Categories
Mail Rspamd Spam Spamassassin

Rspamd for spam filtering

Why rspamd and not spamassassin?

I recently got more and more undetected spam mail, so I was looking around for improvements of my current spamassassin configuration. While doing so I found several articles about rspamd and its ease to set up. So instead of improving my spamassassin configuration I decided to give rspamd a try. Installation on Ubuntu 24.04 is as easy as:

linux # apt install rspamd

Ports used

rspamd is using a bunch of open ports you should know about. Fortunately it is quite chatty about its own processes:

linux # ps -ef | grep rspam
<...> rspamd: main process; 0.1 msg/sec, 0.0 msg/sec spam, 0.1 msg/sec ham; 1.17s avg processing time
<...> rspamd: rspamd_proxy process (*:11332)
<...> rspamd: controller process (*:11334)
<...> rspamd: normal process (*:11333)
<...> rspamd: normal process (*:11333)
<...> rspamd: normal process (*:11333)
<...> rspamd: normal process (*:11333)
<...> rspamd: hs_helper process

As we can see the TCP ports 11332-11334 are exposed.

A basic web interface is provided by the “controller process” on localhost:11334. In order to access it we need to set a password:

linux # rspamadm pw
Enter passphrase: password
$2$kqko1tnda4p6pbx5gf3o6uorcf4dtusw$ffxx631sydocy5ykp6babxitzdtdkamobxjnj6qafx3e8ofry64y

linux # vi /etc/rspamd/local.d/worker-controller.inc 
password "$2$4u9qe6y5s9gkfy7nwmb1r7er8pe49y99$fs7z9jja8oy14ahwu58cbk9m6qdyi9qd7spc1kr8nizsq9bg4czb";
#enable_password "$2$4u9qe6y5s9gkfy7nwmb1r7er8pe49y99$fs7z9jja8oy14ahwu58cbk9m6qdyi9qd7spc1kr8nizsq9bg4czb";

linux # systemctl restart spamd

Having done that, you should be able to access http://localhost:11334 with that password (on a production system you’d probably add a reverse proxy in front of that service):

Screenshot of rspamd: Tab “throughput”

Update: The version of rspamd shipped with Ubuntu 24.04.1 has some problems when switching tabs, so in the end I switched to the docker based installation.

Integration into postfix MTA

I’m currently running postfix/dovecot with spamassassin, so my starting point is an already fully configured setup (sorry for skipping that part):

From that starting point integration is as easy as pointing postfix smtpd_milters to the rspamd_proxy port 11332 (s. here):

linux # vi /etc/postfix/main.cf
<...>
smtpd_milters = inet:localhost:11332
milter_default_action = accept
<...>

Adding DKIM to rspamd

The Ubuntu 24.04.1 rspamd package uses /var/lib/rspamd/dkim/ as default dkim path, however this directory does not exist after package installation. So as a first step let’s fix that:

linux # mkdir /var/lib/rspamd/dkim/
linux # chown _rspamd:_rspamd /var/lib/rspamd/dkim/

Now let’s copy the key once used by opendkim into the right place:

linux # cp /etc/opendkim.d/mydomain.de/default.private /var/lib/rspamd/dkim/mydomain.de.dkim.key
linux # chown _rspamd:_rspamd /var/lib/rspamd/dkim/mydomain.de.dkim.key

Anyway after doing so I tested DKIM (using appmaildev) and DKIM verifikation failed with “permerror (no such key)“. But it also reported that DKIM headers were present in the mail (“DKIM-Signature”, “Signed-by”, “Expected-Body-Hash”), there were no errors logged by rspamd, so the cause was most likely somewhere outside of rspamd.

So I checked the DNS entries required for DKIM:

linux # dig +short -t TXT default._domainkey.mydomain.de
"v=DKIM1; h=sha256; k=rsa; p=MIG<...more key magic here>"

That DNS entry has been there for quite some time and I only now realized, that the name of that entry can be everything (naming it “default” was just done in the tutorial I used when first setting up opendkim). rspamd however uses “dkim” (or “ds” for specific domains) in its sample configs.

This mismatch caused the above errors (wrong DNS lookup by receiving side), so by changing the selector name for my domain things started working:

linux # vi /etc/rspamd/local.d/dkim_signing.conf
  # Domain specific settings
  domain {
    mydomain.de {
      selectors [
        { # Private key path
          path = "/var/lib/rspamd/dkim/mydomain.de.dkim.key";
          selector = "default";
        }
      ]
    }
  }

Conclusion (preliminary)

My first impression: setup is really quite easy (even the DKIM part would have worked more or less out of the box (when done right)).

Now let’s wait and see how well spam detection performs …

Update

After running rspamd for about 6 weeks I can confirm the first impression. I didn’t get a single (non-detected) spam mail since then.

Screenshot of rspamd statistics
Screenshot of rspamd statistics

Leave a Reply

Your email address will not be published. Required fields are marked *