Differences

This shows you the differences between two versions of the page.

--- email:mailscanner [2025/06/16 09:51] – willy
+++ email:mailscanner [2026/04/13 14:52] (current) – [Web interface] willy
@@ Line 1: / Line 1: @@
-====== N) Mail Scanner ======
+====== N) Spam filtering ======
-[[https://www.mailscanner.info|MailScanner]] is a tool that integrates your mail server (MTA = Postfix) with antivirus scanners and Spam Assassin.
+[[https://github.com/rspamd/rspamd|RSpamD]] is an advanced spam filtering system and email processing framework that allows evaluation of messages by a number of rules including regular expressions, statistical analysis and custom services such as URL black lists. Each message is analysed by Rspamd and given a verdict that might be used by MTA for further processing (e.g. to reject a message, or add a special header indicating spam) along with other information, such as possible DKIM signature or modifications suggested for a message.
-MailScanner Gentoo latest package is obsolete, you must install manually.
-Download generic 'Nix tarball from [[https://github.com/MailScanner/v5/releases|GitHub]] releases page
+===== Installation =====
-decompress and run install.sh
+My VPS is pretty ancient and the CPU does not support sse4_2, instructions, so i had to disable **hyperscan** use flag by writing the following **/etc/portage/package.use/rspamd** file:
+<file - rspamd>
+mail-filter/rspamd  -hyperscan
+</file>
+Now simply emerge it:
 <code bash>
-mkdir /opt/mailscanner
+emerge -vp rspamd dev-db/redis
-cd /opt/mailscanner
-wget ...
-tar xvf <downloaded file>
-cd MailScanner-xxx
-./install.sh
-ln -s /usr/lib/MailScanner/init/msmilter-init /etc/init.d/
-rc-update add msmilter-init default
 </code>
-follow instructions and answer the various questions.
+rspamd requires redis, but somehow it doesn't pull it directly.
-MailScanner setup, see [[https://www.mailscanner.info/postfix/|here]].
-/etc/MailScanner.conf:
-<code>
-Run As User = postfix
-Run As Group = postfix
-Incoming Queue Dir = /var/spool/MailScanner/milterin
-Outgoing Queue Dir = /var/spool/MailScanner/milterout
-MTA = msmail
-MSMail Queue Type = short
-MSMail Delivery Method = QMQP
-MSMail Socket Type = inet
-MSMail Socket Dir = /var/spool/postfix/public/qmqp
-MSMail Relay Port = 628
-MSMail Relay Address = 127.0.0.1
-</code>
-/etc/default:
+===== Configure rspamd =====
-<code>
-run_mailscanner=1
-</code>
-Postfix setup.
+Create **/etc/rspamd/local.d/actions.conf**:
-main.cf:
+<file - actions.conf>
-<code>
+# Basic action thresholds
-# MailScanner milter
+reject = 15;        # Reject obvious spam
-#smtpd_milters = inet:127.0.0.1:33333
+add_header = 6;     # Add spam headers
-# MailScanner milter may use QMQP for delivery
+greylist = 4;       # Temporary delay suspicious mail
-qmqpd_authorized_clients = 127.0.0.1
+</file>
-</code>
-master.cf:
+Configure redis **/etc/rspamd/local.d/redis.conf**:
-<code>
+<file redis.conf>
-       inet  n       -       n       -       -       qmqpd
+# Redis connection for statistics and caching
+servers = "127.0.0.1:6379";
+</file>
+Setup a controller password for the web interface:
+<code bash>
+rspamadm pw
 </code>
+Create **/etc/rspamd/local.d/worker-controller.inc**:
+<file - worker-controller.inc>
+# Replace with your generated password
+password = "$2$your_generated_password_here";
+</file>
-====== Install MailWatch ======
-[[https://mailwatch.org/|here]].
+===== Configure redis =====
-Follow docs [[https://docs.mailwatch.org/install/installing.html|here]].
+Setup redis at least in a basic and secure way **/etc/redis/redis.conf**:
+<file - redis.conf>
+# Bind only to localhost for security
+bind 127.0.0.1 ::1
+# Set memory limit
+maxmemory 500mb
+maxmemory-policy volatile-ttl
+</file>
-/etc/MailScanner/MailScanner.conf:
+===== Configure postfix link =====
+Add milter integration to your Postfix configuration in **/etc/postfix/main.cf**:
 <code>
-Always Looked Up Last = &MailWatchLogging
+# Enable Rspamd milter
-Detailed Spam Report = yes
+smtpd_milters = inet:localhost:11332
-Quarantine Whole Message = yes
+milter_default_action = accept
-Quarantine Whole Messages As Queue Files = no
+milter_protocol = 6
-Include Scores In SpamAssassin Report = yes
-Quarantine User = root
-Quarantine Group = apache (this should be the same group as your web server)
-Quarantine Permissions = 0660
 </code>
-Set queues permissions:
+Configure Rspamd proxy worker in **/etc/rspamd/local.d/worker-proxy.inc**:
+<file - worker-proxy.inc>
+# Enable milter mode for Postfix integration
+milter = yes;
+timeout = 120s;
+upstream "local" {
+  default = yes;
+  self_scan = yes;  # Scan messages directly
+}
+</file>
+===== Startup =====
+Ensure all the services are running and setup to start on boot:
 <code bash>
-usermod -a -G postfix apache
+for i in rspamd redis postfix
-chmod g+rx /var/spool/postfix/hold
+do
-chmod g+rx /var/spool/postfix/incoming/
+ rc-update add $i default
-chgrp postfix /var/spool/postfix/incoming
+ /etc/init.d/$i restart
-chgrp postfix /var/spool/postfix/hold
+done
 </code>
+===== Web interface =====
+By default rspamd web interface is exposed on **http://127.0.0.1:11334/** but of course, you must slap NGINX in front of it. I choose to expose it as **https://mail.mydomain.com/rspamd/** so add the following to your NGINX setup for **mail.mydomain.com**:
+<code>
+        location /rspamd/ {
+                proxy_pass http://127.0.0.1:11334/;
+                proxy_redirect    default;
+                proxy_set_header  Host $host;
+                proxy_set_header  X-Real-IP $remote_addr;
+                proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;
+                proxy_set_header  X-Forwarded-Host $server_name;
+                proxy_set_header  X-Forwarded-Proto $scheme;
+        }
+</code>

Willy's Wiki

User Tools

Differences