Hey Ron, 

Thanks for reaching out to the community. 

I recommend that you try Rspamd. We have been running it on our production for the past few months and it seems to actually work really well. 

Please take a look at this documentation and let me know if you have any questions. 

It's also free besides needing to be run on a Linux server.

Thank you, 

Additionally, you can offload a lot of the spam checks to it that you would typically do on your SmarterMail server. Rspamd includes support for everything from Bayesian and RBL/URIBL filtering to basic SPF and DMARC checks, so you can really fine tune how you want it to work.

Although I am not a Linux / Ubuntu expert in any way, I will give it a try.

Kyle, how does Rspamd Bayesian work with SmarterMail?

It works similarly to how SpamAssassin works where it will run it's Bayesian scans on the RSpamD side, then pass those results back to SmarterMail. RSpamD has a nice dashboard as well where you can review and edit the different signatures that it looks for as well, so if you don't like one in particular you can just turn it off! What I like about RSpamD and similar solutions is the ability to fine tune it for your environment and needs.If you get stuck feel free to ping me, I have some years background in Linux and did a fair amount of the RSpamD integration testing not too long ago so I should be familiar.

comparing rspamd to cyren seems excessive to me.

Cyren is a ready to use product, rdspam needs to be installed and configured.

However, the learning curve of rdspam is significant. Yes, it's very customizable, but there's a lot to work on. I don't know if a simple basic installation as mentioned in the article will give good results. To try

edit:

I took a quick look at the documentation.

rspamd in the basic configuration has spf, dkim, rbl checks enabled for example

I seem to have understood that as it is used in SM, i.e. not as an input gateway but as a control system, these modules don't make much sense.

I am wrong?

Anyway, I'll take it easy

I have been working with Rspamd for about a week now and I am thrilled. Already the basic setting is very passable but with the extensions like Symbol-Combination, Bayes, Neural, DCC, Pyzor, Razor etc. it gives a really excellent solution.

If you want to give it a kick, you can subscribe to Abusix and reduce the amount of spam to an almost negligible minimum.

In the meantime, I have automatically filtered out over 37 percent of SPAM from 1,000 analyzed messages and about 4 mails are still through that I would classify as SPAM, but Bayes will surely get to grips with this itself over time.

@Sabatino

No, it makes sense because RSpamd returns a spam score or ham score and SmarterMail then slams it into the junk folder, adds text to the subject or deletes it, you can set that yourself with the thresholds and how to handle it at Low, Medium and High.

@Roser S.

Thanks for your answer.

For sure, even considering the cost of the VM I think it costs less than what Cyren Premium Antispam was

Satisfy my curiosity. The linux VM (ubuntu I guess) how many resources have you dedicated to it

@Sabatino

Yes, that is absolutely correct, especially since you have the spam management and settings under your own control and are not dependent on a third-party provider like Cyren. I find that again an important point.

The setup effort and the configuration of RSpamd is not to be underestimated and especially you have to make some fine adjustments regularly and also maintain the virtual machine.

So the virtual machine of me has:

Debian 11

1x vCPU with 2.8 GHz (but a lower clock frequency is absolutely no problem).

2048 MB RAM (but I think 1024 should be enough).

20 GB SSD HDD

10 Gbit network isolated VLAN (VMXNET3)

Meanwhile, I did a basic installation and at least it works.

But I wanted to report an error in the kb

the correct command is

sudo apt install redis-server

Also at the moment I couldn't get the rspamd webui to work

Has anyone succeeded?

@Sabatino

yes apt install redis-server is correct.

for the Webinterface install nginx:

su -
apt update
apt install nginx -y

then modify the default-site of nginx to proxy-pass to your rspamd-service:

nano /etc/nginx/sites-available/default

replace the whole server { .... } part with this. This is just a basic configuration:

server {
        listen 80 default_server;
        listen [::]:80 default_server;
        server_name _;

        location / {
                proxy_pass http://localhost:11334/;
                proxy_set_header Host $host;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        }
}

check nginx config-syntax and then restart nginx-service:

nginx -t
systemctl restart nginx
systemctl status nginx

check if nginx is listening correct on port 80:

netstat -tulpn | grep nginx

check if you can access nginx-website from server command-line:

curl --head http://localhost

connect with your browser to your rspamd-server with http://<ipaddr> not https://

Just in reply to the original question, we have various customers on their own SM installs and just about every time their maintenance license (and Cyren with it) expires they would call us complaining about increased spam volume.

While it certainly isn't perfect, it sure did help in overall spam volume being filtered in our experience.

Thank you @Roser S. 

With your help I was able to do the basic setup and get the web interface working as well.

Now I'm trying it out on a test environment. therefore the email traffic is really small. As soon as I install the new SM I will be able to really understand if it does its job well. Meanwhile I study the various rules of rspamd

If in spamcheck I set rspamd's Scoring Factor to 0, I actually get the creation of headings in the header but without the rspamd check having any influence on the spam classification. Right?

