Hits : 10548
Last Edit: 06.09.2017 01.20

Rspamd


a mini tutorial on Rspamd[link1]



Contents




Installation


#  mkdir -pv rspamd
#  cd !$
#  wget -c https://rspamd.com/rpm-stable/centos-6/x86_64/rspamd-1.6.3-1.x86_64.rpm
#  wget -c https://rspamd.com/rpm-stable/centos-6/x86_64/gmime-2.6.20-5.el6.x86_64.rpm
#  yum -y install *


top

Init File


# vim /etc/init.d/rspamd 

# ebal, Wed, 06 Sep 2017 00:31:37 +0300
## RSPAMD_CONF_FILE="/etc/rspamd/rspamd.sysvinit.conf"
RSPAMD_CONF_FILE="/etc/rspamd/rspamd.conf"


or 

# ln -s /etc/rspamd/rspamd.conf /etc/rspamd/rspamd.sysvinit.conf



top


Start



# /etc/init.d/rspamd restart
syntax OK
Stopping rspamd:                                           [FAILED]
Starting rspamd:                                           [  OK  ]





top


Postfix


milter

# ebal, Wed, 06 Sep 2017 00:51:42 +0300
 
 ## opendkim : 8891
 ## opendmarc: 8893
 ## 
 
 ## A list of Milter (mail filter) applications for new mail that does not arrive via the Postfix smtpd(8) server.
 non_smtpd_milters=inet:127.0.0.1:8891,inet:127.0.0.1:8893,inet:127.0.0.1:11332
 ## A list of Milter (mail filter) applications for new mail that arrives via the Postfix smtpd(8) server. 
 smtpd_milters=inet:127.0.0.1:8891,inet:127.0.0.1:8893, inet:127.0.0.1:11332
 
 # https://rspamd.com/doc/integration.html
 milter_protocol = 6
 milter_mail_macros = i {mail_addr} {client_addr} {client_name} {auth_authen}
 # skip mail without checks if something goes wrong
 milter_default_action = accept


top


Training


Training the Bayesian classifier

# cd /storage/vmails/balaskas.gr/evaggelos/.Spam/cur/ 
# find . -type f -exec rspamc learn_spam {} \;

Auto Training


via cron example:

@daily /bin/find /storage/vmails/balaskas.gr/evaggelos/.Spam/cur/ -type f -mtime -1 -exec rspamc learn_spam {} \;

top


Stats


# rspamc stat
Results for command: stat (0.012 seconds)
Messages scanned: 1
Messages with action reject: 0, 0.00%
Messages with action soft reject: 0, 0.00%
Messages with action rewrite subject: 0, 0.00%
Messages with action add header: 0, 0.00%
Messages with action greylist: 0, 0.00%
Messages with action no action: 1, 100.00%
Messages treated as spam: 0, 0.00%
Messages treated as ham: 1, 100.00%
Messages learned: 1948
Connections count: 1
Control connections count: 2220
Pools allocated: 2247
Pools freed: 2228
Bytes allocated: 542k
Memory chunks allocated: 41
Shared chunks allocated: 10
Chunks freed: 0
Oversized chunks: 763
Fuzzy hashes in storage "rspamd.com": 655428587
Fuzzy hashes stored: 655428587
Statfile: BAYES_SPAM type: sqlite3; length: 33.74M; free blocks: 0; total blocks: 444.74k; free: 0.00%; learned: 1948; users: 1; languages: 4
Statfile: BAYES_HAM type: sqlite3; length: 9.22k; free blocks: 0; total blocks: 0; free: 0.00%; learned: 0; users: 1; languages: 1
Total learns: 1948


top


X-Spamd-Result


Add extended reporting headers:

# vim /etc/rspamd/modules.d/milter_headers.conf


 19 
 20 # ebal, Wed, 06 Sep 2017 01:52:08 +0300
 21 extended_spam_headers = true;
 22 
 23   use = [];


# /etc/init.d/rspamd restart


View Source:

X-Rspamd-Queue-Id: C024F2675E
X-Rspamd-Server: kvm
X-Spamd-Result: default: False [2.90 / 15.00]



top


Web Server


replace "SERVER_IP" with your server ip !!



#  vim rspamd.conf

  worker {
  # ebal, Wed, 06 Sep 2017 01:21:27 +0300
  #    bind_socket = "localhost:11334";
      bind_socket = "SERVER_IP:11334";

Web Server Login



vim /etc/rspamd/worker-controller.inc

1 # Included from top-level .conf file
  2 
  3 type = "controller";
  4 count = 1;
  5 # ebal, Wed, 06 Sep 2017 01:35:07 +0300
  6 #password = "q1";
  7 password = "password";
  8 # ebal, Wed, 06 Sep 2017 01:34:51 +0300
  9 # secure_ip = "127.0.0.1";
 10 secure_ip = "SERVER_IP";
 11 secure_ip = "::1";
 12 static_dir = "${WWWDIR}";






top


Enable Service


# chkconfig --list | egrep -i rspamd
rspamd         	0:off	1:off	2:off	3:off	4:off	5:off	6:off


# chkconfig rspamd on

# chkconfig --list | egrep -i rspamd
rspamd         	0:off	1:off	2:on	3:on	4:on	5:on	6:off



top



Reverse Proxy


apache: httpd-2.2

ProxyPreserveHost On

<Location /rspamd>
    AuthName "Rspamd Access"
    AuthType Basic
    AuthUserFile /etc/httpd/rspamd_passwd
    Require valid-user

    ProxyPass http://127.0.0.1:11334 
    ProxyPassReverse http://127.0.0.1:11334 

    Order allow,deny
    Allow from all 

</Location>


selinux


# setsebool -P httpd_can_network_connect=1


or

# setsebool httpd_can_network_connect_db on


top


IO write error


need to define host explicit !

rspamc -h 127.0.0.1:11334 learn_spam msg3856



top

wrapper



# cat /usr/local/bin/rspamc



#!/bin/sh
/usr/bin/rspamc -h 127.0.0.1:11334 $*



Links
[link1] https://rspamd.com