rspamd ist ein moderner, performanter Spam-Filter. Er bietet Machine Learning, integrierte Statistiken und deutlich bessere Performance als SpamAssassin.
rspamd vs SpamAssassin
Vergleich
| Feature | rspamd | SpamAssassin | |---------|--------|--------------| | Sprache | C/Lua | Perl | | Performance | Sehr schnell | Langsamer | | ML/Bayes | Integriert | Plugin | | Web-UI | Ja | Nein | | API | REST API | Nein | | DKIM-Signing | Integriert | Extern | | Konfiguration | Lua/UCL | Perl |
Vorteile von rspamd
- 10x schneller als SpamAssassin
- Geringerer Speicherverbrauch
- Integriertes DKIM-Signing
- Web-Interface für Statistiken
- Neural Network Support
- Aktive EntwicklungInstallation
Debian/Ubuntu
# Repository hinzufügen
apt install -y lsb-release wget gpg
wget -qO- https://rspamd.com/apt-stable/gpg.key | gpg --dearmor > /etc/apt/trusted.gpg.d/rspamd.gpg
echo "deb http://rspamd.com/apt-stable/ $(lsb_release -cs) main" > /etc/apt/sources.list.d/rspamd.list
# Installation
apt update
apt install rspamd redis-server
systemctl enable rspamd redis-server
systemctl start rspamd redis-serverCentOS/RHEL
# Repository
curl https://rspamd.com/rpm-stable/centos-8/rspamd.repo > /etc/yum.repos.d/rspamd.repo
dnf install rspamd redis
systemctl enable rspamd redis
systemctl start rspamd redisKonfiguration
Verzeichnisstruktur
/etc/rspamd/
├── rspamd.conf # Hauptkonfiguration
├── local.d/ # Eigene Konfiguration
│ ├── worker-controller.inc
│ ├── redis.conf
│ └── dkim_signing.conf
├── override.d/ # Überschreibungen
└── modules.d/ # Modul-KonfigurationWeb-Interface aktivieren
-- /etc/rspamd/local.d/worker-controller.inc
bind_socket = "127.0.0.1:11334";
password = "$2$hash..."; -- rspamadm pw generiert
enable_password = "$2$hash...";Passwort generieren
rspamadm pw
# Eingabe: passwort
# Ausgabe: $2$xxxxx...Redis konfigurieren
-- /etc/rspamd/local.d/redis.conf
servers = "127.0.0.1:6379";
-- password = "redis_password"; -- Falls Redis-Auth aktivClassifier (Bayes)
-- /etc/rspamd/local.d/classifier-bayes.conf
servers = "127.0.0.1:6379";
backend = "redis";
autolearn = true;Postfix-Integration
Via Milter
# /etc/postfix/main.cf
# rspamd Milter
smtpd_milters = inet:127.0.0.1:11332
non_smtpd_milters = inet:127.0.0.1:11332
milter_default_action = accept
milter_protocol = 6Via Content-Filter (Alternative)
# /etc/postfix/main.cf
content_filter = scan:127.0.0.1:11333
# /etc/postfix/master.cf
scan unix - - n - 10 smtp
-o smtp_send_xforward_command=yes
-o disable_dns_lookups=yes
127.0.0.1:10025 inet n - n - 10 smtpd
-o content_filter=
-o local_recipient_maps=systemctl restart postfixDKIM-Signing
Schlüssel generieren
mkdir -p /var/lib/rspamd/dkim
rspamadm dkim_keygen -s mail -d example.de -k /var/lib/rspamd/dkim/example.de.mail.key > /var/lib/rspamd/dkim/example.de.mail.txt
chown -R _rspamd:_rspamd /var/lib/rspamd/dkim
chmod 440 /var/lib/rspamd/dkim/*DKIM-Konfiguration
-- /etc/rspamd/local.d/dkim_signing.conf
path = "/var/lib/rspamd/dkim/$domain.$selector.key";
selector = "mail";
-- Oder domainspezifisch
domain {
example.de {
path = "/var/lib/rspamd/dkim/example.de.mail.key";
selector = "mail";
}
}DNS-Eintrag
# Inhalt von /var/lib/rspamd/dkim/example.de.mail.txt
cat /var/lib/rspamd/dkim/example.de.mail.txt
# Als DNS TXT-Record eintragen:
# mail._domainkey.example.de. IN TXT "v=DKIM1; k=rsa; p=MIIBIjAN..."ARC-Signing
-- /etc/rspamd/local.d/arc.conf
sign_networks = ["/var/lib/rspamd/dkim"];
use_domain = "envelope";
allow_username_mismatch = true;
domain {
example.de {
path = "/var/lib/rspamd/dkim/example.de.mail.key";
selector = "mail";
}
}SPF, DKIM, DMARC
Module aktivieren
-- /etc/rspamd/local.d/spf.conf
enabled = true;
-- /etc/rspamd/local.d/dkim.conf
enabled = true;
-- /etc/rspamd/local.d/dmarc.conf
enabled = true;DMARC-Reporting
-- /etc/rspamd/local.d/dmarc.conf
reporting = true;
send_reports = true;
report_settings {
org_name = "Example Inc";
domain = "example.de";
email = "dmarc@example.de";
from_name = "DMARC Reporter";
}Greylisting
