This is an old revision of the document!
N) Spam filtering
RSpamD is an advanced spam filtering system and email processing framework that allows evaluation of messages by a number of rules including regular expressions, statistical analysis and custom services such as URL black lists. Each message is analysed by Rspamd and given a verdict that might be used by MTA for further processing (e.g. to reject a message, or add a special header indicating spam) along with other information, such as possible DKIM signature or modifications suggested for a message.
Installation
My VPS is pretty ancient and the CPU does not support sse4_2, instructions, so i had to disable hyperscan use flag by writing the following /etc/portage/package.use/rspamd file:
- rspamd
mail-filter/rspamd -hyperscan
Now simply emerge it:
emerge -vp rspamd dev-db/redis
rspamd requires redis, but somehow it doesn't pull it directly.
Configure rspamd
Create /etc/rspamd/local.d/actions.conf:
- actions.conf
# Basic action thresholds reject = 15; # Reject obvious spam add_header = 6; # Add spam headers greylist = 4; # Temporary delay suspicious mail
Configure redis /etc/rspamd/local.d/redis.conf:
# Redis connection for statistics and caching servers = "127.0.0.1:6379";
Setup a controller password for the web interface:
rspamadm pw
Create /etc/rspamd/local.d/worker-controller.inc:
- worker-controller.inc
# Replace with your generated password password = "$2$your_generated_password_here";
Configure redis
Setup redis at least in a basic and secure way /etc/redis/redis.conf:
- redis.conf
# Bind only to localhost for security bind 127.0.0.1 ::1 # Set memory limit maxmemory 500mb maxmemory-policy volatile-ttl
Configure postfix link
Add milter integration to your Postfix configuration in /etc/postfix/main.cf:
# Enable Rspamd milter smtpd_milters = inet:localhost:11332 milter_default_action = accept milter_protocol = 6
Configure Rspamd proxy worker in /etc/rspamd/local.d/worker-proxy.inc:
- worker-proxy.inc
# Enable milter mode for Postfix integration milter = yes; timeout = 120s; upstream "local" { default = yes; self_scan = yes; # Scan messages directly }
Startup
Ensure all the services are running and setup to start on boot:
for i in rspamd redis postfix do rc-update add $i default /etc/init.d/$i restart done
Web interface
Work in progress!!