: 2247
Pools freed: 2228
Bytes allocated: 542k
Memory chunks allocated: 41
Shared chunks allocated: 10
Chunks freed: 0
Oversized chunks: 763
Fuzzy hashes in storage "rspamd.com": 655428587
Fuzzy hashes stored: 655428587
Statfile: BAYES_SPAM type: sqlite3; length: 33.74M; free blocks: 0; total blocks: 444.74k; free: 0.00%; learned: 1948; users: 1; languages: 4
Statfile: BAYES_HAM type: sqlite3; length: 9.22k; free blocks: 0; total blocks: 0; free: 0.00%; learned: 0; users: 1; languages: 1
Total learns: 1948

top

X-Spamd-Result

Add extended reporting headers:

# vim /etc/rspamd/modules.d/milter_headers.conf


 19 
 20 # ebal, Wed, 06 Sep 2017 01:52:08 +0300
 21 extended_spam_headers = true;
 22 
 23   use = [];

# /etc/init.d/rspamd restart

View Source:

X-Rspamd-Queue-Id: C024F2675E
X-Rspamd-Server: kvm
X-Spamd-Result: default: False [2.90 / 15.00]

top

Web Server

replace "SERVER_IP" with your server ip !!

#  vim rspamd.conf

  worker {
  # ebal, Wed, 06 Sep 2017 01:21:27 +0300
  #    bind_socket = "localhost:11334";
      bind_socket = "SERVER_IP:11334";

Web Server Login

vim /etc/rspamd/worker-controller.inc

1 # Included from top-level .conf file
  2 
  3 type = "controller";
  4 count = 1;
  5 # ebal, Wed, 06 Sep 2017 01:35:07 +0300
  6 #password = "q1";
  7 password = "password";
  8 # ebal, Wed, 06 Sep 2017 01:34:51 +0300
  9 # secure_ip = "127.0.0.1";
 10 secure_ip = "SERVER_IP";
 11 secure_ip = "::1";
 12 static_dir = "${WWWDIR}";

top

Enable Service

# chkconfig --list | egrep -i rspamd
rspamd         	0:off	1:off	2:off	3:off	4:off	5:off	6:off


# chkconfig rspamd on

# chkconfig --list | egrep -i rspamd
rspamd         	0:off	1:off	2:on	3:on	4:on	5:on	6:off

top

Reverse Proxy

apache: httpd-2.2

ProxyPreserveHost On

<Location /rspamd>
    AuthName "Rspamd Access"
    AuthType Basic
    AuthUserFile /etc/httpd/rspamd_passwd
    Require valid-user

    ProxyPass http://127.0.0.1:11334 
    ProxyPassReverse http://127.0.0.1:11334 

    Order allow,deny
    Allow from all 

</Location>

selinux

# setsebool -P httpd_can_network_connect=1

# setsebool httpd_can_network_connect_db on

top

IO write error

need to define host explicit !

rspamc -h 127.0.0.1:11334 learn_spam msg3856

top

wrapper

# cat /usr/local/bin/rspamc



#!/bin/sh
/usr/bin/rspamc -h 127.0.0.1:11334 $*

Links

^[link1] https://rspamd.com

MyWackoSite: rspamd