Exactly, rspamd is just one more Spam Engine that adds a spam score to the E-Mail. Your other Mail Rules will then accordingly apply the rules you want. For me: at first, I remove the action to block e-mails higher than spam level 8, because rspamd has average higher spam scores than spam assassin. And then learning by doing and learning by the spam your users receive.
[TUTORIAL] Integrate rspamd as custom script
- Thread starter christian-b
- Start date
This is definitely something I will test it. I love rspamd, and I had better results with it than spamassasin even with defaults. And the spamassasin implementation on Proxmox is more or less useless. You cannot train ham, spam, etc. Set advanced rules. Spamassasin is only really powerful if you can train and customize but its very performance hungry which is why rspamd was created, supports similar scoring and rules but is more efficient.
This seems like the missing piece to actually be able to catch or train on very specific spam. Proxmox as a mail gateway/filtering works great. As a spam filter its average. This might actually make it actually catch those pesky personalized spam some people receive which are impossible to block as they come from Gmail, Outlook, etc.
The Script works without jq.
The drawback of the custom script is that no further SpamAssassin checks are executed if the returned score is greater than 5.0 and I often had the issue that the custom check seemed too high from my perspective.
At the same time, this created a latent problem where the score was capped between 5.0 and 9.9.
I’ve since had good results by halving the score in the “sensitive” range between 1.0 and 9.8:
The drawback of the custom script is that no further SpamAssassin checks are executed if the returned score is greater than 5.0 and I often had the issue that the custom check seemed too high from my perspective.
At the same time, this created a latent problem where the score was capped between 5.0 and 9.9.
I’ve since had good results by halving the score in the “sensitive” range between 1.0 and 9.8:
- Small scores (both positive and negative) are output 1:1.
- Very high scores > 9.8 are also output 1:1 and therefore immediately block the email in my SA.
- Medium scores between 1.0 and 9.8 are scaled and output between 0.5 and 4.9. This means they don’t block any further SA checks, but they do reduce the likelihood of unjustified false positives in combination with other SA-Checks.
Code:
#!/usr/bin/env bash
set -euo pipefail
# PMG custom check API v1: args: APIVERSION QUEUEFILENAME
if [[ $# -ne 2 ]]; then
echo "usage: $0 APIVERSION QUEUEFILENAME" >&2
exit 1
fi
apiver="$1"
queue_file="$2"
RSPAMD_HOST="127.0.0.1"
RSPAMD_PORT="11333"
echo "v1"
# Rspamd check
rspamc_out="$(rspamc -h "${RSPAMD_HOST}:${RSPAMD_PORT}" < "$queue_file" 2>/dev/null || true)"
score="$(awk -F': ' '/^Score: /{split($2,a," "); print a[1]; exit}' <<<"$rspamc_out")"
if [[ -n "${score:-}" ]]; then
capped_score=$(awk -v s="$score" 'BEGIN { if (s >= 1.0 && s <= 9.8) printf "%.1f", s/2; else print s }')
echo "SCORE: ${capped_score}"
else
echo "OK"
fi
exit 0
Last edited:
Sounds as a great idea. So is rspamd now very good in its scores? As I recently played a long time ago replacing SpamAssassin with rspamd, I was not such happy about the results of rspamd. What I liked and still is missing in PMG is the conditional greylisting. So for mail, which may be spam (or not) greylisting is activated meanwhile legit mail directly goes through and true spam get blocked as well, but as for the may be we hope at time of retesting, that spam may be on a blacklist then already and get blocked meanwhile legit mail then can get through a bit later.