Nethserver-rspamd a new module



Just a teaser now, I started to work on rpsamd I have something basic with still a lot more things to do. However I would be interested if some of you know it, use it, and have tips of course on features to introduce and others to flee.


Seems to be a full featured spam filter, looking forward to first test release…


Postfix milter :yum:

1 Like

I like this spam filter idea so much I installed it to try it and it’s working but I didn’t test much now,
If someone likes to test, here is a quick and dirty install copy/paste just to get into it.

curl > /etc/yum.repos.d/rspamd.repo
rpm --import
yum -y update
yum -y install nethserver-mail-server rspamd nethserver-redis
cat > /etc/e-smith/templates/etc/postfix/ << EOL
# 90rspamdmilter
#smtpd_milters = unix:/var/lib/rspamd/milter.sock
# or for TCP socket
smtpd_milters = inet:localhost:11332
milter_protocol = 6
milter_mail_macros = i {mail_addr} {client_addr} {client_name} {auth_authen}
# skip mail without checks if something goes wrong
milter_default_action = accept
cat > /etc/httpd/conf.d/rspamd.conf << EOL
<Location /rspamd>
        Order allow,deny
        Allow from all
RewriteRule ^/rspamd\$ /rspamd/ [R,L]
RewriteRule ^/rspamd/(.*) http://localhost:11334/$1 [P,L]
expand-template /etc/postfix/
signal-event nethserver-mail-server-update
systemctl enable rspamd
systemctl start rspamd
systemctl restart httpd

Using the gtube pattern in mail text


and roundcube doesn’t send my “bad” mail anymore…I could send the mail with spamassassin but I don’t know if it’s filtering locally.

The logfile is /var/log/rspamd/rspamd.log:

2017-12-08 01:07:20 #18975(normal) <6f669f>; task; accept_socket: accepted connection from port 50928, task ptr: 000000000244C780
2017-12-08 01:07:20 #18975(normal) <6f669f>; task; rspamd_check_gtube: <2afed2d2804c4607418b0c3bac7635af@domain.local>: gtube pattern has been found in part of length 70
2017-12-08 01:07:20 #18975(normal) <6f669f>; task; rspamd_message_parse: loaded message; id: <2afed2d2804c4607418b0c3bac7635af@domain.local>; queue-id: <CFC6F30A6AF7>; size: 625; checksum: <7be1974381651e59cd09135164e0339d>
2017-12-08 01:07:20 #18975(normal) <6f669f>; task; rspamd_task_write_log: id: <2afed2d2804c4607418b0c3bac7635af@domain.local>, qid: <CFC6F30A6AF7>, ip:, from: <admin@domain.local>, (default: S (reject): [15.00/15.00] [GTUBE(0.00){}]), len: 625, time: 0.000ms real, 0.213ms virtual, dns req: 0, digest: <7be1974381651e59cd09135164e0339d>, rcpts: <markus@domain.local>, mime_rcpt: <markus@domain.local>
2017-12-08 01:07:20 #18975(normal) <6f669f>; task; rspamd_protocol_http_reply: regexp statistics: 0 pcre regexps scanned, 0 regexps matched, 163 regexps total, 0 regexps cached, 0B bytes scanned using pcre, 0B bytes scanned total

I’ll get more into rspamd and then I’d like to compare it to spamassassin when filtering some of my mails and maybe find out some interesting features.


Take a look to my github , clone the repo, build it with make-rpms, play a bit

I know a bug with the reverse proxy


I tried it now. Looks really nice, I have to learn about the features…

I put the RPM on my webhost so others can try or do you have it online somewhere? If it’s ok for you?

curl > /etc/yum.repos.d/rspamd.repo
rpm --import
yum install

congratulation, a developer is born :slight_smile:

It is a bit soon to share it, I would go to redis database instead of sqlite (needed if we want the antivirus feature for example)

My aim is to replace nethserver-mail-filter and it is a lot of work. This rpm will be available by the software-center since it is part of a work for nethesis


I’m ready to help if needed.

