すでにPostfixで動いているメールサーバにrspamdを追加するメモです。 サーバは Ubuntu20.04 です。
Redis をインストール
- apt でインストール
# apt install redis
- 起動しているのを確認
# systemctl status redis.service
active (running) を確認する
- port 6379 で Listen していることを確認する
# ss -ltn | grep 6379
LISTEN 0 511 127.0.0.1:6379 0.0.0.0:*
LISTEN 0 511 [::1]:6379 [::]:*
0.0.0.0:6379や[::]:6379でListenしている場合、iptablesなどでファイアウォールをしていないと
外部からRedisに接続できてしまうので注意すること
Rspamd をインストール
- apt でインストール
# apt install rspamd
- ウィザードで設定を行う
# rspamadm configwizard
____ _
| _ \ ___ _ __ __ _ _ __ ___ __| |
| |_) |/ __|| '_ \ / _` || '_ ` _ \ / _` |
| _ < \__ \| |_) || (_| || | | | | || (_| |
|_| \_\|___/| .__/ \__,_||_| |_| |_| \__,_|
|_|
Welcome to the configuration tool
We use /etc/rspamd/rspamd.conf configuration file, writing results to /etc/rspamd
Modules enabled: hfilter, phishing, mime_types, dkim_signing, asn, settings, regexp, arc, bayes_expiry, trie, rbl, ip_score, metadata_exporter, elastic, fuzzy_check, mid, multimap, chartable, surbl, dkim, maillist, once_received, emails, dmarc, forged_recipients, milter_headers, whitelist, force_actions, spf
Modules disabled (explicitly): url_tags, url_reputation, spamtrap, dcc, mx_check, rspamd_update
Modules disabled (unconfigured): spamassassin, clickhouse, metric_exporter, dynamic_conf, clustering, reputation, fuzzy_collect, external_services, antivirus, maps_stats
Modules disabled (no Redis): greylist, url_redirector, replies, neural, ratelimit, history_redis
Modules disabled (experimental):
Modules disabled (failed):
Do you wish to continue?[Y/n]:
Setup WebUI and controller worker:
Controller password is not set, do you want to set one?[Y/n]:
Enter passphrase:
Set encrypted password to: $2$gs11ok3kj9wi59qohk79j3q8bi8zp1zt$krfgsjfz6inj978snusspgbxzthwj94y6nh69upe4d6ep5h39dpb
Redis servers are not set:
The following modules will be enabled if you add Redis servers:
* greylist
* url_redirector
* replies
* neural
* ratelimit
* history_redis
Do you wish to set Redis servers?[Y/n]:
Input read only servers separated by `,` [default: localhost]:
Input write only servers separated by `,` [default: localhost]:
Do you have any password set for your Redis?[y/N]:
Do you have any specific database for your Redis?[y/N]:
Do you want to setup dkim signing feature?[y/N]:
You have 1 sqlite classifiers
Expire time for new tokens [100d]:
Reset previous data?[y/N]:
Do you wish to convert them to Redis?[Y/n]:
Convert spam tokens
Convert ham tokens
Migrated 0 tokens for 2 users for symbols (BAYES_SPAM, BAYES_HAM)
Converted classifier to the from sqlite to redis
File: /etc/rspamd/local.d/worker-controller.inc, changes list:
password => $********
File: /etc/rspamd/local.d/classifier-bayes.conf, changes list:
backend => redis
new_schema => true
expire => 8640000
File: /etc/rspamd/local.d/redis.conf, changes list:
write_servers => localhost
read_servers => localhost
Apply changes?[Y/n]:
Create file /etc/rspamd/local.d/worker-controller.inc
Create file /etc/rspamd/local.d/classifier-bayes.conf
Create file /etc/rspamd/local.d/redis.conf
3 changes applied, the wizard is finished now
*** Please reload the Rspamd configuration ***
- Rspamd の reload
# systemctl reload rspamd
- Webインターフェイス
location /rspamd/ {
allow 192.168.0.0/16;
deny all;
proxy_pass http://127.0.0.1:11334/;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
}
Postfix の設定
# vi /etc/postfix/main.cf
smtpd_milters = inet:localhost:11332
milter_default_action = accept