rspamd
Contents
About
Fast, free and open-source spam filtering system.
Rspamd filtering system is designed to be fast, modular and easily scalable system. Rspamd core is written in C language using event driven processing model. Plugins for rspamd can be written in Lua programming language. Rspamd is designed to process connections completely asynchronous and do not block anywhere in code.
Please see: https://rspamd.com/
Installation
1 aptitude install rspamd redis
1 rspamadm configdump|less
Configuration
redis Backend for Bayes-Filter
- Default is sqlite3
- Change Bayes-filter backend to redis:
/etc/rspamd/local.d/classifier-bayes.conf
1 backend = "redis";
worker-controller
Create passwords for read-only and write access with rspamadm pw
Change passwords for website: /etc/rspamd/local.d/worker-controller.inc
1 ### RSPAMD local.d config
2
3 count = 1;
4
5 # password for read-only commands
6 password = "$2$dc3s6ifn37iccs1tmnk74hzwxb6gpcbn$qak7a9wy1wcom7f99hwtxf1t3nxcht5pfsyd4t7w46qxrqofswgy";
7 # password for write commands
8 enable_password: "$2$6zfmwfmsebg31wwtrkxuezjuiiymddhi$6mbejg5camddsg1fqeu1oh1jnd15p1qsk1jbfkyzj97b5qbb8q5b";
9 # list or map with IP addresses that are treated as secure so all commands are allowed from these IPs without passwords
10 secure_ip = "127.0.0.1";
11 secure_ip = "::1";
12 # directory where interface static files are placed (usually ${WWWDIR})
13 static_dir = "${WWWDIR}";
14 # path where controller save persistent stats about rspamd (such as scanned messages count)
15 #stats_path =
- Check Webfrontend (over ssh-tunnel)
1 ssh -L 8080:localhost:11334 mx1.rockstable.it
Then simply call in your browser: http://localhost:8080/
DomainKeys Identified Mail (DKIM)
Configure DKIM
1 install -o root -g _rspamd -m 2710 -d /var/lib/rspamd/dkim
2
3 DOMAIN="rockstable.it"
4 SELECTOR="$(date +%Y)"
5 DKIM_PATH="/var/lib/rspamd/dkim"
6 DKIM_FILE="$DKIM_PATH/$DOMAIN.$SELECTOR"
7 rspamadm dkim_keygen -b 2048 -s "$SELECTOR" -k "$DKIM_FILE".pem \
8 | tee "$DKIM_FILE".txt
9 2019._domainkey IN TXT ( "v=DKIM1; k=rsa; "
10 "p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm1b+tmkhLzUAW0p2PpePX5XOXBqPobfUnkyEmcc4QJ6WArk67m8CSO1KStZMbK2PC81hWtSoMf4S0qprfn30ARRvlqMJYGuyE26Tk4yYZvG7oS6tszEB9HKe88SEjD6Ax6YMFtcNAZctd9kcjfLZI7YmTJXKkGaxJH8qNklr5oXco5Ka2ZQuSQKiOCiDoffeck6yQSNdMIH77GXzw"
11 "K+g2v6dab57FSOFzbNXWEkdfqZd9Ig12/vLBhPQ4gWxlpeHKR/y6LLZXfi3xBS5XtWVrt6PHqYhsLt39X0lwJosoFGcq6AfUaCgTljHq1fhkvR5cS+JJ14dpTZ6cqnbii9V2QIDAQAB"
12 ) ;
/etc/rspamd/local.d/dkim_signing.conf
Configure your TXT Record in DNS as in /var/lib/rspamd/dkim/rockstable.it.2019.txt
1 $TTL 86400
2 $ORIGIN rockstable.it.
3
4 ; SOA RECORD WITH INCREMENTED SERIAL OMITTED
5
6 ; DKIM DOMAINKEY
7 2019._domainkey TXT ( "v=DKIM1; k=rsa; "
8 "p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5Ld6R37vRthQgqQlLkWs+HDxPNz/sTn/qCQooBtWMlTjz3487TM7owU4ryEg1RKsflxPvZrxcDnEthib6ckiH4LpFRYdK3kCkpoCNshPZruXcY0fV+Qv/pJ12nlKBe7jTcqAVhvbh/P6eyYdERCuDFN6yiWJtjKOKgt4sKZHtSR12ZPlPLHguR9C+rXQzoNbV69WaWOo0HpDaPEvj"
9 "ZRXawEBfczQ7ArYzEu6V737PIlsBdEK29Jg/rQozBBN3ZzrfdR3gFHYytDZimVdx7rZ2KIvFR+E1l+EQnjw8EW/6Hk5yCjCr0HcgnWPJ88enNOS2EifhYLp8Wyocj+UFBcY1QIDAQAB"
10 ) ;
Reload rspamd
1 systemctl reload rspamd.service
Check it!
Authenticated Received Chain (ARC)
Just link to dkim_signing.conf because they are using the same backend for handling signatures.
Integrate with MTA
For integration with Postfix, please return to postfix#rspamd