1 Like

:cake: :baby:

Give this man a prototype :slight_smile:


let me few days, I’m testing it on my own server, it is an alpha, seems workable but you know the music :smiley:


wait a bit, just a bit…I would love to have something workable for the end of the month…I hope so


Je t’attends de pied ferme ! :slight_smile:

1 Like

still things to do :smiley:


:scream: gorgeous

@davidep and @giacomo, please comment


rspamd can learn like spamassassin by moving the email to the inbox or the junk email box by something really easy
This is the piece of code, sure you know it

protocol imap {
  mail_plugins = $mail_plugins antispam

plugin {
    antispam_backend = mailtrain
    antispam_spam    = Junk
    antispam_trash   = Trash
    antispam_mail_sendmail = /usr/bin/rspamc
    antispam_mail_spam     = learn_spam
    antispam_mail_notspam  = learn_ham
    antispam_mail_sendmail_args = -h;localhost:11334;-P;TheRspamdPassword

the original code comes from

[root@ns7dev5 ~]# rpm -qf /etc/e-smith/templates/etc/dovecot/dovecot.conf/50spam_training 

I would know how I can add my code and replace the code you can see below

plugin {
    antispam_backend = MAILTRAIN
    antispam_spam = Junk
    antispam_trash = Trash
    antispam_mail_sendmail = /usr/libexec/nethserver/
    antispam_mail_spam = spam
    antispam_mail_notspam = ham
    antispam_mail_sendmail_args = %u 

I could propose some solutions, not yet really look after, I’m thinking loudly

  1. Move /etc/e-smith/templates/etc/dovecot/dovecot.conf/50spam_training to nethserver-mail-filter (or any other rpm) and create also in nethserver-rspamd a 50spam_training. Anyway I think that we need to set nethserver-mail-filter as a conflict of rspamd (I don’t see interest to get two spam/antivirus filters)

  2. modify /usr/libexec/nethserver/ and detect if /usr/bin/rspamc is installed, then use this binary to learn if it is a spam or not

I would tend for the solution 2


For now I did not modify the rpm nethserver-mail-common with the amavisd-new, it works like that

[root@ns7dev5 ~]# cat /etc/e-smith/templates/etc/postfix/ 
#smtpd_milters = unix:/var/lib/rspamd/milter.sock
# or for TCP socket
smtpd_milters = inet:localhost:11332
milter_protocol = 6
milter_mail_macros = i {mail_addr} {client_addr} {client_name} {auth_authen}
# skip mail without checks if something goes wrong
milter_default_action = accept

I simply did not install nethserver-mail-filter. I prefer a modular approach and let the sysadmin to remove nethserver-mail-filter and install manually nethserver-rspamd.

I’m not a big fan to remove/bypass the amavisd if it works like that but do we have to go in the direction to deactivate amavisd if rspamd is installed ?

:thumbsup: yes

I’d add an “Obsoletes nethserver-mail-filter” and “Requires nethserver-mail-common > xyz” to nethserver-rspamd. We should provide just one solution to fight spam that works (and amavisd/spamassassin has many issues today).

One of these issues is the disclaimer feature, implemented by nethserver-mail-common (IIRC): amavisd relay a message through spam checks, AV checks and altermime too…


I suppose you speak of this

Dec 12 00:52:02 prometheus[32324]: Message enqueued as spam
Dec 12 00:52:02 prometheus postfix/qmgr[26835]: DA9D51807E91B: from=<>, size=101219, nrcpt=1 (queue active)
Dec 12 00:52:06 prometheus postfix/pipe[32325]: DA9D51807E91B: to=<>, relay=spamtrain, delay=4.3, delays=0.53/0.05/0/3.7, dsn=2.0.0, status=sent (delivered via spamtrain service)
Dec 12 00:52:06 prometheus postfix/qmgr[26835]: DA9D51807E91B: removed

That is the “spam training” feature, implemented on mail-server by the Dovecot plugin. I see no problem on replacing its backend from to rspamc

The antispam dovecot plugin is now deprecated:
We should replace it with IMAPSieve:

1 Like