|
# Setup
The rspamd setup for spam was incredibly easy on OpenBSD (6.9 for me
when I wrote this). We need to install the rspamd service but also the
connector for opensmtpd, and also redis which is mandatory to make
rspamd working.
```shell instructions
pkg_add opensmtpd-filter-rspamd rspamd redis
rcctl enable redis rspamd
rcctl start redis rspamd
```
Modify your /etc/mail/smtpd.conf file to add this new line:
```smtpd.conf file
filter rspamd proc-exec "filter-rspamd"
```
And modify your "listen on ..." lines to add "filter "rspamd"" to it,
like in this example:
```smtpd.conf file
listen on em0 pki perso.pw tls auth-optional filter "rspamd"
listen on em0 pki perso.pw smtps auth-optional filter "rspamd"
```
Restart smtpd with "rcctl restart smtpd" and you should have rspamd
working!
# Using rspamd
Rspamd will automatically check multiple criteria for assigning a score
to an incoming email, beyond a high score the email will be rejected
but between a low score and too high, it may be tagged with a header
"X-spam" with the value true.
If you want to automatically put the tagged email as spam in your Junk
directory, either use a sieve filter on the server side or use a local
filter in your email client. The sieve filter would look like this:
```sieve rule
if header :contains "X-Spam" "yes" {
fileinto "Junk";
stop;
}
```
# Feeding rspamd
If you want better results, the filter needs to learn what is spam and
what is not spam (named ham). You need to regularly scan new emails to
increase the effectiveness of the filter, in my example I have a single
user with a Junk directory and an Archives directory within the maildir
storage, I use crontab to run learning on mails newer than 24h.
```crontab
0 1 * * * find /home/solene/maildir/.Archives/cur/ -mtime -1 -type f -exec rspamc learn_ham {} +
10 1 * * * find /home/solene/maildir/.Junk/cur/ -mtime -1 -type f -exec rspamc learn_spam {} +
```
# Getting statistics
rspamd comes with very nice reporting tools, you can get a WebUI on the
port 11334 which is listening on localhost by default so you would
require tuning rspamd to listen on other addresses or you can use a SSH
tunnel.
You can get the same statistics on the command line using the command
"rspamc stat" which should have an output similar to this:
```command line output
Results for command: stat (0.031 seconds)
Messages scanned: 615
Messages with action reject: 15, 2.43%
Messages with action soft reject: 0, 0.00%
Messages with action rewrite subject: 0, 0.00%
Messages with action add header: 9, 1.46%
Messages with action greylist: 6, 0.97%
Messages with action no action: 585, 95.12%
Messages treated as spam: 24, 3.90%
Messages treated as ham: 591, 96.09%
Messages learned: 4167
Connections count: 611
Control connections count: 5190
Pools allocated: 5824
Pools freed: 5801
Bytes allocated: 31.17MiB
Memory chunks allocated: 158
Shared chunks allocated: 16
Chunks freed: 0
Oversized chunks: 575
Fuzzy hashes in storage "rspamd.com": 2936336370
Fuzzy hashes stored: 2936336370
Statfile: BAYES_SPAM type: redis; length: 0; free blocks: 0; total blocks: 0; free: 0.00%; learned: 344; users: 1; languages: 0
Statfile: BAYES_HAM type: redis; length: 0; free blocks: 0; total blocks: 0; free: 0.00%; learned: 3822; users: 1; languages: 0
Total learns: 4166
```
# Conclusion
rspamd is for me a huge improvement in term of efficiency, when I tag
an email as spam the next one looking similar will immediately go into
Spam after the learning cron runs, it draws less memory then
Spamassassin and reports nice statistics. My Spamassassin setup was
directly rejecting emails so I didn't have a good comprehension of its
effectiveness but I got too many identical messages over weeks that
were never filtered, for now rspamd proved to be better here.
I recommend looking at the configurations files, they are all disabled
by default but offer many comments with explanations which is a nice
introduction to learn about features of rspamd, I preferred to keep the
defaults and see how it goes before tweaking more. |