-
-
Notifications
You must be signed in to change notification settings - Fork 1.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
tracking: equivalent configs of SpamAssassin & Rspamd #3323
Comments
Okay so here's what I found: Like Amavis, Rspamd can integrate SA. We disable the SA module of Rspamd by default, but you can integrate it easily. However, there is a very likely possibility that not everything works. In case of a simple SA setup, everything should be fine though. Also see https://rspamd.com/doc/tutorials/migrate_sa.html#general-spamassassin-rules / https://www.rspamd.com/doc/modules/spamassassin.html! I used this page: https://rspamd.com/doc/tutorials/migrate_sa.html which you definitely want to read! |
This is a misunderstanding, but I guess the docs I've written could explain it a bit better. Here is the article from the Rspamd FAQ: https://www.rspamd.com/doc/faq.html#what-are-the-locald-and-overrided-directories. You can see that if you have: # contents of file.conf in local.d
lol = troll
foo = bar and # contents of file.conf in override.d
lol = 42 the you config in the end will look like this: ini = 42
foo = bar Basically, it's not a complete file override, but a forced override of the parts in the file :) I hope this clears up this part of the issue. This also clears up:
|
I'll post later today what the migrated SA rules would look like for Rspamd. |
Hey Thanks very much!!! I'll have a better read of all this. Just about this:
Thanks for clarifying! Seems I misunderstood what
But great, if it works incrementally, then! :) |
Here is what # `SPAMASSASSIN_SPAM_TO_INBOX=1` has no equivalent but is configured implicitly here
# There is no KAM for Rspamd (ENABLE_SPAMASSASSIN_KAM=1)
# add spam info headers if at, or above that level: (SA_TAG=-999.0)
# This is already enabled by default (`extended_spam_headers = true;`)!
set-option-for-module milter_headers extended_spam_headers true
# add 'spam detected' headers at that level (SA_TAG2=5.0)
set-option-for-module actions add_header 5
# triggers spam evasive actions (SA_KILL=999.0)
set-option-for-module actions reject null
# add tag to subject if spam detected
# by being empty, "***SPAM*** " (with a space) will be used (SA_SPAM_SUBJECT=undef)
set-option-for-module actions subject "" I have not tested or verified these settings myself though! |
Thanks very much!! Seems to be close to what I have. Since you said that I can have the files in
--
I added this last line now. It's probably safer to use Thank you very much!! I'll try to test this later. Have to be careful, every time I upgrade the mail servers!! |
Alright, I see Anyway - I tried both "999" and "null", and I'm getting the Gtube Pattern rejected :(
-- And in the Docker logs:
|
GTUBE will always be rejected, no matter what - this is expected (and fine IMO). The same should not hold for other emails though. But there is an issue when using ClamAV: I think that when Clam detects a virus, the email is rejected too. I think there is currently no way of disabling that in Rspamd (even though I am not sure whether you really want to have a mail which contains a virus... ClamAV is pretty good at these things). |
Thank you very much. So - I've just tested sending an "obviously spammy" email. It contains "Buy V****", "Congratulations!!", a money amount in USD, "click the link", "Dear sir or madam". If I send to a mailbox that is still on SpamAssassin, I get this:
Detected as spam 👍🏼 -- However, if I send to the mailbox that was upgraded to
The score is even negative!! Is this because I need to train the model first, or so? I was hoping there would be an already trained model, or a "blacklist" like SpamAssassin has, such as KAM, that we can keep updating automatically to catch new Spam emails. Thanks! |
(and btw @georglauterbach, just sponsored you for the second time (with a different profile) - big thanks for all you do) |
This sort of messages is an easy catch for SA but is a blind spot for Rspamd. The reason for that is that they are filtered by a set of regular expressions from KAM and other sources. These regular expressions are good in filtering of the |
Thank you very much! For me as a student, this helps a lot!! I am very grateful ❤️ |
@vstakhov confirmed my initial guess that this may not be Rspamd's stronghold as of now. What I can see from the extended headers, KAM is adding a lot of score for wording, etc., and Rspamd takes into account ARC (subtracting from the score), etc. But I think we could improve the situation, ether by doing something like KAM: a separate list that Rspamd can include; or (preferably) what @vstakhov proposed, to port some more rules from KAM/SA to Rspamd. @vstakhov could you give me a starting direction where to add these rules in Rspamd? I can try to look up which rules KAM applied. Maybe we can work out a solution. |
