Rspamd: Difference between revisions
imported>Onny Add note on enable bayesian spam training |
configuration of secrets |
||
| (5 intermediate revisions by 5 users not shown) | |||
| Line 7: | Line 7: | ||
{{file|/etc/nixos/configuration.nix|nix|<nowiki> | {{file|/etc/nixos/configuration.nix|nix|<nowiki> | ||
services.rspamd.enable = true; | services.rspamd.enable = true; | ||
</nowiki>}} | |||
To use Rspamd with Postfix add | |||
{{file|/etc/nixos/configuration.nix|nix|<nowiki> | |||
services.rspamd.postfix.enable = true; | |||
</nowiki>}} | </nowiki>}} | ||
| Line 13: | Line 19: | ||
=== Bayesian spam training === | === Bayesian spam training === | ||
To enable bayesian spam training, a | To enable bayesian spam training, enable a Redis instance and configure it in Rspamd as a backend | ||
{{file|/etc/nixos/configuration.nix|nix|<nowiki> | {{file|/etc/nixos/configuration.nix|nix|<nowiki> | ||
| Line 30: | Line 36: | ||
services.redis.servers.rspamd = { | services.redis.servers.rspamd = { | ||
enable = true; | enable = true; | ||
# 0 disables listening to TCP ports and will only use unix sockets. Default | |||
# unix socket path is /run/redis-${name}/redis.sock thus | |||
# /run/redis-rspamd/redis.sock here. | |||
port = 0; | port = 0; | ||
user = config.services.rspamd.user; | user = config.services.rspamd.user; | ||
}; | }; | ||
| Line 67: | Line 75: | ||
systemd.services.rspamd.serviceConfig.SupplementaryGroups = [ "maddy" ]; | systemd.services.rspamd.serviceConfig.SupplementaryGroups = [ "maddy" ]; | ||
</nowiki>}} | </nowiki>}} | ||
=== Secrets === | |||
Sometimes you need to provide secrets which should not be kept in the public store. In this example we add an API key to GPT module. You need to have the file with a name for example `ai.conf` with content: | |||
{{file|/var/spool/keys/ai.conf|nix|<nowiki> | |||
api_key = "your_secret_key"; | |||
</nowiki>}} | |||
and prepare your GPT configuration - in this example it's only part of it, consult the GPT module documentation. | |||
{{file|/etc/nixos/configuration.nix|nix|<nowiki> | |||
services.rspamd = { | |||
overrides = { | |||
"gpt.conf".text = '' | |||
enabled = true; | |||
#api_key = ""; # API KEY IN SECRETS!!! | |||
.include(try=true; priority=10,duplicate=merge) "/var/spool/keys/ai.conf" | |||
autolearn = true; | |||
''; | |||
}; | |||
}; | |||
</nowiki>}} | |||
== Tips and tricks == | |||
=== Helper script to train rspamd === | |||
The following example enables [https://gitlab.com/onlime/rspamd-trainer rspamd-trainer] as a daemon which will run every 10 minutes to check for mails in the inbox of <code>myuser@example.com</code> which should be used for spam/ham training. | |||
{{file|/etc/nixos/configuration.nix|nix|<nowiki> | |||
services.rspamd-trainer = { | |||
enable = true; | |||
settings = { | |||
HOST = "example.com"; | |||
USERNAME = "myuser@example.com"; | |||
INBOXPREFIX = "INBOX/"; | |||
}; | |||
secrets = [ | |||
# Do not use this in production. This will make passwords | |||
# world-readable in the Nix store | |||
"${pkgs.writeText "secrets" '' | |||
PASSWORD = test123 | |||
''}" | |||
]; | |||
}; | |||
</nowiki>}} | |||
The script will look into <code>INBOX/report_ham</code> and <code>INBOX/report_spam</code> respectivley for mails which will be feed into rspamd for training. After that they get moved to <code>INBOX/learned_ham</code> and <code>INBOX/learned_spam</code>. The report directories have to be created before that. You can do this using openssl: | |||
<syntaxhighlight lang="console"> | |||
# openssl s_client -connect example.com:993 -crlf | |||
A login myuser@example.com test123 | |||
A create "INBOX/report_spam" | |||
A create "INBOX/report_ham" | |||
A create "INBOX/report_spam_reply" | |||
</syntaxhighlight> | |||
[[Category:Mail Server]] | [[Category:Mail Server]] | ||
[[Category:Server]] | |||