rspamd?
My home-brew spam filtering system is getting kind of long in the tooth… It's a ruby program that relies on:
- crm114 (which provides the statistical filtering) isn't maintained anymore; and
- spamassassin (which provides the heuristic filtering) hasn't had a meaningful update in several years (despite the promise of SA 4.0 "real soon now"…4.0 has been more than 5 years in development and there's not even any betas or RCs to try out).
Although the system works exceedingly well, I'm looking toward the future for something else and my attention has been drawn to rspamd. Anyone out there in Linode-land have any experience with rspamd? If so, what are your thoughts?
My mail server is pretty low volume so rspamd may be overkill… I would prefer to run it alongside postfix with communication via Unix-domain sockets. If it all works out, I have one other mail filter that I implement as an rspamd plugin.
Is the lua language hard to learn? I'm completely self-taught in ruby but I picked it up quickly and I can now dash off several pages of it in pretty short order.
rspamd uses a redis database server for a lot of it's functions. I don't have any experience with these so I'm curious as to your thoughts about redis as well.
The reason rspamd appeals to me is that, even though it might be pretty "heavyweight", it seems that it can replace several milters used for SPF, DMARC and DKIM…in addition to spamd and crm114.
Although the target OS for this is FreeBSD, I'm pretty conversant in Linux-speak so I can do the translation in my head. I also have two small FreeBSD systems at home where I can stage/experiment with this before it goes into production.
Thanks in advance…
-- sw
2 Replies
After an aborted experience using bogofilter (it was nearly a drop in replacement for what I already had), I decided to go with rspamd.
Boy! Howdy! This thing is amazing!
- It's fast.
- It has a web interface where you can adjust scores, etc on the fly (not very useful to me but I'm finding it to be a useful source of status information).
- Once you get used to the configuration model, it's pretty easy to set up (and the online docs are decent).
- It handles a whole bunch of stuff that I had to do with milters (and daemons providing the milter service) -- greylisting, SPF, DKIM (both signing and verification) and DMARC (I was able to use my existing DNS records for all these).
- It can set up honeypots for learning.
- It can interface with an existing spamassassin installation (and there's a conversion guide).
- rspamd is scriptable using luajit so it can be uniquely customized (apart from just different operating parameter values)
- Did I mention that it's fast?
As the complete conversion is an evolutionary process, the next step is to move the RBL and DNSBL queries from postfix to rspamd.
rspamd is prob overkill for what I need but it replaces a whole bunch of stuff that I had previously implemented with separate packages. Since it interfaces with postfix using a socket (either unix-domain or internet-domain), it can live on a separate server from the postfix installation (network latency will apply).
The backing store is redis -- an open source, in-memory key-value database. It's lighting fast and doesn't seem to take up a lot of memory (my current installation takes up about 5Mb of main memory -- much less than all the milter daemons.
So far, it seems to be pretty accurate…and it auto-learns.
If you need fast, accurate, in-pipeline spam filtering, you should definitely check out rspamd!
-- sw
P.S. rspamd is for implementation as part of the delivery pipeline so it's for email servers only…not for those of you that want after-delivery scanning.
i'm been using this https://sourceforge.net/projects/assp/ for +5 years now, stop close to 99% of the spam.