# HowTo install Rspamd



## Donald Baud (Apr 27, 2017)

The King is dead long live Rspamd!

Rspamd is a very fast spam filtering system, it replaces mailscanner-spamassassin or amavisd-new. 
Did I say it's fast? indeed you will no longer experience delays with the mail queue. 
This is an efficient mail scanner!

Rspamd needs to be run from the MTA (smtp mail server) such as Sendmail, Postfix, Exim ...
I will be using Sendmail since it comes already installed with FreeBSD.

You will also need to install the following packages:
mail/rmilter an RMILTER only if you use Sendmail or Postfix
databases/redis a fast in-memory database
mail/dcc-dccd to test the bulkiness of mail messages
security/clamav an antivirus

Installing those packages is as simple as:
`pkg install mail/rmilter mail/rspamd databases/redis mail/dcc-dccd security/clamav`

Now onto configuring:

*- Configuring the Milter*
Notice: this is only necessary if you are using Sendmail or mail/postfix. 
In our case, we are using Sendmail:
Look for your mail configuration folder /etc/mail/
If you don't already have your custom sendmail configs, "make" them:

```
cd /etc/mail
make
make install
```
This will create two configuration files for Sendmail:
/etc/mail/your-hostname.example.com.mc and /etc/mail/your-hostname.example.com.submit.mc

Look at the bottom of  your /etc/mail/your-hostname.example.com.mc
and edit it: `ee /etc/mail/your-hostname.example.com.mc`
Almost at the bootom of the file add the two lines like so:

```
[...]
define(`confBIND_OPTS', `WorkAroundBrokenAAAA')
define(`confNO_RCPT_ACTION', `add-to-undisclosed')
define(`confPRIVACY_FLAGS', `authwarnings,noexpn,novrfy')

dnl //insert the rmilter config to pipe the message to rspamd
MAIL_FILTER(`rmilter', `S=unix:/var/run/rmilter/rmilter.sock, F=T')
define(`confINPUT_MAIL_FILTERS', `rmilter')
dnl //

MAILER(local)
MAILER(smtp)
```

Then you need to re-make Sendmail

```
cd /etc/mail
make
make install
```

Now we need to customize rmilter look for the file /usr/local/etc/rmilter.conf
We will disable Limits, Greylisting and DKIM functionality in the milter because we will let Rspam take care of those tasks:
`ee /usr/local/etc/rmilter.conf`

```
[...]
limits {
  enabled = no
[...]
greylisting {
  enabled = no
[...]
dkim {
  enabled = no
[...]
```

Schedule rmilter to be started automatically:
`sysrc rmilter_enable=YES`

And start rmilter:
`service rmilter start`

*- Configuring Rdis*
There isn't much to do here, just start the database:
Schedule Redis to be started automatically:
`sysrc redis_enable=YES`

And start Redis:
`service redis start`

*- Configuring ClamAV antivirus*
We just want to start the ClamAV daemon and Freshclam to update the signatures:

Schedule the antivirus to start automatically:
`sysrc clamav_clamd_enable=YES`
`sysrc clamav_freshclam_enable=YES`

Start the antivirus and the updater:
`service clamav_clamd start`
`service clamav_freshclam start`

*- Configuring DCC-DCCD to check mail bulkiness*
Customize the configuration file:
Change or uncomment the following variables in file: 
/usr/local/dcc/dcc_conf

```
DCCM_LOG_AT=NEVER
DCCM_REJECT_AT=MANY
DCCIFD_ENABLE=on
```

You will need to regularly clean the log files in /usr/local/dcc/log/
You can add the following in the root crontab:

```
# delete dcc log files sometimes at night
33 05 * * * /usr/bin/find /usr/local/dcc/log/ -not -newermt '1 days ago' -delete
```

Schedule dccifd to start automatically:
`sysrc dccifd_enable=YES`

Start the dccifd:
`service dccifd start`

*- Configuring the local name server*
Rspamd needs a very fast resolver because it does multiple RBLs and many DNS queries for the same message.
FreeBSD has a fast and lean caching DNS resolver. We just want to start it:

