Rspamd (Ubuntu 18.04): Unterschied zwischen den Versionen
(164 dazwischenliegende Versionen desselben Benutzers werden nicht angezeigt) | |||
Zeile 1: | Zeile 1: | ||
== Voraussetzungen == | |||
- [[Redis-Server (Ubuntu)|Redis-Server]] muss installiert sein (keine weitere Konfiguration notwendig). | |||
== Installation == | == Installation == | ||
<pre> | <pre> | ||
sudo apt-get install | sudo su | ||
apt-get install -y lsb-release wget # optional | |||
CODENAME=`lsb_release -c -s` | |||
wget -O- https://rspamd.com/apt-stable/gpg.key | apt-key add - | |||
echo "deb [arch=amd64] http://rspamd.com/apt-stable/ $CODENAME main" > /etc/apt/sources.list.d/rspamd.list | |||
echo "deb-src [arch=amd64] http://rspamd.com/apt-stable/ $CODENAME main" >> /etc/apt/sources.list.d/rspamd.list | |||
apt-get update | |||
apt-get --no-install-recommends install rspamd | |||
exit | |||
</pre> | |||
In der Version <code>Rspamd daemon version 1.8.1</code> fehlt für das Webinterface das JavaScript-Paket <code>d3.min.js</code> (siehe [[Rspamd_(Ubuntu_18.04)#Uncaught_TypeError:_d3.arc_is_not_a_function|Probleme]]): | |||
<pre> | |||
cd ~/temp/ | |||
wget https://github.com/d3/d3/releases/download/v6.3.1/d3.zip | |||
unzip d3.zip | |||
sudo cp d3.min.js /usr/share/rspamd/www/js/lib/d3.min.js | |||
</pre> | </pre> | ||
=== Links === | |||
[https://rspamd.com/downloads.html https://rspamd.com/downloads.html] | |||
== Konfiguration == | == Konfiguration == | ||
Den Dämon stoppen: | |||
<pre> | |||
sudo systemctl stop rspamd.service | |||
</pre> | |||
=== /etc/rspamd/local.d/options.inc === | |||
Die Datei | |||
<pre> | <pre> | ||
Zeile 11: | Zeile 46: | ||
</pre> | </pre> | ||
=== main.cf === | für globale Netzwerkkonfigurationen anlegen und mit folgenden Inhalt befüllen: | ||
<pre> | |||
local_addrs = "127.0.0.0/8, ::1"; | |||
dns { | |||
nameserver = ["10.0.0.157:53:10"]; | |||
} | |||
</pre> | |||
Es können auch mehrere Mailserver mit Gewichtung angegeben werden. Muster: <code><ip address>:<port>:<weight></code> | |||
==== Links ==== | |||
[https://rspamd.com/doc/configuration/options.html https://rspamd.com/doc/configuration/options.html] | |||
=== /etc/rspamd/local.d/worker-normal.inc === | |||
Die Datei | |||
<pre> | |||
sudo vi /etc/rspamd/local.d/worker-normal.inc | |||
</pre> | |||
für Konfiguration des ''normal worker'' anlegen und mit folgenden Inhalt befüllen: | |||
<pre> | |||
bind_socket = "localhost:11333"; | |||
</pre> | |||
==== Links ==== | |||
[https://rspamd.com/doc/workers/ https://rspamd.com/doc/workers/] | |||
=== /etc/rspamd/local.d/worker-controller.inc === | |||
Die Datei | |||
<pre> | |||
sudo vi /etc/rspamd/local.d/worker-controller.inc | |||
</pre> | |||
für Controller-Einstellungen anlegen und mit folgenden Inhalt befüllen: | |||
<pre> | |||
password = "<password for web-interface>"; | |||
</pre> | |||
Das Passwort wird mittels dem Kommando | |||
<pre> | |||
rspamadm pw | |||
</pre> | |||
generiert. | |||
==== Links ==== | |||
[https://rspamd.com/doc/workers/ https://rspamd.com/doc/workers/] | |||
