rspamd guide for stupid people

Sophie Loe

unread,

Dec 1, 2017, 10:10:38 AM12/1/17

to rspamd

Hi,

Previously I used OpenDKIM + Pyzor + SA + SA-milter on postfix and it worked well and was easy to configure. I had postfix also deliver to LDA ( Spamassassin and then Dovecot) All X-Spam + DKIM headers were attached. It is easy to set up.

Clearly rspamd is aimed at intelligent people and that's not me. I admit it. Ms. Stupid here. Rspamd makes no sense to me and rather resembles the move from Dovecot 1 to Dovecot 2 :) Requires more a devleoper mindset than a system admin setting a programme up. This generation is far brighter than mine.

Is there an idiot's guide for configuring this as a postfix milter and getting this to work? I've not managed to get much working - as in postfix sends to rpsamd. Rspamd scans but nothing else. I managed a X-Spam=yes header on some random emails, but I have no idea how this happened.

Best wishes, S.

P.S this not a sarcastic email.

Thomas Leuxner

unread,

Dec 1, 2017, 12:00:52 PM12/1/17

to rsp...@googlegroups.com

* Sophie Loe <1sophiel...@gmail.com> 2017.12.01 16:10:

> Is there an idiot's guide for configuring this as a postfix milter and
> getting this to work? I've not managed to get much working - as in postfix
> sends to rpsamd. Rspamd scans but nothing else. I managed a X-Spam=yes
> header on some random emails, but I have no idea how this happened.

Most values can be set using the local.d directory. For instance if you look at modules.d/milter_headers.conf you will find includes like this:

[...]
.include(try=true,priority=1,duplicate=merge) "$LOCAL_CONFDIR/local.d/milter_headers.conf"

You can put modified settings in a file there and they will be merged with the default config. The snippet below adds a header to scanned mails including your hostname:

# cat /etc/rspamd/local.d/milter_headers.conf
use = ["x-rspamd-server"];
routines {
x-rspamd-server {
header = "X-Rspamd-Server";
remove = 1;
}
}

https://rspamd.com/doc/quickstart.html#configuring-rspamd
https://rspamd.com/doc/workers/rspamd_proxy.html

To define your custom spam flag, which is added when a mail is classified as spam you could use this configuration on the worker-proxy:

# cat /etc/rspamd/local.d/worker-proxy.inc
bind_socket = "127.0.0.1:11332";
milter = yes; # Enable milter mode
timeout = 120s; # Needed for Milter usually
spam_header = "X-Spam-Flag-Your-Custom-Name";
upstream "local" {
default = yes; # Self-scan upstreams are always default
self_scan = yes; # Enable self-scan
}
https://rspamd.com/doc/modules/milter_headers.html

There are more options to add scores similar to what SA did in your old setup in the link above.

Regards
Thomas

signature.asc

Sophie Loe

unread,

Dec 1, 2017, 12:11:44 PM12/1/17

to rsp...@googlegroups.com

Thanks Thomas for the tips. I copied them into my local.d files and restarted.

I’m seeing headers for arc and dkim appeaded but not those.

ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=example.com;

	s=arc; t=1512148092;

	h=from:subject:date:message-id:to:mime-version:content-type:content-transfer-encoding:in-reply-to:references;

	bh=O3idrBwNFHUG4BwWjHATr/UCtrLhIlkoTJdaMYYaQEQ=;

	b=JGDgj5IPAh+G6OVkk03zap1tY5x0RDqFC/h5qwgWszMbl7xmUD9ln394BFrm6KUn9U16/1

	hxHQR5dcTED/gkWvHAvXxFywUf54YG4RYzgJPLt/PoKU+0FHayV7GLsDbliZOgByunK7pO

	nuhI2J5hoN0NHe4n231Fo33M2fUK8Co=

ARC-Seal: i=1; s=arc; d=example.com; t=1512148092; a=rsa-sha256; cv=none;

	b=APzZVKElwnEIiI3CFCzhQOKNwCBxe9YVcEAh4FbU6hOsXgKoE+hQ8CnGcHY4XgmjlPgn0vKtZDP16e3dJbjVc4iXNl5QvjfOzTR9E7tkXiI4ZrZw3ERjGkSUZAhlDHUroSIZuJS3upbGaI32aoONnIFm8Rlg0ROtzAJZFlrP/24=

ARC-Authentication-Results: i=1; auth=pass smtp.auth=sop...@example.com

	smtp.mailfrom=sop...@example.com

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=klunky.co.uk;

	s=dkim; t=1512148092;

	h=from:subject:date:message-id:to:mime-version:content-type:content-transfer-encoding:in-reply-to:references;

	bh=O3idrBwNFHUG4BwWjHATr/UCtrLhIlkoTJdaMYYaQEQ=;

	b=opy6MN/80jdb+TSDM4emZCPbQYigGjyz1kWla55swSBiNkHh/+sNePB53f/4Vikytg89r/

	ND3i9MCq6edLv2VjwQ6Xr2+QJlVpUHyPFCJC1KpF/dfw+hNLYMFcjaT9OVVhIeNXL64WzI

	l1GQclvG9EYUHXaluPQcy7zYVd72Wd4=

Sophie

--
You received this message because you are subscribed to a topic in the Google Groups "rspamd" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/rspamd/lXyHTO_tcHY/unsubscribe.
To unsubscribe from this group and all its topics, send an email to rspamd+un...@googlegroups.com.
Visit this group at https://groups.google.com/group/rspamd.

