Installation and Configuration Rspamd - martinschaible/rspamd-installation-for-smartermail GitHub Wiki

Installation Rspamd

The installation itself is quite simple. We will install the latest stable version of Rspamd from its official repository. First we need to download the product. Depending the OS you use, this page should be read: Rspamd Downloads.

For AlmaLinux 8 we continue with this:

curl https://rspamd.com/rpm-stable/centos-8/rspamd.repo > /etc/yum.repos.d/rspamd.repo
rpm --import https://rspamd.com/rpm-stable/gpg.key

Then we update the system and the installation can be started:

dnf update
dnf install rspamd

The product should start at startup of the server:

systemctl enable rspamd

:point_up: Rspamd is ready now to startup. First we have to apply a valid configuration.

Directories

Rspamd lives in the following directories:

:file_folder: /etc/rspamd/local.d :file_folder: /etc/rspamd/maps.d :file_folder: /etc/rspamd/modules.d :file_folder: /etc/rspamd/override.d :file_folder: /etc/rspamd/scores.d :file_folder: /usr/share/rspamd :file_folder: /var/lib/rspamd

:heavy_exclamation_mark: We only change files in the folders /etc/rspamd/local.d and /etc/rspamd/override.d:heavy_exclamation_mark:

Rspamd offers a cool system to apply changes by extending existing configuration files.

Btw: Rspamd saves scores for certain symbols, which we can change in the WebGUI under "Symbols" in the file /var/lib/rspamd/rspamd_dynamic.

Configuration Rspamd

After starting Rspamd, i had many errors related to Redis in the log. Replacing localhost with 127.0.0.1 did help. Create the new file /etc/rspamd/local.d/redis.conf and these two settings:

read_servers = "127.0.0.1:6379";
write_servers = "127.0.0.1:6379";

Originally the timeout is set to one second and the numbers of sockets is set to 16. We are increasing the values by creating the file /etc/rspamd/local.d/options.conf:

dns {
    timeout = 10s;
    sockets = 32;
    retransmits = 5;
}

We need to change the backend for statistics from sqlite to redis by creating the file /etc/rspamd/local.d/classifier-bayes.conf. Add these settings:

servers = "127.0.0.1";
backend = "redis";

Rspamd rejects mails after reaching a score of 15. I think, that rejecting mails is a very bad idea and can cause legal problems. Therefore i have set the score to a very high value by creating the file /etc/rspamd/local.d/actions.conf:

reject = 100;

SmarterMail is probably in charge for dealing with Greylisting, DMARC and DKIM. These services can be disabled in Rspamd by adding these new files:

  • /etc/rspamd/local.d/greylist.conf
  • /etc/rspamd/local.d/dkim.conf
  • /etc/rspamd/local.d/dkim_signing.conf
  • /etc/rspamd/local.d/dmarc.conf

Add this line:

enabled = false;

Also the module RBL could be disabled, but it makes sense to let it active to see, how it they are and how the score works.

Now the password for accessing the WebGui must be set. This will be done on the shell with the commandline administration tool. Enter this:

rspamadm pw

You will be asked to enter a passphrase. The result is a encrypted password. Create the file /etc/rspamd/local.d/worker-controller.inc and enter the password:

password = "$1$jhicbyeuiktgikkks7in6mecr5bycmok$boniuegw5zfc77pfbqf14bjdxmzd3yajnngwdekzwhjk1daqjixb";

Rspamd talks with the mailserver over the same URL like the WebGUI. Therefore we have add the IP address of the mail server as secure IP address to the file /etc/rspamd/local.d/worker-controller.inc:

secure_ip = "127.0.0.1, xxx.xxx.xxx.xxx";

127.0.0.1 needs to be added to!

I'm not sure, if this is really needed: I have added the file /etc/rspamd/local.d/worker-normal.inc with this setting:

bind_socket = "127.0.0.1:11333";

Probably this binding is set by default.

First Start!

Let's start Rspamd and see what happens. :arrow_right: After starting, check the log file var/log/rspamd/rspamd.log. Watchout for any errors.

systemctl start rspamd

Then we check if Rspamd answers to requests:

curl 127.0.0.1:13344

The markup of the WebGui should be visible. Then we enter this:

curl 127.0.0.1:13344/checkv2

Rspamd dumps some results:

{"is_skipped":false,"score":0.0,"required_score":100.0,"action":"no action","thresholds":{"reject":100.0,"add header":6.0,"greylist":4.0},"symbols":{},"messages":{},"time_real":0.003437,"milter":{"remove_headers":{"X-Spam":0}}}

So far so good.

Let's see, if our changes we made are really there:

rspamadm configdump -m

You will see a list of enabled and disbaled modules.

If you want to see more, we can dump the configuration into a file:

rspamadm configdump > /etc/rspamd/configdump.txt"

At this time, Rspamd is not able to communicate with our SmarterMail-Server. Also the WebGUI isn't available from the outside. The port 11334 is bound to localhost only. We need now a reverse proxy!