=== /etc/rspamd/local.d/worker-proxy.inc === | |||
Die Datei | |||
<pre> | |||
sudo vi /etc/rspamd/local.d/worker-proxy.inc | |||
</pre> | |||
für Konfiguration des ''proxy worker'' anlegen (zuständig für Milter) und mit folgenden Inhalt befüllen: | |||
<pre> | |||
bind_socket = "localhost:11332"; | |||
milter = yes; | |||
timeout = 120s; | |||
upstream "local" { | |||
default = yes; | |||
self_scan = yes; | |||
} | |||
</pre> | |||
==== Links ==== | |||
[https://rspamd.com/doc/workers/rspamd_proxy.html https://rspamd.com/doc/workers/rspamd_proxy.html] | |||
=== /etc/rspamd/local.d/logging.inc === | |||
Die Datei | |||
<pre> | |||
sudo vi /etc/rspamd/local.d/logging.inc | |||
</pre> | |||
für Logging-Einstellungen anlegen und mit folgenden Inhalt befüllen: | |||
<pre> | |||
type = "file"; | |||
filename = "/var/log/rspamd/rspamd.log"; | |||
level = "error"; | |||
debug_modules = []; | |||
</pre> | |||
==== Links ==== | |||
[https://rspamd.com/doc/configuration/logging.html https://rspamd.com/doc/configuration/logging.html] | |||
=== /etc/rspamd/local.d/milter_headers.conf === | |||
Die Datei | |||
<pre> | |||
sudo vi /etc/rspamd/local.d/milter_headers.conf | |||
</pre> | |||
für Milter-Headers-Einstellungen anlegen und mit folgenden Inhalt befüllen: | |||
<pre> | |||
use = ["x-spamd-bar", "x-spam-level", "authentication-results"]; | |||
authenticated_headers = ["authentication-results"]; | |||
</pre> | |||
==== Links ==== | |||
[https://rspamd.com/doc/modules/milter_headers.html https://rspamd.com/doc/modules/milter_headers.html] | |||
=== /etc/rspamd/local.d/classifier-bayes.conf === | |||
Die Datei | |||
<pre> | |||
sudo vi /etc/rspamd/local.d/classifier-bayes.conf | |||
</pre> | |||
für Statistik- bzw. Caching-Einstellungen anlegen und mit folgenden Inhalt befüllen: | |||
<pre> | |||
## Redis als Backend definieren ## | |||
servers = "127.0.0.1"; | |||
backend = "redis"; | |||
</pre> | |||
==== Links ==== | |||
[https://rspamd.com/doc/quickstart.html https://rspamd.com/doc/quickstart.html] | |||
=== /etc/rspamd/local.d/redis.conf === | |||
=> siehe dazu auch [[Redis-Server (Ubuntu)|Redis-Server]] | |||
Die Datei | |||
<pre> | |||
sudo vi /etc/rspamd/local.d/redis.conf | |||
</pre> | |||
für Redis-Einstellungen anlegen und mit folgenden Inhalt befüllen: | |||
<pre> | |||
servers = "127.0.0.1"; | |||
</pre> | |||
==== Links ==== | |||
[https://rspamd.com/doc/configuration/redis.html https://rspamd.com/doc/configuration/redis.html] | |||
[https://kb.leuxner.net/article/rspamd-statistics-configuration-with-redis/ https://kb.leuxner.net/article/rspamd-statistics-configuration-with-redis/] | |||
== White-Listing == | |||
Zur Übernahme der Konfiguration den Server neustarten: | |||
<pre> | |||
sudo systemctl restart rspamd.service | |||
</pre> | |||
=== White-Listing von Domänen === | |||
Bearbeiten/Anlegen der Datei | |||
<pre> | |||
sudo vi /etc/rspamd/local.d/multimap.conf | |||
</pre> | |||
und mit folgendem Inhalt befüllen (<code>score</code> wird von der Spambewertung abgezogen): | |||
<pre> | |||