Schedule the nameserver to start automatically:
`sysrc local_unbound_enable=YES`

Start the nameserver:
`service local_unbound start`

Use the local nameserver as the only resolver.  Anything else is just too slow.
`ee /etc/resolv.conf`

```
domain   example.com
nameserver   127.0.0.1
```
*- Configuring Rspamd*
Rspamd uses multiple configurations files located in /usr/local/etc/rspamd/
The developper suggests not to edit the configuration files but to make additions or overrides in supplementary files namely:
/usr/local/etc/rspamd/rspamd.conf.local
/usr/local/etc/rspamd/local.d/

- Activate the log_helper. This will activate the Neural Network Module
`ee /usr/lcoal/etc/rspamd/rspamd.conf.local` 

```
worker {
        type = "log_helper";
        count = 1;
}
```

- Direct Rspamd to use the antivirus:
`ee /usr/lcoal/etc/rspamd/local.d/antivirus.conf` 

```
clamav {
          attachments_only = false;
          action = "reject";
          servers = "/var/run/clamav/clamd.sock";
}
```

- Activate the BAYES classifier:
`ee /usr/lcoal/etc/rspamd/local.d/classifier-bayes.conf` 

```
autolearn = true;
backend = "redis";
```

- Activate the DCC mail bulkiness module:
`ee /usr/lcoal/etc/rspamd/local.d/dcc.conf` 

```
host = "/usr/local/dcc/dccifd";
timeout = 5.0;
```


-Add a list of whitlisted domains to bypass greylisting:
`ee /usr/lcoal/etc/rspamd/local.d/greylist-whitelist-domains.inc` 

```
hotmail.com
gmail.com
google.com
your-own-domain.com
...
```

-Activate mx_check module:
`ee /usr/lcoal/etc/rspamd/local.d/mx_check.conf` 

```
enabled = true;
```

-Activate phishing module:
`ee /usr/lcoal/etc/rspamd/local.d/phishing.conf` 

```
openphish_enabled = true;

phishtank_enabled = true;
phishtank_map = "https://rspamd.com/phishtank/online-valid.json.zst";
```

- Define the local Redis server:
`ee /usr/lcoal/etc/rspamd/local.d/redis.conf` 

```
servers = "127.0.0.1";
```

- assign redirectors:
`ee /usr/lcoal/etc/rspamd/local.d/surbl.conf` 

```
redirector_hosts_map = "/usr/local/etc/rspamd/redirectors.inc";
```

-Activate url_reputation module:
`ee /usr/lcoal/etc/rspamd/local.d/url_reputation.conf` 

```
enabled = true;
```

-Activate url_tags module:
`ee /usr/lcoal/etc/rspamd/local.d/url_tags.conf` 

```
enabled = true;
```

- For security, don't allow the local Web User-Interface to be accessible from outside.  
Bind it to the localhost:
`ee /usr/lcoal/etc/rspamd/local.d/worker-normal.inc` 

```
bind_socket = "localhost:11333";
```
You will be able to access the Web interface buy creating an ssh tunnel like so:
`ssh -L 11334:localhost:11334 your-rspamd-host.example.com`
Then access the URL in your browser: http://localhost:11334

Schedule Rspamd to start automatically:
`sysrc rspamd_enable=YES`

Start rspamd:
`service rspamd start`

Then, make sure to restart your Sendmail:
`service sendmail restart`

=============
*Troubleshooting:*
Look at the following log files for troubleshooting:
/var/log/maillog
/var/log/rspamd/rspamd.log
/var/log/redis/redis.log

To check if the configuration is sane:
`rspamdadm configtest`

To review the configuration:
`rspamadm configdump`

Everytime you edit the configuration, you can reload without restarting the process:
`service rspamd reload`


----------



## freebuser (Oct 2, 2021)

Donald Baud said:


> The King is dead long live Rspamd!
> 
> Rspamd is a very fast spam filtering system, it replaces mailscanner-spamassassin or amavisd-new.
> Did I say it's fast? indeed you will no longer experience delays with the mail queue.
> ...


Just edited the 'lcoal' to local just in case someone wanted to copy and paste into CMD line.


----------