Sophie Loe

unread,

Dec 1, 2017, 12:18:37 PM12/1/17

to rspamd

Strangly rspamd takes different action depending on whether the mail is sent from IMAP/Apple Mail or Roundcube. Both use smpt-auth over IMAP, but Roundcube is over 127.0.0.1

If Roundcube/localhost, then the DKIM/ARC headers are applied.

If AppleMail/public-IP, then X-Spam: Yes is applied only.

I thought I'd set this to treat all 127.0.01 and exteral IP as the same. Clearly not.

On Friday, 1 December 2017 18:11:44 UTC+1, Sophie Loe wrote:

Thanks Thomas for the tips. I copied them into my local.d files and restarted.

I’m seeing headers for arc and dkim appeaded but not those.

ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=example.com;
s=arc; t=1512148092;
h=from:subject:date:message-id:to:mime-version:content-type:content-transfer-encoding:in-reply-to:references;
bh=O3idrBwNFHUG4BwWjHATr/UCtrLhIlkoTJdaMYYaQEQ=;
b=JGDgj5IPAh+G6OVkk03zap1tY5x0RDqFC/h5qwgWszMbl7xmUD9ln394BFrm6KUn9U16/1
hxHQR5dcTED/gkWvHAvXxFywUf54YG4RYzgJPLt/PoKU+0FHayV7GLsDbliZOgByunK7pO
nuhI2J5hoN0NHe4n231Fo33M2fUK8Co=
ARC-Seal: i=1; s=arc; d=example.com; t=1512148092; a=rsa-sha256; cv=none;
b=APzZVKElwnEIiI3CFCzhQOKNwCBxe9YVcEAh4FbU6hOsXgKoE+hQ8CnGcHY4XgmjlPgn0vKtZDP16e3dJbjVc4iXNl5QvjfOzTR9E7tkXiI4ZrZw3ERjGkSUZAhlDHUroSIZuJS3upbGaI32aoONnIFm8Rlg0ROtzAJZFlrP/24=
ARC-Authentication-Results: i=1; auth=pass smtp.auth=sop...@example.com

smtp.mailfrom=sophie@example.com

To unsubscribe from this group and all its topics, send an email to rspamd+unsubscribe@googlegroups.com.

Sophie Loe

unread,

Dec 1, 2017, 12:33:45 PM12/1/17

to rspamd

Sophie Loe

unread,

Dec 1, 2017, 12:34:22 PM12/1/17

to rspamd

THis is the workers-milter from configdump:

milter_headers {

use [

"x-spamd-bar",

"x-spam-level",

"authentication-results",

"x-rspamd-server",

]

routines {

x-rspamd-bar {

header = "X-Rspamd-Bar";

remove = 1;

}

x-rspamd-level {

header = "X-Rspamd-Level";

remove = 1;

}

authentication-results {

header = "X-Authentication-Results";

remove = 1;

}

x-rspamd-server {

header = "X-Rspamd-Server";

remove = 1;

}

header = "X-Spam-Level";

header = "X-Spam-Status";

header = "X-Virus";

char = "*";

remove = 1;

symbols [

"CLAM_VIRUS",

"FPROT_VIRUS",

]

}

authenticated_headers [

"authentication-results",

]

extended_spam_headers = true;

local_headers [

"x-spamd-bar",

]

skip_local = false;

skip_authenticated = false;

add_smtp_user = true;

spf_symbols {

pass = "R_SPF_ALLOW";

fail = "R_SPF_FAIL";

softfail = "R_SPF_SOFTFAIL";

neutral = "R_SPF_NEUTRAL";

temperror = "R_SPF_DNSFAIL";

none = "R_SPF_NA";

permerror = "R_SPF_PERMFAIL";

}

dkim_symbols {

pass = "R_DKIM_ALLOW";

fail = "R_DKIM_REJECT";

temperror = "R_DKIM_TEMPFAIL";

none = "R_DKIM_NA";

permerror = "R_DKIM_PERMFAIL";

}

dmarc_symbols {

pass = "DMARC_POLICY_ALLOW";

permerror = "DMARC_BAD_POLICY";

temperror = "DMARC_DNSFAIL";

none = "DMARC_NA";

reject = "DMARC_POLICY_REJECT";

softfail = "DMARC_POLICY_SOFTFAIL";

quarantine = "DMARC_POLICY_QUARANTINE";

}

Reply all

Reply to author

Forward