The King is dead long live Rspamd!
Rspamd is a very fast spam filtering system, it replaces mailscanner-spamassassin or amavisd-new.
Did I say it's fast? indeed you will no longer experience delays with the mail queue.
This is an efficient mail scanner!
Rspamd needs to be run from the MTA (smtp mail server) such as Sendmail, Postfix, Exim ...
I will be using Sendmail since it comes already installed with FreeBSD.
You will also need to install the following packages:
mail/rmilter an RMILTER only if you use Sendmail or Postfix
databases/redis a fast in-memory database
mail/dcc-dccd to test the bulkiness of mail messages
security/clamav an antivirus
Installing those packages is as simple as:
Now onto configuring:
- Configuring the Milter
Notice: this is only necessary if you are using Sendmail or mail/postfix.
In our case, we are using Sendmail:
Look for your mail configuration folder /etc/mail/
If you don't already have your custom sendmail configs, "make" them:
This will create two configuration files for Sendmail:
/etc/mail/your-hostname.example.com.mc and /etc/mail/your-hostname.example.com.submit.mc
Look at the bottom of your /etc/mail/your-hostname.example.com.mc
and edit it:
Almost at the bootom of the file add the two lines like so:
Then you need to re-make Sendmail
Now we need to customize rmilter look for the file /usr/local/etc/rmilter.conf
We will disable Limits, Greylisting and DKIM functionality in the milter because we will let Rspam take care of those tasks:
Schedule rmilter to be started automatically:
And start rmilter:
- Configuring Rdis
There isn't much to do here, just start the database:
Schedule Redis to be started automatically:
And start Redis:
- Configuring ClamAV antivirus
We just want to start the ClamAV daemon and Freshclam to update the signatures:
Schedule the antivirus to start automatically:
Start the antivirus and the updater:
- Configuring DCC-DCCD to check mail bulkiness
Customize the configuration file:
Change or uncomment the following variables in file:
/usr/local/dcc/dcc_conf
You will need to regularly clean the log files in /usr/local/dcc/log/
You can add the following in the root crontab:
Schedule dccifd to start automatically:
Start the dccifd:
- Configuring the local name server
Rspamd needs a very fast resolver because it does multiple RBLs and many DNS queries for the same message.
FreeBSD has a fast and lean caching DNS resolver. We just want to start it:
Schedule the nameserver to start automatically:
Start the nameserver:
Use the local nameserver as the only resolver. Anything else is just too slow.
- Configuring Rspamd
Rspamd uses multiple configurations files located in /usr/local/etc/rspamd/
The developper suggests not to edit the configuration files but to make additions or overrides in supplementary files namely:
/usr/local/etc/rspamd/rspamd.conf.local
/usr/local/etc/rspamd/local.d/
- Activate the log_helper. This will activate the Neural Network Module
- Direct Rspamd to use the antivirus:
- Activate the BAYES classifier:
- Activate the DCC mail bulkiness module:
-Add a list of whitlisted domains to bypass greylisting:
-Activate mx_check module:
-Activate phishing module:
- Define the local Redis server:
- assign redirectors:
-Activate url_reputation module:
-Activate url_tags module:
- For security, don't allow the local Web User-Interface to be accessible from outside.
Bind it to the localhost:
You will be able to access the Web interface buy creating an ssh tunnel like so:
Then access the URL in your browser: http://localhost:11334
Schedule Rspamd to start automatically:
Start rspamd:
Then, make sure to restart your Sendmail:
=============
Troubleshooting:
Look at the following log files for troubleshooting:
/var/log/maillog
/var/log/rspamd/rspamd.log
/var/log/redis/redis.log
To check if the configuration is sane:
To review the configuration:
Everytime you edit the configuration, you can reload without restarting the process:
Rspamd is a very fast spam filtering system, it replaces mailscanner-spamassassin or amavisd-new.
Did I say it's fast? indeed you will no longer experience delays with the mail queue.
This is an efficient mail scanner!
Rspamd needs to be run from the MTA (smtp mail server) such as Sendmail, Postfix, Exim ...
I will be using Sendmail since it comes already installed with FreeBSD.
You will also need to install the following packages:
mail/rmilter an RMILTER only if you use Sendmail or Postfix
databases/redis a fast in-memory database
mail/dcc-dccd to test the bulkiness of mail messages
security/clamav an antivirus
Installing those packages is as simple as:
pkg install mail/rmilter mail/rspamd databases/redis mail/dcc-dccd security/clamavNow onto configuring:
- Configuring the Milter
Notice: this is only necessary if you are using Sendmail or mail/postfix.
In our case, we are using Sendmail:
Look for your mail configuration folder /etc/mail/
If you don't already have your custom sendmail configs, "make" them:
Code:
cd /etc/mail
make
make install/etc/mail/your-hostname.example.com.mc and /etc/mail/your-hostname.example.com.submit.mc
Look at the bottom of your /etc/mail/your-hostname.example.com.mc
and edit it:
ee /etc/mail/your-hostname.example.com.mcAlmost at the bootom of the file add the two lines like so:
Code:
[...]
