User Tools

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
email:mailscanner [2025/06/16 09:41] willyemail:mailscanner [2026/04/13 14:52] (current) – [Web interface] willy
Line 1: Line 1:
-====== N) Mail Scanner ======+====== N) Spam filtering ======
  
-[[https://www.mailscanner.info|MailScanner]] is a tool that integrates your mail server (MTA = Postfix) with antivirus scanners and Spam Assassin.+[[https://github.com/rspamd/rspamd|RSpamD]] is an advanced spam filtering system and email processing framework that allows evaluation of messages by number of rules including regular expressions, statistical analysis and custom services such as URL black lists. Each message is analysed by Rspamd and given a verdict that might be used by MTA for further processing (e.g. to reject a message, or add a special header indicating spamalong with other information, such as possible DKIM signature or modifications suggested for a message.
  
-MailScanner Gentoo latest package is obsolete, you must install manually. 
  
-Download generic 'Nix tarball from [[https://github.com/MailScanner/v5/releases|GitHub]] releases page+===== Installation =====
  
-decompress and run install.sh+My VPS is pretty ancient and the CPU does not support sse4_2, instructions, so i had to disable **hyperscan** use flag by writing the following **/etc/portage/package.use/rspamd** file: 
 +<file - rspamd> 
 +mail-filter/rspamd  -hyperscan 
 +</file> 
 + 
 +Now simply emerge it:
 <code bash> <code bash>
-mkdir /opt/mailscanner +emerge -vp rspamd dev-db/redis
-cd /opt/mailscanner +
-wget ... +
-tar xvf <downloaded file> +
-cd MailScanner-xxx +
-./install.sh+
 </code> </code>
  
-follow instructions and answer the various questions.+rspamd requires redis, but somehow it doesn't pull it directly.
  
-MailScanner setup, see [[https://www.mailscanner.info/postfix/|here]]. + 
-/etc/MailScanner.conf: +===== Configure rspamd ===== 
-<code+ 
-Run As User = postfix +Create **/etc/rspamd/local.d/actions.conf**
-Run As Group postfix +<file - actions.conf
-Incoming Queue Dir /var/spool/MailScanner/milterin +# Basic action thresholds 
-Outgoing Queue Dir = /var/spool/MailScanner/milterout +reject 15;        # Reject obvious spam 
-MTA = msmail +add_header 6;     # Add spam headers 
-MSMail Queue Type = short +greylist 4;       # Temporary delay suspicious mail 
-MSMail Delivery Method = QMQP +</file> 
-MSMail Socket Type = inet + 
-MSMail Socket Dir = /var/spool/postfix/public/qmqp +Configure redis **/etc/rspamd/local.d/redis.conf**: 
-MSMail Relay Port = 628 +<file redis.conf> 
-MSMail Relay Address = 127.0.0.1+# Redis connection for statistics and caching 
 +servers "127.0.0.1:6379"; 
 +</file> 
 + 
 +Setup a controller password for the web interface: 
 +<code bash> 
 +rspamadm pw
 </code> </code>
  
-/etc/default:+Create **/etc/rspamd/local.d/worker-controller.inc**: 
 +<file - worker-controller.inc> 
 +# Replace with your generated password 
 +password = "$2$your_generated_password_here"; 
 +</file> 
 + 
 + 
 +===== Configure redis ===== 
 + 
 +Setup redis at least in a basic and secure way **/etc/redis/redis.conf**: 
 +<file - redis.conf> 
 +# Bind only to localhost for security 
 +bind 127.0.0.1 ::1 
 +# Set memory limit 
 +maxmemory 500mb 
 +maxmemory-policy volatile-ttl 
 +</file> 
 + 
 + 
 +===== Configure postfix link ===== 
 + 
 +Add milter integration to your Postfix configuration in **/etc/postfix/main.cf**:
 <code> <code>
-run_mailscanner=1+# Enable Rspamd milter 
 +smtpd_milters inet:localhost:11332 
 +milter_default_action = accept 
 +milter_protocol = 6
 </code> </code>
  
-Postfix setup. +Configure Rspamd proxy worker in **/etc/rspamd/local.d/worker-proxy.inc**
-main.cf+<file - worker-proxy.inc
-<code+Enable milter mode for Postfix integration 
-MailScanner milter +milter = yes; 
-#smtpd_milters inet:127.0.0.1:33333 +timeout = 120s; 
-# MailScanner milter may use QMQP for delivery +upstream "local"
-qmqpd_authorized_clients = 127.0.0.1+  default = yes; 
 +  self_scan = yes;  Scan messages directly 
 +
 +</file> 
 + 
 + 
 +===== Startup ===== 
 + 
 +Ensure all the services are running and setup to start on boot
 +<code bash> 
 +for i in rspamd redis postfix 
 +do 
 + rc-update add $i default 
 + /etc/init.d/$i restart 
 +done
 </code> </code>
-master.cf:+ 
 + 
 +===== Web interface ===== 
 + 
 +By default rspamd web interface is exposed on **http://127.0.0.1:11334/** but of course, you must slap NGINX in front of it. I choose to expose it as **https://mail.mydomain.com/rspamd/** so add the following to your NGINX setup for **mail.mydomain.com**:
 <code> <code>
-628       inet  n             n                   qmqpd+        location /rspamd/ { 
 +                proxy_pass http://127.0.0.1:11334/; 
 +                proxy_redirect    default; 
 +                proxy_set_header  Host $host; 
 +                proxy_set_header  X-Real-IP $remote_addr; 
 +                proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for; 
 +                proxy_set_header  X-Forwarded-Host $server_name; 
 +                proxy_set_header  X-Forwarded-Proto $scheme; 
 +        }
 </code> </code>
 +
 +
 +