Rockstable Wiki:

rspamd

About

Fast, free and open-source spam filtering system.

Rspamd filtering system is designed to be fast, modular and easily scalable system. Rspamd core is written in C language using event driven processing model. Plugins for rspamd can be written in Lua programming language. Rspamd is designed to process connections completely asynchronous and do not block anywhere in code.

Please see:

Installation

   1 aptitude install rspamd redis

   1 rspamadm configdump|less

Configuration

redis backend for Bayes-Filter

Change Bayes-filter backend to redis (Default: SQLite)

/etc/rspamd/local.d/classifier-bayes.conf

   1 backend = "redis";

worker-controller

Create passwords for read-only and write access with rspamadm pw

   1 rspamadm pw
   2 Enter passphrase:
   3 $2$dc3s6ifn37iccs1tmnk74hzwxb6gpcbn$qak7a9wy1wcom7f99hwtxf1t3nxcht5pfsyd4t7w46qxrqofswgy
   4 rspamadm pw
   5 Enter passphrase:
   6 $2$6zfmwfmsebg31wwtrkxuezjuiiymddhi$6mbejg5camddsg1fqeu1oh1jnd15p1qsk1jbfkyzj97b5qbb8q5b

Change passwords for website

/etc/rspamd/local.d/worker-controller.inc

   1 ### RSPAMD local.d config
   2 
   3 count = 1;
   4 
   5 # password for read-only commands
   6 password = "$2$dc3s6ifn37iccs1tmnk74hzwxb6gpcbn$qak7a9wy1wcom7f99hwtxf1t3nxcht5pfsyd4t7w46qxrqofswgy";
   7 # password for write commands
   8 enable_password: "$2$6zfmwfmsebg31wwtrkxuezjuiiymddhi$6mbejg5camddsg1fqeu1oh1jnd15p1qsk1jbfkyzj97b5qbb8q5b";
   9 # list or map with IP addresses that are treated as secure so all commands are allowed from these IPs without passwords
  10 secure_ip = "127.0.0.1";
  11 secure_ip = "::1";
  12 # directory where interface static files are placed (usually ${WWWDIR})
  13 static_dir = "${WWWDIR}";
  14 # path where controller save persistent stats about rspamd (such as scanned messages count)
  15 #stats_path =

Check Webfrontend (over ssh-tunnel)

   1 ssh -L 8080:localhost:11334 mx1.rockstable.it

Then simply call in your browser: http://localhost:8080/

DomainKeys Identified Mail (DKIM)

http://dkim.org/

Configure DKIM

   1 install -o root -g _rspamd -m 2710 \
   2         -d /var/lib/rspamd/dkim
   3 
   4 DOMAIN="rockstable.it"
   5 SELECTOR="$(date +%Y)"
   6 DKIM_PATH="/var/lib/rspamd/dkim"
   7 DKIM_FILE="$DKIM_PATH/$DOMAIN.$SELECTOR"
   8 rspamadm dkim_keygen \
   9         -b 2048 -s "$SELECTOR" \
  10         -k "$DKIM_FILE".pem \
  11         | tee "$DKIM_FILE".txt
  12 2019._domainkey IN TXT ( "v=DKIM1; k=rsa; "
  13         "p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm1b+tmkhLzUAW0p2PpePX5XOXBqPobfUnkyEmcc4QJ6WArk67m8CSO1KStZMbK2PC81hWtSoMf4S0qprfn30ARRvlqMJYGuyE26Tk4yYZvG7oS6tszEB9HKe88SEjD6Ax6YMFtcNAZctd9kcjfLZI7YmTJXKkGaxJH8qNklr5oXco5Ka2ZQuSQKiOCiDoffeck6yQSNdMIH77GXzw"
  14         "K+g2v6dab57FSOFzbNXWEkdfqZd9Ig12/vLBhPQ4gWxlpeHKR/y6LLZXfi3xBS5XtWVrt6PHqYhsLt39X0lwJosoFGcq6AfUaCgTljHq1fhkvR5cS+JJ14dpTZ6cqnbii9V2QIDAQAB"
  15 ) ;

/etc/rspamd/local.d/dkim_signing.conf

   1 # If true, username does not need to contain matching domain                                                                                                                 
   2 ### ENABLE DKIM SIGNING FOR ALIAS SENDER ADDRESSES                                                                                                                           
   3 allow_username_mismatch = true;                                                                                                                                              
   4                                                                                                                                                                              
   5 # Default selector to use                                                                                                                                                    
   6 # UNIFY TO REUSE CONFIG FOR DMARC                                                                                                                                            
   7 selector = "2019";                                                                                                                                                           

Configure your TXT Record in DNS as in file

/var/lib/rspamd/dkim/rockstable.it.2019.txt

   1 $TTL    86400
   2 $ORIGIN rockstable.it.
   3 
   4 ; SOA RECORD WITH INCREMENTED SERIAL OMITTED
   5 
   6 ; DKIM DOMAINKEY
   7 2019._domainkey         TXT     ( "v=DKIM1; k=rsa; "
   8         "p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5Ld6R37vRthQgqQlLkWs+HDxPNz/sTn/qCQooBtWMlTjz3487TM7owU4ryEg1RKsflxPvZrxcDnEthib6ckiH4LpFRYdK3kCkpoCNshPZruXcY0fV+Qv/pJ12nlKBe7jTcqAVhvbh/P6eyYdERCuDFN6yiWJtjKOKgt4sKZHtSR12ZPlPLHguR9C+rXQzoNbV69WaWOo0HpDaPEvj"
   9         "ZRXawEBfczQ7ArYzEu6V737PIlsBdEK29Jg/rQozBBN3ZzrfdR3gFHYytDZimVdx7rZ2KIvFR+E1l+EQnjw8EW/6Hk5yCjCr0HcgnWPJ88enNOS2EifhYLp8Wyocj+UFBcY1QIDAQAB"
  10 ) ;

Reload rspamd

   1 systemctl reload rspamd.service

Check it!

Authenticated Received Chain (ARC)

Just link to dkim_signing.conf because they are using the same backend for handling signatures.

   1 cd /etc/rspamd/local.d
   2 ln -s dkim_signing.conf arc.conf

Integration with MTA

For integration with Postfix, please return to postfix#rspamd

Rockstable Wiki: rspamd (last edited 2019-12-12 12:01:08 by RockStable)