-- /etc/rspamd/local.d/greylist.conf
servers = "127.0.0.1:6379";
expire = 86400; -- 1 Tag
timeout = 300; -- 5 Minuten VerzögerungWhitelisting
IP-Whitelist
-- /etc/rspamd/local.d/multimap.conf
WHITELIST_IP {
type = "ip";
map = "/etc/rspamd/local.d/ip_whitelist.map";
symbol = "WHITELIST_IP";
score = -5.0;
}# /etc/rspamd/local.d/ip_whitelist.map
192.168.1.0/24
10.0.0.0/8Domain-Whitelist
WHITELIST_DOMAIN {
type = "from";
filter = "email:domain";
map = "/etc/rspamd/local.d/domain_whitelist.map";
symbol = "WHITELIST_DOMAIN";
score = -3.0;
}# /etc/rspamd/local.d/domain_whitelist.map
trusted-company.de
partner.comScoring anpassen
Scores ändern
-- /etc/rspamd/local.d/actions.conf
reject = 15; -- E-Mail ablehnen
add_header = 6; -- Header hinzufügen
greylist = 4; -- Greylisting
no_action = null; -- Nichts tunSymbol-Scores
-- /etc/rspamd/local.d/groups.conf
symbols {
"BAYES_SPAM" {
weight = 5.0;
description = "Bayes spam";
}
"BAYES_HAM" {
weight = -3.0;
description = "Bayes ham";
}
}Web-Interface
Nginx-Proxy
# /etc/nginx/sites-available/rspamd
server {
listen 443 ssl;
server_name rspamd.example.de;
ssl_certificate /etc/letsencrypt/live/rspamd.example.de/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/rspamd.example.de/privkey.pem;
location / {
proxy_pass http://127.0.0.1:11334;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
}
}Zugriff
URL: https://rspamd.example.de/
Passwort: (bei Konfiguration gesetzt)Training
Spam manuell lernen
# Als Spam markieren
rspamc learn_spam < spam_mail.eml
# Als Ham markieren
rspamc learn_ham < good_mail.eml
# Aus Dovecot-Ordner
rspamc learn_spam /var/vmail/user/Maildir/.Junk/cur/Automatisches Training
-- /etc/rspamd/local.d/classifier-bayes.conf
autolearn {
spam_threshold = 12.0; -- Automatisch als Spam lernen
ham_threshold = -2.0; -- Automatisch als Ham lernen
}Mit Dovecot IMAP
-- /etc/rspamd/local.d/statistic.conf
classifier "bayes" {
tokenizer {
name = "osb";
}
cache {
path = "redis://127.0.0.1:6379";
}
autolearn = true;
learn_condition = 'return require("rspamd_classifier").autolearn_condition(task)';
}Statistiken
CLI-Statistiken
# Allgemeine Statistiken
rspamc stat
# Ham/Spam-Statistiken
rspamc counters
# Bayes-Statistiken
rspamc stat_resetAPI
# JSON-Statistiken
curl http://localhost:11334/stat
# Scan durchführen
curl --data-binary @mail.eml http://localhost:11333/checkv2Troubleshooting
Logs
# rspamd-Log
journalctl -u rspamd -f
# Oder
tail -f /var/log/rspamd/rspamd.logKonfiguration testen
# Syntax prüfen
rspamadm configtest
# Konfiguration anzeigen
rspamadm configdumpE-Mail scannen
# Datei scannen
rspamc < test_mail.eml
# Ausführliche Ausgabe
rspamc -v < test_mail.eml
# Symbols anzeigen
rspamc symbols < test_mail.emlService-Status
# Status
rspamadm control stat
# Alle Worker
rspamadm control workersPerformance-Tuning
Worker anpassen
-- /etc/rspamd/local.d/worker-normal.inc
count = 4; -- Anzahl Worker-ProzesseRedis-Tuning
-- /etc/rspamd/local.d/redis.conf
servers = "127.0.0.1:6379";
timeout = 1s;
connect_timeout = 1s;Zusammenfassung
| Datei | Funktion | |-------|----------| | local.d/worker-controller.inc | Web-Interface | | local.d/redis.conf | Redis-Verbindung | | local.d/dkim_signing.conf | DKIM-Signierung | | local.d/actions.conf | Score-Schwellen | | local.d/multimap.conf | White/Blacklists |
| Befehl | Funktion | |--------|----------| | rspamc stat | Statistiken | | rspamc learn_spam | Spam lernen | | rspamc learn_ham | Ham lernen | | rspamadm pw | Passwort-Hash | | rspamadm configtest | Konfig prüfen |
| Score | Aktion | |-------|--------| | < 4 | Zustellung | | 4-6 | Greylisting | | 6-15 | Header hinzufügen | | > 15 | Ablehnen |
Fazit
rspamd ist die moderne Alternative zu SpamAssassin mit deutlich besserer Performance. Die integrierte Web-Oberfläche ermöglicht einfaches Monitoring. DKIM-Signing und ARC sind eingebaut. Das Machine-Learning-System lernt automatisch und verbessert die Erkennungsrate kontinuierlich. Für neue Mailserver-Installationen ist rspamd die klare Empfehlung.
