Please keep us informed. My pros and cons currently are:
- rspamd allows greylisting at particular level (so e.g. if spam level x reached, greylisting can be activated. That's really great as greylisting from my point of view does not help such good any more as in the past (about up to 10 years ago), but it could help, if possible spam is deferred by tempfail, on second try the spammers may already be on a dns relay blacklist without deferring valid mail, which could take then from minutes to hours to arrive (we do in our business a mass business with SLA response times, so delay is worst, which could happen and Proxmox idea of using SPF as an indicator not to greylist is not such a good idea as posted in the past, SPF is not such well deployed as expected, spammers also use SPF listed servers, so it's no good signal to disable greylisting for them, they also use DKIM, so also DMARC is no great option, they already learned and learned as first before server admins did to adjust their "how to get spam through" research, additional SPF would only be helpful, if it's also be usable for blocking and PMG requires SPF been activated (with blocking), if greylisting should be override by SPF, but it's like PGP/GPG and automatic fetching keys from the keyservers: some try out, don't see the advantage and forget about it, resulting in maybe already deleted keys still in the keyservers and unable to read encrypted mails as well as SPF records, which haven't been updated and anyone recognized
- rspamd allows learning ham or spam or fuzzy by posting the mails or fuzzy hash directly via GUI (much easier than doing it via CLI)
- rspamd has adjustable statistics (e.g. I still wonder, why PMG has Junk, Bounces and Viruses in their statistics but not spam and it's also not adjustable, however, this "complain to high heaven" (translation from dict.leo.org, should be in German "Jammern auf hohem Niveau")
- rspamd shows the from address as been shown in the mail client later-on as well as the subject in the statistics, so it's possible to determine, if spam handling is correct (as mails from service like Amazon SES, Mailchimp and many other so called ESPs are otherwise not determinable), I adjusted PMG to handle it similar, but I first need to open the log extract to check out and sometimes subject is BASE64-encoded, which makes it harder to check, Proxmox states that GDPR may be a show-stopper here, but as we are ISO 27001 as well as GDPR consultants, we see limited access here for admins, which also could check the mail archive etc., so if their have been rules established in the companies as required, that's no problem and if it should really be a problem, there could be an option to access details only in four eyes principle with the requirement to enter two passphrases to show details. However to check the measurement of anti-spam control working correct, there is no other way then accessing the details and for our employees, they are not allowed to use company mail for private mails, they can use web.de, gmx etc., which is not filtered or accessible by us, so we are "green" here
- rspamd shows the performed actions and spam scores directly in the "tracking center" (history) meanwhile in PMG this details are spread over several menu options (tracking center and statistics and last one also just in the view split by recipient, which is split by each recipient, so no e.g. domain wide access), so it's harder to get the full overview
- rspamd allows to reject mail at particular level via milter in the mail dialogue, so rejecting is legal e.g. in Germany instead of silently dropping
- rspamd has the option to integrate more antivirus engines, is shipped with DKIM support, more modern, much faster etc., which would make rspamd an optimal drop-in for SpamAssassin, but it also could be integrated with PMG and scorings could be taken to PMG SpamAssassin via regex to adjust their spam scores, also future development will focus on rspamd as there are many projects currently planning to provide addons for rspamd instead continue work for SpamAssassin
- rspamd has a mobile-friendly UI
As this are the pros, rspamd also has some cons:
- rspamd is really new, so it still has some bugs, changing designs etc., so in the short timeframe I tested it, some bugs arise, which would prevent me from using rspamd in productive environments
- rspamd showed not such good scores for me as expected, so it would require additional adjustments then the ones, I did with setup, e.g. I could import the lists I use for PMG, Pyzor and Razor is missing and I would primary need to learn rspamd similar to SpamAssassin bayes. For the first test it looked much worser than PMG in the beginning with no adjustments and as I already did a few adjustments, it did not got such better as PMG did with my customizations, so I focussed on PMG
- rspamd together with PMG also took some more system requirements than PMG only (for sure, and less than expected, but e.g. for my private installation it would require me to take a bigger environment, I don't want to pay for, as mentioned in my private blog post, it's a luxury problem, that I use a PMG in front of my private mail services, as private mail get filtered afterwards already by two antispam SaaS services, one free and another already included in my hosted exchange environment)
- rspamd together with PMG requires a newer postfix, which needs to be backported
- PMG shows good values currently with my adjustments, so no need to focus on another solution, just the only thing left, rejecting high score spam, still "makes me stupid", but I yet found a solution therefor, I will post about it lateron
- PMG has a very good GUI with access rights, LDAP integration etc., rspamd has a very restricted GUI with only one possible password. However, I won't expect rspamd to replace PMG but replacing SpamAssassin through rspamd, so both GUI should be integrated then
Sorry, if my text is a bit long or maybe confusing (ask me and I will explain). I had been often interrupted and need to rethink, what I planned to write. Who knows me private could consider, why I have been interrupted. ;-)