WHITELIST_SENDER_DOMAIN { | |||
type = "from"; | |||
filter = "email:domain:tld"; | |||
map = "${LOCAL_CONFDIR}/local.d/whitelist.sender.domain.map"; | |||
score = accept; | |||
} | |||
</pre> | |||
Bearbeiten/Anlegen der Datei | |||
<pre> | |||
sudo vi /etc/rspamd/local.d/whitelist.sender.domain.map | |||
</pre> | |||
und mit den Domönen, die nicht gefiltert werden sollen, befüllen: | |||
<pre> | |||
wunschliste.de | |||
e-tec.at | |||
thalia.at | |||
hot.at | |||
der-schweighofer.at | |||
kirner.or.at | |||
gmx.at | |||
q-point.com | |||
willhaben.at | |||
goovis.net | |||
bettenreiter.at | |||
</pre> | |||
=== White-Listing von Mail-Adressen === | |||
Bearbeiten/Anlegen der Datei | |||
<pre> | |||
sudo vi /etc/rspamd/local.d/multimap.conf | |||
</pre> | |||
und mit folgendem Inhalt befüllen (<code>score</code> wird von der Spambewertung abgezogen): | |||
<pre> | |||
WHITELIST_SENDER_EMAIL { | |||
type = "from"; | |||
map = "${LOCAL_CONFDIR}/local.d/whitelist.sender.email.map"; | |||
action = "accept"; | |||
} | |||
</pre> | |||
Bearbeiten/Anlegen der Datei | |||
<pre> | |||
sudo vi /etc/rspamd/local.d/whitelist.sender.email.map | |||
</pre> | |||
und mit den Mail-Adressen, die nicht gefiltert werden sollen, befüllen: | |||
<pre> | |||
benachrichtigung@wunschliste.de | |||
</pre> | |||
=== Links === | |||
[https://www.virtualweb.at/blog/141-whitelist-sender-domain-bei-rspamd https://www.virtualweb.at/blog/141-whitelist-sender-domain-bei-rspamd] | |||
[https://gist.github.com/ThomasLeister/f41adad98bb46d0c8418de50b5efb4a0 https://gist.github.com/ThomasLeister/f41adad98bb46d0c8418de50b5efb4a0] | |||
[https://www.rspamd.com/doc/modules/whitelist.html https://www.rspamd.com/doc/modules/whitelist.html] | |||
[https://www.rspamd.com/doc/modules/multimap.html https://www.rspamd.com/doc/modules/multimap.html] | |||
== Grey-Listing deaktvieren == | |||
Der Begriff Greylisting bezeichnet eine Form der Spam-Bekämpfung bei E-Mails, bei der die erste E-Mail von unbekannten Absendern zunächst abgewiesen und erst nach einem weiteren Zustellversuch angenommen wird [https://de.wikipedia.org/wiki/Greylisting]. | |||
Dazu die Datei | |||
<pre> | |||
sudo vi /etc/rspamd/local.d/greylist.conf | |||
</pre> | |||
anlegen bzw. bearbeiten und folgendes eintragen: | |||
<pre> | |||
enabled = false; | |||
</pre> | |||
=== Links === | |||
[https://rspamd.com/doc/modules/ https://rspamd.com/doc/modules/] | |||
== DKIM Signing == | |||
{{note|Nur, wenn nicht ''OpenDKIM'' verwendet wird!}} | |||
Erstellen des privaten (<code>2020.key</code>) Schlüssels und des öffentlichen DNS-TXT (<code>2020.txt</code>) Eintrages: | |||
<pre> | |||
sudo -i | |||
mkdir /var/lib/rspamd/dkim/ | |||
rspamadm dkim_keygen -b 2048 -s '2020' -k /var/lib/rspamd/dkim/2020.key > /var/lib/rspamd/dkim/2020.txt | |||
chown -R _rspamd:_rspamd /var/lib/rspamd/dkim | |||
chmod 440 /var/lib/rspamd/dkim/* | |||
exit | |||
</pre> | |||
Der Parameter <code>-s</code> ist ein Selektor, welcher in der DNS-TXT-Datei (Auschnitt aus der Datei ''2020.txt'': <code>2020._domainkey IN TXT</code>) verwendet wird. | |||
