Rspamd: Difference between revisions
imported>Onny Add note on enable bayesian spam training |
imported>Onny Add tip on spam training |
||
Line 67: | Line 67: | ||
systemd.services.rspamd.serviceConfig.SupplementaryGroups = [ "maddy" ]; | systemd.services.rspamd.serviceConfig.SupplementaryGroups = [ "maddy" ]; | ||
</nowiki>}} | </nowiki>}} | ||
== Tips and tricks == | |||
=== Helper script to train rspamd === | |||
{{note|This approach is not yet stable and will be available in the upcoming NixOS 24.05 release.}} | |||
The following example enables [https://gitlab.com/onlime/rspamd-trainer rspamd-trainer] as a daemon which will run every 10 minutes to check for mails in the inbox of <code>myuser@example.com</code> which should be used for spam/ham training. | |||
{{file|/etc/nixos/configuration.nix|nix|<nowiki> | |||
services.rspamd-trainer = { | |||
enable = true; | |||
settings = { | |||
HOST = "example.com"; | |||
USERNAME = "myuser@example.com"; | |||
INBOXPREFIX = "INBOX/"; | |||
}; | |||
secrets = [ | |||
# Do not use this in production. This will make passwords | |||
# world-readable in the Nix store | |||
"${pkgs.writeText "secrets" '' | |||
PASSWORD = test123 | |||
''}" | |||
]; | |||
}; | |||
</nowiki>}} | |||
The script will look into <code>INBOX/report_ham</code> and <code>INBOX/report_spam</code> respectivley for mails which will be feed into rspamd for training. After that they get moved to <code>INBOX/learned_ham</code> and <code>INBOX/learned_spam</code>. The report directories have to be created before that. You can do this using openssl: | |||
<syntaxhighlight lang="console"> | |||
# openssl s_client -connect example.com:993 -crlf | |||
A login myuser@example.com test123 | |||
A create "INBOX/report_spam" | |||
A create "INBOX/report_ham" | |||
A create "INBOX/report_spam_reply" | |||
</syntaxhighlight> | |||
[[Category:Mail Server]] | [[Category:Mail Server]] |
Revision as of 13:55, 28 December 2023
Rspamd is a fast, free and open-source spam filtering system.
Installation
To enable Rspamd add following line to your system configuration
/etc/nixos/configuration.nix
services.rspamd.enable = true;
Configuration
Bayesian spam training
To enable bayesian spam training, a Redis backend needs to get setup and configured in Rspamd
/etc/nixos/configuration.nix
services.rspamd = {
locals = {
"redis.conf".text = ''
servers = "${config.services.redis.servers.rspamd.unixSocket}";
'';
"classifier-bayes.conf".text = ''
backend = "redis";
autolearn = true;
'';
};
};
services.redis.servers.rspamd = {
enable = true;
port = 0;
unixSocket = "/run/redis-rspamd/redis.sock";
user = config.services.rspamd.user;
};
Whitelist domain
To whitelist a specific domain (in this example the domain example.org
) which otherwise gets rejected by Rspamd for various reasons, this custom configuration override can be added:
/etc/nixos/configuration.nix
services.rspamd = {
enable = true;
overrides."whitelist.conf".text = ''
whitelist_from {
example.org = true;
}
'';
};
DKIM key
This module verifies the authenticity of emails through the analysis of DKIM signatures. In this example, we're configure a custom DKIM key file path suitable for the mailserver Maddy and adjust the group permissions for the Rspamd service.
/etc/nixos/configuration.nix
services.rspamd = {
enable = true;
locals."dkim_signing.conf".text = ''
selector = "default";
domain = "example.org";
path = "/var/lib/maddy/dkim_keys/$domain_$selector.key";
'';
};
systemd.services.rspamd.serviceConfig.SupplementaryGroups = [ "maddy" ];
Tips and tricks
Helper script to train rspamd
The following example enables rspamd-trainer as a daemon which will run every 10 minutes to check for mails in the inbox of myuser@example.com
which should be used for spam/ham training.
/etc/nixos/configuration.nix
services.rspamd-trainer = {
enable = true;
settings = {
HOST = "example.com";
USERNAME = "myuser@example.com";
INBOXPREFIX = "INBOX/";
};
secrets = [
# Do not use this in production. This will make passwords
# world-readable in the Nix store
"${pkgs.writeText "secrets" ''
PASSWORD = test123
''}"
];
};
The script will look into INBOX/report_ham
and INBOX/report_spam
respectivley for mails which will be feed into rspamd for training. After that they get moved to INBOX/learned_ham
and INBOX/learned_spam
. The report directories have to be created before that. You can do this using openssl:
# openssl s_client -connect example.com:993 -crlf
A login myuser@example.com test123
A create "INBOX/report_spam"
A create "INBOX/report_ham"
A create "INBOX/report_spam_reply"