 |
Title: Filtering spam using Rspamd and OpenSMTPD on OpenBSD |
|
Author: Solène |
|
Date: 13 July 2021 |
|
Tags: openbsd mail spam |
|
Description: |
|
|
|
# Introduction |
|
|
|
I recently used Spamassassin to get ride of the spam I started to |
|
receive but it proved to be quite useless against some kind of spam so |
|
I decided to give rspamd a try and write about it. |
|
|
|
rspamd can filter spam but also sign outgoing messages with DKIM, I |
|
will only care about the anti spam aspect. |
|
|
 |
rspamd project website |
|
|
|
# Setup |
|
|
|
The rspamd setup for spam was incredibly easy on OpenBSD (6.9 for me |
|
when I wrote this). We need to install the rspamd service but also the |
|
connector for opensmtpd, and also redis which is mandatory to make |
|
rspamd working. |
|
|
|
```shell instructions |
|
pkg_add opensmtpd-filter-rspamd rspamd redis |
|
rcctl enable redis rspamd |
|
rcctl start redis rspamd |
|
``` |
|
|
|
Modify your /etc/mail/smtpd.conf file to add this new line: |
|
|
|
```smtpd.conf file |
|
filter rspamd proc-exec "filter-rspamd" |
|
``` |
|
|
|
And modify your "listen on ..." lines to add "filter "rspamd"" to it, |
|
like in this example: |
|
|
|
```smtpd.conf file |
|
listen on em0 pki perso.pw tls auth-optional filter "rspamd" |
|
listen on em0 pki perso.pw smtps auth-optional filter "rspamd" |
|
``` |
|
|
|
Restart smtpd with "rcctl restart smtpd" and you should have rspamd |
|
working! |
|
|
|
# Using rspamd |
|
|
|
Rspamd will automatically check multiple criteria for assigning a score |
|
to an incoming email, beyond a high score the email will be rejected |
|
but between a low score and too high, it may be tagged with a header |
|
"X-spam" with the value true. |
|
|
|
If you want to automatically put the tagged email as spam in your Junk |
|
directory, either use a sieve filter on the server side or use a local |
|
filter in your email client. The sieve filter would look like this: |
|
|
|
```sieve rule |
|
|
|
if header :contains "X-Spam" "yes" { |
|
fileinto "Junk"; |
|
stop; |
|
} |
|
``` |
|
|
|
# Feeding rspamd |
|
|
|
If you want better results, the filter needs to learn what is spam and |
|
what is not spam (named ham). You need to regularly scan new emails to |
|
increase the effectiveness of the filter, in my example I have a single |
|
user with a Junk directory and an Archives directory within the maildir |
|
storage, I use crontab to run learning on mails newer than 24h. |
|
|
|
```crontab |
|
0 1 * * * find /home/solene/maildir/.Archives/cur/ -mtime -1 -type f -exec rsp… |
|
10 1 * * * find /home/solene/maildir/.Junk/cur/ -mtime -1 -type f -exec rsp… |
|
``` |
|
|
|
# Getting statistics |
|
|
|
rspamd comes with very nice reporting tools, you can get a WebUI on the |
|
port 11334 which is listening on localhost by default so you would |
|
require tuning rspamd to listen on other addresses or you can use a SSH |
|
tunnel. |
|
|
|
You can get the same statistics on the command line using the command |
|
"rspamc stat" which should have an output similar to this: |
|
|
|
```command line output |
|
Results for command: stat (0.031 seconds) |
|
Messages scanned: 615 |
|
Messages with action reject: 15, 2.43% |
|
Messages with action soft reject: 0, 0.00% |
|
Messages with action rewrite subject: 0, 0.00% |
|
Messages with action add header: 9, 1.46% |
|
Messages with action greylist: 6, 0.97% |
|
Messages with action no action: 585, 95.12% |
|
Messages treated as spam: 24, 3.90% |
|
Messages treated as ham: 591, 96.09% |
|
Messages learned: 4167 |
|
Connections count: 611 |
|
Control connections count: 5190 |
|
Pools allocated: 5824 |
|
Pools freed: 5801 |
|
Bytes allocated: 31.17MiB |
|
Memory chunks allocated: 158 |
|
Shared chunks allocated: 16 |
|
Chunks freed: 0 |
|
Oversized chunks: 575 |
|
Fuzzy hashes in storage "rspamd.com": 2936336370 |
|
Fuzzy hashes stored: 2936336370 |
|
Statfile: BAYES_SPAM type: redis; length: 0; free blocks: 0; total blocks: 0; f… |
|
Statfile: BAYES_HAM type: redis; length: 0; free blocks: 0; total blocks: 0; fr… |
|
Total learns: 4166 |
|
``` |
|
|
|
# Conclusion |
|
|
|
rspamd is for me a huge improvement in term of efficiency, when I tag |
|
an email as spam the next one looking similar will immediately go into |
|
Spam after the learning cron runs, it draws less memory then |
|
Spamassassin and reports nice statistics. My Spamassassin setup was |
|
directly rejecting emails so I didn't have a good comprehension of its |
|
effectiveness but I got too many identical messages over weeks that |
|
were never filtered, for now rspamd proved to be better here. |
|
|
|
I recommend looking at the configurations files, they are all disabled |
|
by default but offer many comments with explanations which is a nice |
|
introduction to learn about features of rspamd, I preferred to keep the |
|
defaults and see how it goes before tweaking more. |