Dieser Selektor is frei wählbar - hier wurde die Jahreszahl der Erstellung gewählt. | |||
Diesen Schlüssel in die Datei | |||
<pre> | |||
sudo vi /etc/rspamd/local.d/dkim_signing.conf | |||
</pre> | |||
eintragen: | |||
<pre> | |||
path = "/var/lib/rspamd/dkim/$selector.key"; | |||
selector = "2020"; | |||
### Enable DKIM signing for alias sender addresses | |||
allow_username_mismatch = true; | |||
</pre> | |||
Im Anschluss diese Konfiguration auch noch für das ARC-Modul kopieren: | |||
<pre> | |||
sudo cp /etc/rspamd/local.d/dkim_signing.conf /etc/rspamd/local.d/arc.conf | |||
</pre> | |||
{{note|Noch in Bearbeitung - TXT-Record in die Domäne eintragen}} | |||
=== Links === | |||
[https://rspamd.com/doc/modules/dkim_signing.html https://rspamd.com/doc/modules/dkim_signing.html] | |||
[https://rspamd.com/doc/modules/arc.html https://rspamd.com/doc/modules/arc.html] | |||
[https://www.heise.de/ct/artikel/E-Mails-signieren-mit-DKIM-221505.html?seite=all https://www.heise.de/ct/artikel/E-Mails-signieren-mit-DKIM-221505.html?seite=all] | |||
== Apache == | |||
<pre> | |||
sudo a2enmod proxy | |||
sudo a2enmod proxy_http | |||
sudo a2enmod rewrite | |||
</pre> | |||
<pre> | |||
sudo systemctl restart apache2.service | |||
</pre> | |||
<pre> | |||
cd /etc/apache2/sites-available | |||
sudo vi rspamd1.conf | |||
</pre> | |||
<pre> | |||
<VirtualHost *:80> | |||
ServerName rspamd1.kirner.or.at | |||
ServerPath / | |||
DocumentRoot /var/www | |||
DirectoryIndex index.html | |||
RewriteEngine on | |||
RewriteRule ^/rspamd$ /rspamd/ [R] | |||
ProxyPreserveHost On | |||
ProxyPass /rspamd http://localhost:11334/ | |||
ProxyPassReverse /rspamd http://localhost:11334/ | |||
</VirtualHost> | |||
</pre> | |||
<pre> | |||
<VirtualHost *:80> | |||
ServerName rspamd1.kirner.or.at | |||
DocumentRoot /var/www | |||
ProxyVia On | |||
ProxyRequests Off | |||
<Location "/"> | |||
ProxyPass http://localhost:11334/ | |||
ProxyPassReverse http://localhost:11334/ | |||
Order allow,deny | |||
Allow from all | |||
</Location> | |||
</VirtualHost> | |||
</pre> | |||
<pre> | |||
sudo a2ensite rspamd1.conf | |||
sudo systemctl reload apache2.service | |||
</pre> | |||
== Postfix == | |||
=== /etc/postfix/main.cf === | |||
Die Datei | |||
<pre> | <pre> | ||
sudo vi /etc/postfix/main.cf | sudo vi /etc/postfix/main.cf | ||
</pre> | </pre> | ||
bearbeiten und am Ende folgende Konfigurationen hinzufügen: | |||
<pre> | <pre> | ||
## Spamfilter und DKIM-Signaturen via Rspamd ## | |||
## Spamfilter und DKIM-Signaturen via Rspamd | |||
## | |||
smtpd_milters = inet:localhost:11332 | smtpd_milters = inet:localhost:11332 | ||
Zeile 28: | Zeile 448: | ||
milter_default_action = accept | milter_default_action = accept | ||
</pre> | </pre> | ||
== Dovecot == | |||
=== dovecot.conf === | === dovecot.conf === | ||
Die Datei | |||
<pre> | <pre> | ||
sudo vi /etc/dovecot/dovecot.conf | sudo vi /etc/dovecot/dovecot.conf | ||
</pre> | </pre> | ||
bearbeiten und im Abschnitt ''plugin'' (am Ende) folgende Konfigurationen hinzufügen: | |||
