This article walks through the installation and configuration of the Rspamd spam filtering system and its subsequent integration with SmarterMail. This guide is being created against Ubuntu Server 20.04+ with a static assigned IPv4 address, disabled firewall (internal use only), and a single network interface.
There are a few requirements that need to be in place to ensure the rest of the guide goes as planned:
- You'll need an Ubuntu server
- You'll likely want a static IPv4 address (or addressing of your choice)
- You'll need a user account in Ubuntu with SU permissions
Once these requirements are met you should be able to complete the steps, below, without issue.
Rspamd utilizes Redis as a storage and caching system for Bayesian filtering. To install it, typ th efollowing command into the Ubuntu terminal:
sudo apt install redis-server
Next, we'll use the official Rspamd repository to install the most recent, stable version. Before doing that, however, you'll need to install the required software. Use the following commands:
sudo apt install software-properties-common lsb-release
sudo apt install lsb-release wget
Once that's done, you'll need to use the weget command to add the repository's GPG key to your APT sources list. Use the following command:
wget -O- https://rspamd.com/apt-stable/gpg.key | sudo apt-key add -
Next, enable the Rspamd repository using this command:
echo "deb http://rspamd.com/apt-stable/ $(lsb_release -cs) main" | sudo tee -a /etc/apt/sources.list.d/rspamd.list
Now that the repository is enabled, you'll need to update the package index with our new changes, install Rspamd, and configure it. Use the following commands:
sudo apt update
sudo apt install rspamd
Instead of changing the default configuration files, you'll simply add new files to the /etc/rspamd/local.d/local.d/ directory to override and replace the existing ones.
The first modification will be to the worker that analyzes email messages for spam. By default, this worker listens on port 11333 on all interfaces. To ensure the normal worker listens on the appropriate address, you will want to manually configure its bind address. To do that, create the file, below, with the contents provided:
File to create: /etc/rspamd/local.d/worker-normal.inc
File contents: bind_socket = "127.0.0.1:11333";
Next, the controller worker server, which grants access to the Rspamd web interface, has to have a password set up for it. To create an encrypted password, use the following command (replacing "P4ssvv0rD" with a password of your choosing):
rspamadm pw --encrypt -p P4ssvv0rD
The output should look something like this:
Using the copy/paste functionality in terminal, copy the password and then put it in the following configuration file:
Contents: password = "$2$khz7u8nxgggsfay3qta7ousbnmi1skew$zdat4nsm7nd3ctmiigx9kjyo837hcjodn1bob5jaxt7xpkieoctb";
There are a couple of other additions for the worker-controller.inc file you’ll want to include.
secure_ip: “10.1.212.12” – Replace the example IP with the IP address of your SmarterMail server. Alternatively, you can use a wildcard (*) so that any IP in your network can communicate with your Rspamd server.
allow_learn = "true" – enables the learnspam and learnham features.
Finally, you need to configure Rspamd to use redis as its Bayesian filtering caching and storage system. To do that, create the file, below, with the contents provided:
File to create: /etc/rspamd/local.d/classifier-bayes.conf
File contents: servers = "127.0.0.1";
backend = "redis";
Once the above is all completed, you'll need to restart Rspamd. To do that, use the following command:
sudo systemctl restart rspamd
Testing Things Out
To verify everything is set up properly you can try accessing the rspamd HTTP endpoint via a browser with a URL like: http://10.1.10.212:11333/checkv2. (You will need modify the URL to use the IP you selected during server setup.) If everything is set up properly, you should receive a result like this one below, which indicates you are reaching the worker:
Implementation and Usage
Next, we need to add the new server as an available Rspamd server in SmarterMail. To do that, do the following:
- Log on to SmarterMail as a system administrator
- Navigate to Settings > Antispam > Options
- On the Remote Rspamd Servers card, click New Server.
- Input the same HTTP test interface you verified above.
Name: Use whatever you like. For example, Rspamd01
Rspamd Server Address: http://10.1.10.212:11333
Checkv2 Endpoint: /checkv2
Learnspam Endpoint: /learnspam
Learnham Endpoint: /learnham
- Save your changes.
Next, you'll want to move to the Options card and enable Send user spam to antispam providers. This ensures that when the "Move to Jun" and/or "Move to Inbox" buttons are used on a message, the messages are handled properly by Rspamd.
Finally, enable the Rspamd spam check under Settings > Antispam > Spam Checks.
To confirm Rspamd scanning is taking place, check the Raw Content of a message and look for Rspamd spam check results. For example (bold for emphasis):
X-SmarterMail-Spam: Reverse DNS Lookup [Passed]: 0, Cyren [Unknown]: 0, _REMOTERSPAMD: 0:0, SPF [Pass]: 0, DKIM [Pass]: 0, Spamhaus: 0, SpamCop: 0, SORBS - Recent: 0, SORBS - No Mail: 0, SORBS - No Server: 0, SORBS: 0, SEM - Black: 0, MailSpike: 0, HostKarma: 0, URIBL: 0, SEM-URI: 0, SURBL: 0
X-SmarterMail-SpamDetail: Rspamd [HAS_REPLYTO: 0, RECEIVED_SPAMHAUS_BLOCKED_OPENRESOLVER: 0, R_SPF_ALLOW: -0.2, REPLYTO_ADDR_EQ_FROM: 0, TO_DN_NONE: 0, URI_COUNT_ODD: 1, SEM_URIBL_FRESH15_UNKNOWN_FAIL: 0, RBL_VIRUSFREE_UNKNOWN_FAIL: 0, DKIM_TRACE: 0, RCVD_COUNT_ONE: 0, RCVD_NO_TLS_LAST: 0.1, FROM_EQ_ENVFROM: 0, MIME_TRACE: 0, ASN: 0, RSPAMD_URIBL_FAIL: 0, ONCE_RECEIVED: 0.1, ARC_NA: 0, SEM_URIBL_UNKNOWN_FAIL: 0, R_DKIM_ALLOW: -0.2, FROM_DN_EQ_ADDR: 1, EXT_CSS: 1, MIME_GOOD: -0.1, DWL_DNSWL_HI: -3.5, DMARC_NA: 0, RCPT_COUNT_ONE: 0, MANY_INVISIBLE_PARTS: 0.05, MID_RHS_NOT_FQDN: 0.5, RBL_SPAMHAUS_BLOCKED_OPENRESOLVER: 0]
If you don't see any results in a message's header, a good first step is to check the Delivery Logs in SmarterMail for signs of errors like these:
[2022.12.06] 09:42:48.837  Unable to run remote Rspamd spam checks on server : System.Net.Http.HttpRequestException: An error occurred while sending the request. ---> System.Net.WebException: Unable to connect to the remote server ---> System.Net.Sockets.SocketException: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond 10.1.10.212:11333 [2022.12.06] at MailService.Spam.RspamdClient.<ExternalCheck>d__19.MoveNext()
[2022.12.06] 10:07:48.566  Unable to run remote Rspamd spam checks on server : No Rspamd servers available
Generally, that means there's a misconfiguration somewhere: the IP is incorrect, maybe an internal firewall is blocking access, etc.
Another good troubleshooting source is the Rspamd dashboard. You access it via the URL for the HTTP endpoint mentioned above. It should help confirm whether or not messages are being scanned.
If you start setting Rspamd scanning failing or stalling after a few messages are scanned, it's likely your default Rspamd settings are the cause. Check the /etc/rspamd/options.inc file and modify the following values to higher counts: