Need help onboarding with Rspamd + ISPConfig

Discussion in 'General' started by TonyG, Nov 24, 2020.

  1. TonyG

    TonyG Active Member

    I'll preface by saying I'm really trying here. I'm reading as much as I can about Rspamd, as fast as I can. I've watched three videos published by Vsevolod Stakhov - the only ones I can find that go beyond bare minimum installation. I need a guide to move forward more quickly. Links to RTFM, books, tutorials, blogs, etc are all welcome.

    1. Is there any documentation, design notes, planning spec, or some kind of feature list that details exactly what ISPConfig does in its interactions with Rspamd? I don't know what ISPC is doing for us. I don't know what it is supposed to do, or not, when details change.
      • For example, files get created/updated in /etc/rspamd/local.d/users/ whenever we modify a mailbox or alias. Is there a spec that says exactly what should be done so that we know what to expect and what to report if something is not working?
      • As another example, when is local.d/ updated? And does the rspamd service need to be restarted on update?
      • When developers are testing the Rspamd interface, do you have a list of things that you're looking for? Is there some test that you do where you make a change in ISPC and then go to Rspamd to see if it was reflected properly?
    2. Once we install Rspamd, is the RBL still used from in the ISPConfig Server Config > Mail > Real-time Blackhole List?
      • I don't know if Postfix is still doing RBL testing after Rspamd is installed.
    3. How do we put Rspamd into a debug mode so that we can see exactly what rules are being processed?
      • milter_headers.conf > extended_spam_headers = true; ?
    4. Is there an effective way to identify Rspamd rules that are not enabled that perhaps we would want to use?
    5. How do we train/test with spam/ham for a new domain coming onboard with ISPConfig? This would be procedural unless someone decided to create an addon to faciliate the process, right?
    6. So YOU have a list of configuration changes you make right after installing Rspamd?
    7. How are you using rspamadm configdump / configgraph to tune your environment?
    I know some of this crosses from being related to ISPConfig to being pure Rspamd. Some of the lines are blurry now and I'm looking for better resources for getting Rspamd-specific help. Ultimately my goal is to gather info here and elsewhere to help others who are using ISPConfig to onboard with Rspamd. Thanks for your patience as I get some of this sorted.
  2. Taleman

    Taleman Well-Known Member HowtoForge Supporter

    I installed RSpamd using the tutorial that shows how to switch from spamassassin/amavis to rspamd. It was enough to get a well working setup. Works better than the spammassin setup it replaced.
    The rspamd documentation is extensive, and I am sure it does document everything relevant. However, it is all reference documents so it does not help understanding rspamd at all.
    I'm OK with my rspamd setup. For a new setup what is needed is a way to prevent rspamd from discarding e-mails I wanted to get through. On my setup rspamd discarded lots of the reports logwatch and pflosumm sent from the servers I maintain. I still do not know a good way to make it stop doing that.
  3. TonyG

    TonyG Active Member

    We are in agreement that the extensive documentation is almost entirely for reference. I'm looking for details on the flow that each email takes through modules, rules, scoring, actions, etc. I understand it's event-driven and done with HTTP calls, so there is no single/blocking path as with other tools, and that a specific set of conditions can preclude other tests. I will be happy if I can see it flow into a module, through related rules, logging everything as it proceeds. The next step would be to see what the triggers are and then modifying the path that a given email (foo.eml file would take. I think that info would help you too.

    My first reaction to the challenge you present is that we need to ensure that whitelisted domains are processed first so that other rules aren't processed. Though in a case where a compromised address is being used to send around spam or malware, we still need to do some checking. So we need a good whitelist score for local mail, an approval for the authorized reports, and further testing for anything else. I believe the solution is to have the whitelist plus report rule aggregate to result in a custom symbol like LOCAL_REPORT. Then set the action for that symbol using Lua to move the email into a specified folder rather than deleting it.

    I have similar needs and will post here when I get something working. In general, I'd still really like to understand how others here are maintaining their Rspamd environment.

    BTW, per your recommendation I'm using pflogsumm and looking at logwatch. Thanks. So many tools, so little time.

Share This Page