==== Speicherort lokal ==== | |||
<pre> | <pre> | ||
plugin { | plugin { | ||
sieve_plugins = sieve_imapsieve sieve_extprograms | sieve_plugins = sieve_imapsieve sieve_extprograms | ||
### Spam learning ### | |||
### Spam learning | |||
# From elsewhere to Spam folder | # From elsewhere to Spam folder | ||
imapsieve_mailbox1_name = Spam | #imapsieve_mailbox1_name = Spam | ||
imapsieve_mailbox1_name = Junk | |||
imapsieve_mailbox1_causes = COPY | imapsieve_mailbox1_causes = COPY | ||
imapsieve_mailbox1_before = file:/var/vmail/sieve/global/ | imapsieve_mailbox1_before = file:/var/vmail/sieve/global/report-spam.sieve | ||
# From Spam folder to elsewhere | # From Spam folder to elsewhere | ||
imapsieve_mailbox2_name = * | imapsieve_mailbox2_name = * | ||
imapsieve_mailbox2_from = Spam | #imapsieve_mailbox2_from = Spam | ||
imapsieve_mailbox2_from = Junk | |||
imapsieve_mailbox2_causes = COPY | imapsieve_mailbox2_causes = COPY | ||
imapsieve_mailbox2_before = file:/var/vmail/sieve/global/ | imapsieve_mailbox2_before = file:/var/vmail/sieve/global/report-ham.sieve | ||
sieve_pipe_bin_dir = /var/vmail/sieve/global/ | |||
sieve_global_extensions = +vnd.dovecot.pipe +vnd.dovecot.environment +vnd.dovecot.debug | |||
} | |||
</pre> | |||
==== Speicherort NAS ==== | |||
<pre> | |||
plugin { | |||
sieve_plugins = sieve_imapsieve sieve_extprograms | |||
### Spam learning ### | |||
# From elsewhere to Spam folder | |||
#imapsieve_mailbox1_name = Spam | |||
imapsieve_mailbox1_name = Junk | |||
imapsieve_mailbox1_causes = COPY | |||
imapsieve_mailbox1_before = file:/mnt/synology/mail1/maildir/vmail/sieve/learn-spam.sieve | |||
# From Spam folder to elsewhere | |||
imapsieve_mailbox2_name = * | |||
#imapsieve_mailbox2_from = Spam | |||
imapsieve_mailbox2_from = Junk | |||
imapsieve_mailbox2_causes = COPY | |||
imapsieve_mailbox2_before = file:/mnt/synology/mail1/maildir/vmail/sieve/learn-ham.sieve | |||
#sieve_pipe_bin_dir = /usr/bin | |||
sieve_pipe_bin_dir = /mnt/synology/mail1/maildir/vmail/sieve/ | |||
sieve_global_extensions = +vnd.dovecot.pipe +vnd.dovecot.environment +vnd.dovecot.debug | |||
} | } | ||
</pre> | </pre> | ||
== Sieve- | {{note|TODO: Move to 90-sieve.conf and 90-sieve-extprograms.conf}} | ||
==== Links ==== | |||
[https://wiki2.dovecot.org/HowTo/AntispamWithSieve https://wiki2.dovecot.org/HowTo/AntispamWithSieve] | |||
== Sieve-Filterscripts == | |||
=== learn-spam.sieve === | |||
==== Speicherort lokal ==== | |||
<pre> | |||
sudo -u vmail vi /var/vmail/sieve/learn-spam.sieve | |||
</pre> | |||
==== Speicherort NAS ==== | |||
<pre> | |||
sudo -u vmail vi /mnt/synology/mail1/maildir/vmail/sieve/learn-spam.sieve | |||
</pre> | |||
<pre> | |||
require ["vnd.dovecot.pipe", "copy", "vnd.dovecot.debug"]; | |||
#debug_log "learn-spam.sieve called..."; | |||
# alternative: | |||
# pipe :copy "rspamc" ["learn_spam"]; | |||
# requires: | |||
# sieve_pipe_bin_dir = /usr/bin | |||
# within /etc/dovecot/dovecot.conf | |||
pipe :copy "rspamc-learn-spam.sh"; | |||