This is probably the way:
Also: https://rspamd.com/doc/modules/spamassassin.html Then we can just try to keep them updated. Not sure if |
I think Rspamd already applies many rules that SA applies in a similar fashion ("many SA rules are already implemented natively in Rspamd so you won’t get any benefit from including such rules from SA."). The score is mainly created by the KAM rules. We'd need to deal with KAM if I interpret the data correctly. |
Btw, A few messages above, this was suggested:
If we do this, the WHOLE subject will become empty, I believe. We need to add
I have this now, in my
|
You're correct: |
What just came to my mind: I use Abusix, which I documented as well. It is doing a great job at providing better spam scores, in addition to the already existing blocklists. But what we're mainly concerned about here is scanning of dubious words, phrases, etc. I found this documentation page, but I lack the time to dig more into this. I'd like to wait for @vstakhov's opinion on how we should proceed here. Just FYI: I'm starting my thesis at university now, so I lack the time to take on any bigger projects for now. If there are any questions, or you need help with a specific case, don't hesitate to ping me though :D |
Thank you very much for the suggestion. I need to focus on something else right now, too, but whenever I can, I'll try to get the SpamAssassin rules included in rspamd. I got a few emails marked as Spam already. rspamd does work, with the rules it has. I guess SA just helps a bit more, with those KAM rules. Good luck with your thesis!!! |
FYI: rspamd/rspamd#3990 # Disable some checks for authenticated users
# See: https://github.com/rspamd/rspamd/discussions/3990
authenticated {
priority = high;
authenticated = yes;
apply {
groups_enabled = ["policies", "dkim", "spf"];# Disable content checking and other rules
}
} |
Checking outbound emails is actually intended, but I'd agree that we need to communicate this, maybe even provide the recipe for disabling it. I will provide a PR. |
Thanks, I will gladly review it. Compared with spamassasin, we should disable this by default. I really think it can be harmful |
Posting this here too for visibility: It was noted that there is no equivalent of |
Thanks! What I have at the moment is this:
I know it was confusing when I was reading the documentation (mailserver and rspamd) at the time, and ended up figuring out that I'm not very confident about changing this now :-D I'll have to see if I can find what my understanding was at the time. But it makes sense to change to "100" or "999", I guess. |
I actually think you should stick with I'll add an entry to the docs. |
@georglauterbach - thank you!! About this issue (#3323) in specific, is there any plan to implement I'm not sure how I'd keep it updated. I used to have a cron that ran Many thanks! |
You're welcome :)
No, there are no such plans. I'd rather like to keep SA and Rspamd a bit separated in this concern, which is a decision related to maintainability.
I think users that are willing to integrate SA into Rspamd are very welcome to add a tutorial to our documentation though :) If you get it working, feel free to open a documentation PR that updates our docs so other users can benefit as well 🚀 |
Subject
I would like some feedback concerning a use case
Description
It's not clear if we have equivalent configs for these, that apply to
rspamd
:I just want to make sure all emails reach the Inbox (and not 100% rejected or moved to Junk), independently of their Spam score, but with Headers added to them.
I see that you allow us to completely override config files, by adding files to
override.d
, but from what you understand, you already make use oflocal.d
, which is the folder that can be used to override some configs.So, if I want to update just a few configs, but keeping your changes in
local.d
, how can I do that, without overriding the whole file inoverride.d
?Wouldn't it make more sense that the add-line custom command would add lines to
local.d
instead ofoverride.d
? We already can easily create files inoverride.d
, hence I'm not understanding howadd-line
is useful.Thank you very much!
The text was updated successfully, but these errors were encountered: