Rspamd セットアップ
サーバ
Published: 2022-11-21

すでにPostfixで動いているメールサーバにrspamdを追加するメモです。 サーバは Ubuntu20.04 です。

Redis をインストール

  • apt でインストール
# apt install redis
  • 起動しているのを確認
# systemctl status redis.service
active (running) を確認する
  • port 6379 で Listen していることを確認する
# ss -ltn | grep 6379
LISTEN  0        511            127.0.0.1:6379           0.0.0.0:*
LISTEN  0        511                [::1]:6379              [::]:*

0.0.0.0:6379や[::]:6379でListenしている場合、iptablesなどでファイアウォールをしていないと
外部からRedisに接続できてしまうので注意すること

Rspamd をインストール

  • apt でインストール
# apt install rspamd
  • ウィザードで設定を行う
# rspamadm configwizard
  ____                                     _
 |  _ \  ___  _ __    __ _  _ __ ___    __| |
 | |_) |/ __|| '_ \  / _` || '_ ` _ \  / _` |
 |  _ < \__ \| |_) || (_| || | | | | || (_| |
 |_| \_\|___/| .__/  \__,_||_| |_| |_| \__,_|
             |_|

Welcome to the configuration tool
We use /etc/rspamd/rspamd.conf configuration file, writing results to /etc/rspamd
Modules enabled: hfilter, phishing, mime_types, dkim_signing, asn, settings, regexp, arc, bayes_expiry, trie, rbl, ip_score, metadata_exporter, elastic, fuzzy_check, mid, multimap, chartable, surbl, dkim, maillist, once_received, emails, dmarc, forged_recipients, milter_headers, whitelist, force_actions, spf
Modules disabled (explicitly): url_tags, url_reputation, spamtrap, dcc, mx_check, rspamd_update
Modules disabled (unconfigured): spamassassin, clickhouse, metric_exporter, dynamic_conf, clustering, reputation, fuzzy_collect, external_services, antivirus, maps_stats
Modules disabled (no Redis): greylist, url_redirector, replies, neural, ratelimit, history_redis
Modules disabled (experimental):
Modules disabled (failed):
Do you wish to continue?[Y/n]:
Setup WebUI and controller worker:
Controller password is not set, do you want to set one?[Y/n]:
Enter passphrase:
Set encrypted password to: $2$gs11ok3kj9wi59qohk79j3q8bi8zp1zt$krfgsjfz6inj978snusspgbxzthwj94y6nh69upe4d6ep5h39dpb
Redis servers are not set:
The following modules will be enabled if you add Redis servers:
        * greylist
        * url_redirector
        * replies
        * neural
        * ratelimit
        * history_redis
Do you wish to set Redis servers?[Y/n]:
Input read only servers separated by `,` [default: localhost]:
Input write only servers separated by `,` [default: localhost]:
Do you have any password set for your Redis?[y/N]:
Do you have any specific database for your Redis?[y/N]:
Do you want to setup dkim signing feature?[y/N]:
You have 1 sqlite classifiers
Expire time for new tokens [100d]:
Reset previous data?[y/N]:
Do you wish to convert them to Redis?[Y/n]:
Convert spam tokens

Convert ham tokens

Migrated 0 tokens for 2 users for symbols (BAYES_SPAM, BAYES_HAM)
Converted classifier to the from sqlite to redis
File: /etc/rspamd/local.d/worker-controller.inc, changes list:
password => $********

File: /etc/rspamd/local.d/classifier-bayes.conf, changes list:
backend => redis
new_schema => true
expire => 8640000

File: /etc/rspamd/local.d/redis.conf, changes list:
write_servers => localhost
read_servers => localhost

Apply changes?[Y/n]:
Create file /etc/rspamd/local.d/worker-controller.inc
Create file /etc/rspamd/local.d/classifier-bayes.conf
Create file /etc/rspamd/local.d/redis.conf
3 changes applied, the wizard is finished now
*** Please reload the Rspamd configuration ***
  • Rspamd の reload
# systemctl reload rspamd
  • Webインターフェイス
        location /rspamd/ {
                allow 192.168.0.0/16;
                deny all;
                proxy_pass  http://127.0.0.1:11334/;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header Host $http_host;
        }

Postfix の設定

# vi /etc/postfix/main.cf
smtpd_milters = inet:localhost:11332
milter_default_action = accept