I have currently set up reject_rbl_client in postfix/main.cf using ISPConfig panel (System | Server Config | Mail | Real-time Blackhole List). I think it might be better to let RSpamd do this filtering, but it seems ISPConfig panel offers no way to set that up. RSpamd documentation has info on RBL module, but I admit I do not understand how it would be used in practise. Can rspamd on ISPConfig system be configured to use suitable rbl databases? If so, any examples on how? Any experience on production system, does it work reasonably well or maybe better than letting postfix do it? PS What is your experience with rspamd documentation? When I read it, seems comprehensive and detailed, but when I try to apply to practise what I have learned, I get nowhere. I do not have this problem with other services and documentation. Am I the only one with this problem?
Oh boy do i feel you. It looks good on first sight, but after some time, when you try to apply stuff it's getting really shitty sometimes. I had my fights with rspamd. Alot of the docs are simply way to complex as everything is described very generic. As of now i am feeling quiet good with it as everything i tried to do i can, but there was alot of trial and error. Back to the RBL thing. I have loads of RBLs configured via modules.d/rbl.conf with rspamd. Here is a small part of that config: Code: zerospam { symbol = "RBL_ZEROSPAM"; checks = ['from']; rbl = "bl.0spam.org"; } dronebl { symbol = "RBL_DRONEBL"; checks = ['from']; rbl = "dnsbl.dronebl.org"; } senderscore { symbol = "RBL_SENDERSCORE"; checks = ['from']; rbl = "bl.score.senderscore.com"; } sem { symbol = "RBL_SEM"; rbl = "bl.spameatingmonkey.net"; ipv6 = false; checks = ['from']; } semIPv6 { symbol = "RBL_SEM_IPV6"; rbl = "bl.ipv6.spameatingmonkey.net"; ipv4 = false; ipv6 = true; checks = ['from']; } dnswl { symbol = "RCVD_IN_DNSWL"; rbl = "list.dnswl.org"; ipv6 = true; checks = ['from', 'received']; is_whitelist = true; whitelist_exception = "RCVD_IN_DNSWL"; whitelist_exception = "RCVD_IN_DNSWL_NONE"; whitelist_exception = "RCVD_IN_DNSWL_LOW"; whitelist_exception = "DNSWL_BLOCKED"; returncodes { RCVD_IN_DNSWL_NONE = "127.0.%d+.0"; RCVD_IN_DNSWL_LOW = "127.0.%d+.1"; RCVD_IN_DNSWL_MED = "127.0.%d+.2"; RCVD_IN_DNSWL_HI = "127.0.%d+.3"; DNSWL_BLOCKED = "127.0.0.255"; } } # Provided by https://virusfree.cz virusfree { symbol = "RBL_VIRUSFREE_UNKNOWN"; rbl = "bip.virusfree.cz"; ipv6 = true; checks = ['from']; returncodes { RBL_VIRUSFREE_BOTNET = "127.0.0.2"; } } nixspam { symbol = "RBL_NIXSPAM"; rbl = "ix.dnsbl.manitu.net"; ipv6 = true; checks = ['from']; } In the scores.d/rbl_group.conf i defined the scorings for the diffrent RBLs. again a small part: Code: "RBL_ZEROSPAM" { weight = 3.0; description = "From or Received adress is listed in 0spam BL"; } "RBL_DRONEBL" { weight = 3.0; description = "From or Received adress is listed in dronebl BL"; } "RBL_SENDERSCORE" { weight = 4.0; description = "From address is listed in senderscore.com BL"; } It works just fine. You can change the scoring in the Webinterface afterwards and the filters get applied correctly if they match. RBLs and Rspamd work great, at least for me. Running on prod system with alot of mails for years
I don't know against what you want to use the RBLs. In the example given by me i've only copied once with "from" checks. But you can use alot of other checks as stated in the docs.
Personally, I'm in favour of pushing as much work into Rspamd as I can, and let postfix stick to what it's supposed to do best, namely, deliver email Rspamd handles most of the heavy-duty things, namely, dealing with DKIM, with SRS address rewriting, RBLs (and white lists), and overall automatic spam filtering. This means that postfix can focus on receiving/delivering email fast, while Rspamd does its job. That said, I have such low email traffic overall, so I cannot really say how much of the spam goes through. What I do know is that perhaps 90% (possibly more!) of all incoming email is spam — but postfix + Rspamd catches all of that easily. Most cases come from wrongly configured reverse DNS for the spamming mail server, so these are very, very easy to catch. Currently, however, I haven't moved everything to Rspamd yet.