define(`confBIND_OPTS', `WorkAroundBrokenAAAA')
define(`confNO_RCPT_ACTION', `add-to-undisclosed')
define(`confPRIVACY_FLAGS', `authwarnings,noexpn,novrfy')
dnl //insert the rmilter config to pipe the message to rspamd
MAIL_FILTER(`rmilter', `S=unix:/var/run/rmilter/rmilter.sock, F=T')
define(`confINPUT_MAIL_FILTERS', `rmilter')
dnl //
MAILER(local)
MAILER(smtp)Then you need to re-make Sendmail
Code:
cd /etc/mail
make
make installNow we need to customize rmilter look for the file /usr/local/etc/rmilter.conf
We will disable Limits, Greylisting and DKIM functionality in the milter because we will let Rspam take care of those tasks:
ee /usr/local/etc/rmilter.conf
Code:
[...]
limits {
enabled = no
[...]
greylisting {
enabled = no
[...]
dkim {
enabled = no
[...]Schedule rmilter to be started automatically:
sysrc rmilter_enable=YESAnd start rmilter:
service rmilter start- Configuring Rdis
There isn't much to do here, just start the database:
Schedule Redis to be started automatically:
sysrc redis_enable=YESAnd start Redis:
service redis start- Configuring ClamAV antivirus
We just want to start the ClamAV daemon and Freshclam to update the signatures:
Schedule the antivirus to start automatically:
sysrc clamav_clamd_enable=YES sysrc clamav_freshclam_enable=YESStart the antivirus and the updater:
service clamav_clamd start service clamav_freshclam start- Configuring DCC-DCCD to check mail bulkiness
Customize the configuration file:
Change or uncomment the following variables in file:
/usr/local/dcc/dcc_conf
Code:
DCCM_LOG_AT=NEVER
DCCM_REJECT_AT=MANY
DCCIFD_ENABLE=onYou will need to regularly clean the log files in /usr/local/dcc/log/
You can add the following in the root crontab:
Code:
# delete dcc log files sometimes at night
33 05 * * * /usr/bin/find /usr/local/dcc/log/ -not -newermt '1 days ago' -deleteSchedule dccifd to start automatically:
sysrc dccifd_enable=YESStart the dccifd:
service dccifd start- Configuring the local name server
Rspamd needs a very fast resolver because it does multiple RBLs and many DNS queries for the same message.
FreeBSD has a fast and lean caching DNS resolver. We just want to start it:
Schedule the nameserver to start automatically:
sysrc local_unbound_enable=YESStart the nameserver:
service local_unbound startUse the local nameserver as the only resolver. Anything else is just too slow.
ee /etc/resolv.conf
Code:
domain example.com
nameserver 127.0.0.1Rspamd uses multiple configurations files located in /usr/local/etc/rspamd/
The developper suggests not to edit the configuration files but to make additions or overrides in supplementary files namely:
/usr/local/etc/rspamd/rspamd.conf.local
/usr/local/etc/rspamd/local.d/
- Activate the log_helper. This will activate the Neural Network Module
ee /usr/lcoal/etc/rspamd/rspamd.conf.local
Code:
worker {
type = "log_helper";
count = 1;
}- Direct Rspamd to use the antivirus:
ee /usr/lcoal/etc/rspamd/local.d/antivirus.conf
Code:
clamav {
attachments_only = false;
action = "reject";
servers = "/var/run/clamav/clamd.sock";
}- Activate the BAYES classifier:
ee /usr/lcoal/etc/rspamd/local.d/classifier-bayes.conf
Code:
autolearn = true;
backend = "redis";- Activate the DCC mail bulkiness module:
ee /usr/lcoal/etc/rspamd/local.d/dcc.conf
Code:
host = "/usr/local/dcc/dccifd";
timeout = 5.0;-Add a list of whitlisted domains to bypass greylisting:
ee /usr/lcoal/etc/rspamd/local.d/greylist-whitelist-domains.inc
Code:
hotmail.com
gmail.com
google.com
your-own-domain.com
...-Activate mx_check module:
ee /usr/lcoal/etc/rspamd/local.d/mx_check.conf
Code:
enabled = true;-Activate phishing module:
ee /usr/lcoal/etc/rspamd/local.d/phishing.conf
Code:
openphish_enabled = true;
phishtank_enabled = true;
phishtank_map = "https://rspamd.com/phishtank/online-valid.json.zst";- Define the local Redis server:
ee /usr/lcoal/etc/rspamd/local.d/redis.conf
Code:
servers = "127.0.0.1";- assign redirectors:
ee /usr/lcoal/etc/rspamd/local.d/surbl.conf
Code:
redirector_hosts_map = "/usr/local/etc/rspamd/redirectors.inc";-Activate url_reputation module:
ee /usr/lcoal/etc/rspamd/local.d/url_reputation.conf
Code:
enabled = true;-Activate url_tags module:
ee /usr/lcoal/etc/rspamd/local.d/url_tags.conf
Code:
enabled = true;- For security, don't allow the local Web User-Interface to be accessible from outside.
Bind it to the localhost:
ee /usr/lcoal/etc/rspamd/local.d/worker-normal.inc
Code:
bind_socket = "localhost:11333"; ssh -L 11334:localhost:11334 your-rspamd-host.example.comThen access the URL in your browser: http://localhost:11334
Schedule Rspamd to start automatically:
sysrc rspamd_enable=YESStart rspamd:
service rspamd startThen, make sure to restart your Sendmail:
service sendmail restart=============
Troubleshooting:
Look at the following log files for troubleshooting:
/var/log/maillog
/var/log/rspamd/rspamd.log
/var/log/redis/redis.log
To check if the configuration is sane:
rspamdadm configtestTo review the configuration:
rspamadm configdumpEverytime you edit the configuration, you can reload without restarting the process:
service rspamd reload