email

I am using Rspamd since a while now and I happy with it. In a nutshell Rspamd is a fast, free and extensible spam filtering system.

To be honest I am not a guru when it comes to mail server configuration. Every time I'm hacking something in the mail territory I have to look up what is a MTA, MDA etc. Well, now I think I am kinda good at understanding emails.

Unlike spamassasin, Rspamd was simple to setup and has sane defaults so I adopted it merrily. As a bonus, it has a sexy Web UI.

In this post I'll provide my configuration for a nice integration with the Dovecot antispam plugin.

This is the first part of the Dovecot & Rspamd integration setup, talking about Rspamd autolearn integration with Dovecot antispam plugin.

Part 2 about mail filtering using Dovecot spamtest is here.

both Dovecot antispam plugins are deprecated in favour of AntispamWithSieve. If you have pigeonhole v0.4.14 or later, you should definitely use IMAPSieve instead.

Figuring out your dovecot antispam plugin version

There are two versions of the Dovecot antispam plugin:

  1. the original one written by Johannes Berg;
  2. a fork by Eugene Paskevich.

The configuration differ slightly between the two, so you need to find out which one you have installed (for info Debian package the original, while FreeBSD package the fork).

run man dovecot-antispam and check the end of the man page. If it contains something like:

    THIS FORK AUTHOR AND MAINTAINER
        o  Eugene Paskevich <eugene@raptor.kiev.ua>.

Then you have the fork version, otherwise it is the original.

Dovecot configuration

Add the antispam mail plugin to the relevant part of the imap configuration:

conf.d/20-imap.conf

1
2
3
4
5
6
7
protocol imap {
  ...
  # Space separated list of plugins to load (default is global mail_plugins).
  #mail_plugins = $mail_plugins
  mail_plugins = $mail_plugins antispam
  ...
}

Then configure the plugin (pick your matching version):

conf.d/90-plugin.conf (original version)

1
2
3
4
5
6
7
8
9
plugin {
    antispam_backend = pipe
    antispam_spam    = Junk
    antispam_trash   = Trash
    antispam_mail_sendmail = /usr/local/bin/rspamc
    antispam_mail_spam     = learn_spam
    antispam_mail_notspam  = learn_ham
    antispam_mail_sendmail_args = -h;localhost:11334;-P;q1
}

conf.d/90-plugin.conf (fork version)

1
2
3
4
5
6
7
8
9
plugin {
    antispam_backend = mailtrain
    antispam_spam    = Junk
    antispam_trash   = Trash
    antispam_mail_sendmail = /usr/local/bin/rspamc
    antispam_mail_spam     = learn_spam
    antispam_mail_notspam  = learn_ham
    antispam_mail_sendmail_args = -h;localhost:11334;-P;q1
}
  1. This is the part that differ between the original (pipe) and fork (mailtrain) version.
  2. YMMV, adapt the rspamc(1) executable path (/usr/local/bin/rspamc in this example).

What this configuration does is:

  • When a mail is moved from any IMAP directory (except Trash and Junk) to the Junk directory, the following command will be issued:
    % /usr/local/bin/rspamc -h localhost:11334 -P q1 learn_spam < mail
  • When a mail is moved from the Junk directory to any IMAP directory (except Trash and Junk) the following command will be issued:
    % /usr/local/bin/rspamc -h localhost:11334 -P q1 learn_ham < mail

So every time a user gets a spam into its Inbox, moving it into Junk will make Rspamd learn it as spam (and hopefully filter it better the next time). Every time someone gets a desired email into Junk, moving it into its Inbox (or else) will make Rspamd learn it as ham.

This is not perfect for all needs though. As you can see I use a system-wide spam/ham database, so choices from one user does effectively affect how Rspamd filter mail for every users.

Notes

Be sure to adapt the Rspamd password to the one you've choosen while configuring Rspamd. I've left the default password q1 in this example.

Be extra careful if you need to tweak antispam_mail_sendmail_args: it uses ; as separator for arguments. I remember having a lot of troubles while debugging because of that.

If you need help or want to know more about Rspamd, check the website or join #rspamd on freenode :D

Check out part 2 about mail filtering using Dovecot spamtest.

Comments