I just migrated the first / a customer's mail server site away from Amavis+SpamAssassin to Rspamd. Main reasons for the migration were speed and the setup needed a polish up anyway. People on site had been complaining about too much SPAM for quite a while. Plus, it is always good to dive into something new. Mission accomplished.
Implemented functionalities:
- Sophos AV (savdi) antivirus checks backend
- Clam AV antivirus backend as fallback
- Auto-Learner CRON Job for SPAM mails published by https://artinvoice.hu
- Work-around lacking http proxy support
Unfortunately, I could not enable the full scope of Rspamd features, as that specific site I worked on is on a private network, behind a firewall, etc. Some features don't make sense there (e.g. greylisting) or are hard-disabled in Rspamd once it detects that the mail host is on some local network infrastructure (local as in RFC-1918, or the corresponding fd00:: RFC for IPv6 I currently can't remember).
Kudos + Thanks!
Rspamd is just awesome!!! I am really really pleased with the result (and so is the customer, I heard). Thanks to the upstream developers, thanks to the Debian maintainers of the rspamd Debian package. [1]
Credits + Thanks for sharing your Work
The main part of the work had already been documented in a blog post [2] by someome with the nick "zac" (no real name found). Thanks for that!
The Sophos AV integration was a little tricky at the start, but worked out well, after some trial and error, log reading, Rspamd code studies, etc.
On half way through, there was popped up one tricky part, that could be avoided by the Rspamd upstream maintainers in future releases. As far as I took from [3], Rspamd lacks support for retrieving its map files and such (hosted on *.rspamd.com, or other 3rd party providers) via a http proxy server. This was nearly a full blocker for my last project, as the customer's mail gateway is part of a larger infrastructure and hosted inside a double ring of firewalls. Only access to the internet leads over a non-transparent squid proxy server (one which I don't have control over).
To work around this, I set up a transparent https proxy on "localhost", using a neat Python script [4]. Thanks for sharing this script.
I love all the sharing we do in FLOSS
Working on projects like this is just pure fun. And deeply interesting, as well. Such a project is fun as this one has been 98% FLOSS and 100% in the spirit of FLOSS and the correlated sharing mentality. I love this spirit of sharing ones work with the rest of the world, may someone find what I have to share useful or not.
I invite everyone to join in with sharing and in fact, for the IT business, I dearly recommend it.
I did not post config snippets here and such (as some of them are really customer specific), but if you stumble over similar issues when setting up your anti-SPAM gateway mail site using Rspamd, feel free to poke me and I'll see how I can help.
light+love
Mike (aka sunweaver at debian.org)
References
- [1] In fact, I earlier this week coordinated with the previous Debian backports uploader and have now just uploaded rspamd 1.9.4-2~bpo10+1 to the Debian buster-backports NEW uploads queue...
- [2] https://words.bombast.net/rspamd-with-postfix-dovecot-debian-stretch/
- [3] https://github.com/rspamd/rspamd/issues/572
- [4] https://gist.github.com/nehaljwani/36de0a7f496b059d8804d5bb03230d67