I have not tried this with the heading change and assume that in this setup so when called by SmarterMail as remote Rspamd it would have no effect.

My understanding is that Rspamd just returns the spam score to SmarterMail and SmarterMail then decides what to do with it based on the rules.

But if you set Rspamd in front of SmarterMail in the email communication process then Rspamd is able to reject mails, put mails on the graylist, change mail concerns and only then pass the message to SmarterMail.

I currently see in the constellation with SmarterMail also no added value when Rspamd adds a subject that you can also set in SmarterMail if, for example, the spam probability is low, medium or high.

I use Rspamd simply as a replacement for Cyren, which does nothing but return the spam score.

I recommend you to make the following setting in Rspamd:

su -
nano /etc/rspamd/local.d/actions.conf

Values:

reject = 150;
add_header = 6;
greylist = 4;

Restart rspamd to take changes in effect:

systemctl restart rspamd

However, Rspamd will always return the calculated spam score to SmarterMail, no matter how you set the graylist and add_header settings mentioned above.

But if you set reject too low it will not return a spam score if it is exceeded, so I set the value very high.

I seems to me that SmarterTools needs to write a more complete guide to configure RSPAMD with SmarterMail.

The guide here ( https://portal.smartertools.com/kb/a3595/deploying-rspamd-for-use-with-smartermail.aspx ) is not enought to have a real good working enviroment.

AND it did not explain enough HOW the integration works (read the comments of the other users above here to understand what some concerns are related to...)

This is all great but it undermines SmarterMail Anti-Spam Premium.

So we set all this Rspamd for what? When will the new premium antispam add-on be available? There was supposed to be a "transition."

Hi Ron!

good questions...

...BUT...

I think the most urgent problem to solve are the current BUGS of version 8495-8496 , because at the moment my customers are starting to get impatient...

After that SmarterTools can focus on working on the new Antispam, but I'd say not before...

Hello Ron

Yes I am also curious how it looks like with the premium antispam but frankly if it is only antispam and not also antivirus then it does not interest me much because I get with Declude, Rspamd, URIBL, RBL and Message Sniffer the spam even in the handle without spending more money.

To be honest, I am very disappointed with Cyren Antivirus. In the years I have been using this product, it has not identified a single piece of malware. Microsoft Defender and ClamAV did. So I'd rather spend the money on something that offers added value or do something myself.

I think it would be cool if you could integrate Sophos Antivirus and Antispam.

rspamd Report:

Green is no-spam, yellow is spam, blue is graylist and red ist reject.

from all mails, 63% is legitimate mail and rest is marked or handled.

I appreciate all the feedback and recommendations.  At this time, we have NOT seem a spike in SPAM which leads me to believe that Cyren wasn't doing too much anyway.  Our other spam checks seem to be taking on the extra load.

Hi Ron!

I think that you don't see an increse in Spam only because you have a Mail Gateway that filter it before reaching SmarterMail...

Hey Guys, 

Thanks for your feedback here. Something kinda cool about RSPAMD is that it supports modules. 
Take a look at this AV Module. https://www.rspamd.com/doc/modules/antivirus.html

I haven't tried it out but it looks promising.

Let me know what you guys think about it. 

Thanks,  

Cyren is gone.

SmarterTools promised Premium Anti-Spam as an alternative with an easy migration path.

This thread turned towards RSpamD. No prob.

However, we need to make a decision for long term. 

SmarterTools insight on Cyren spam replacement status would be valuable here.

Hello Ron

You can't go wrong if you make friends with RSpamd now and configure it as best you can. After all, this solution is very powerful and has many optional extensions without having to reach into your wallet.

If there can be a solution from SmarterMail at some point, this would still be worth considering, if it also proves to be a helpful spam fighting solution.

In the meantime, I have the impression that we better concentrate on what is available to us.

Greetings Roger

Hi everyone

I think RDSPAMD can be a good solution.

The problem is that configuring RDSPAMD is not trivial.

The documentation https://portal.smartertools.com/kb/a3595/deploying-rspamd-for-use-with-smartermail.aspx is minimal. Smartertool didn't even add in documentation how to install web interface, present in this thread

I've been playing around with RDSPAMD for a while and honestly I still have a thousand questions and few certainties.

We should open a dedicated thread and start from the basics with everyone contributing in my opinion. But SMARTERTOOL's help is also needed to build a tutorial starting from it

Studying the RDSPAMD documentation is not trivial.

For my part I would prefer to start from a base and then explore. RDSPAMD's quick tutorial didn't answer my questions that would get me started

Example:

1) I still don't understand how modules are activated or deactivated

2) I don't understand why I see that RDSPAMD reapplies greylisting to me, in the way we use it, as a module of SM I don't understand what sense it has.

3) The RBL, GREYLISTING, SURBL, spf, is better to be applied on the gateway, sm or other than on rdspamd used as a remote module.

Do not believe. If sm applies the rbl and assigns a score and then I call RDSPAMD which reapplies the rbl and re-adds a score... what's the point? With rdspamd I do other types of checks, certainly not RBL