</pre> | |||
=== rspamc-learn-spam.sh === | |||
==== Speicherort NAS ==== | |||
== | <pre> | ||
sudo -u vmail vi /mnt/synology/mail1/maildir/vmail/sieve/rspamc-learn-spam.sh | |||
</pre> | |||
<pre> | |||
#!/bin/sh | |||
exec /usr/bin/rspamc learn_spam | |||
</pre> | |||
<pre> | |||
sudo chmod a+x /mnt/synology/mail1/maildir/vmail/sieve/rspamc-learn-spam.sh | |||
</pre> | |||
=== learn-ham.sieve === | |||
==== Speicherort lokal ==== | |||
<pre> | |||
sudo -u vmail vi /var/vmail/sieve/learn-ham.sieve | |||
</pre> | |||
==== Speicherort NAS ==== | |||
<pre> | |||
sudo -u vmail vi /mnt/synology/mail1/maildir/vmail/sieve/learn-ham.sieve | |||
</pre> | |||
<pre> | |||
require ["vnd.dovecot.pipe", "copy", "imapsieve", "environment", "variables, "vnd.dovecot.debug"]; | |||
#debug_log "learn-ham.sieve called..."; | |||
if environment :matches "imap.mailbox" "*" { | |||
set "mailbox" "${1}"; | |||
} | |||
if string "${mailbox}" "Trash" { | |||
stop; | |||
} | |||
# alternative: | |||
# pipe :copy "rspamc" ["learn_ham"]; | |||
# requires: | |||
# sieve_pipe_bin_dir = /usr/bin | |||
# within /etc/dovecot/dovecot.conf | |||
pipe :copy "rspamc-learn-ham.sh"; | |||
</pre> | |||
=== rspamc-learn-ham.sh === | |||
==== Speicherort NAS ==== | |||
<pre> | |||
sudo -u vmail vi /mnt/synology/mail1/maildir/vmail/sieve/rspamc-learn-ham.sh | |||
</pre> | |||
<pre> | |||
#!/bin/sh | |||
exec /usr/bin/rspamc learn_ham | |||
</pre> | |||
<pre> | |||
sudo chmod a+x /mnt/synology/mail1/maildir/vmail/sieve/rspamc-learn-ham.sh | |||
</pre> | |||
=== Sieve-Skripte neu kompilieren === | |||
<pre> | |||
sudo -u vmail sievec /mnt/synology/mail1/maildir/vmail/sieve/learn-spam.sieve | |||
sudo -u vmail sievec /mnt/synology/mail1/maildir/vmail/sieve/learn-ham.sieve | |||
</pre> | |||
=== Links === | |||
[https://doc.dovecot.org/configuration_manual/howto/antispam_with_sieve/?highlight=imap%20filter%20sieve%20plugin https://doc.dovecot.org/configuration_manual/howto/antispam_with_sieve/?highlight=imap%20filter%20sieve%20plugin] | |||
[https://github.com/darix/dovecot-sieve-antispam-rspamd/blob/master/learn-spam.rspamd.script https://github.com/darix/dovecot-sieve-antispam-rspamd/blob/master/learn-spam.rspamd.script] | |||
[https://kb.leuxner.net/article/allow-users-to-categorize-spam-using-imap/ https://kb.leuxner.net/article/allow-users-to-categorize-spam-using-imap/] | |||
== Testen == | |||
Einfach eine Mail mit dem Inhalt | |||
<pre> | |||
XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X | |||
</pre> | |||
an den eigenen Account schicken. | |||
=== Links === | |||
[https://de.wikipedia.org/wiki/GTUBE https://de.wikipedia.org/wiki/GTUBE] | |||
== Debuggen == | |||
=== Log-Level auf ''debug'' setzen === | |||
Siehe [[Rspamd_(Ubuntu_18.04)#.2Fetc.2Frspamd.2Flocal.d.2Flogging.inc|/etc/rspamd/local.d/logging.inc/]], danach den Service neustarten <code>sudo systemctl restart rspamd.service</code>. | |||
Danach können mittels | |||
<pre> | |||
sudo tail -f /var/log/rspamd/rspamd.log | |||
</pre> | |||
die Logging-Nachrichten live angesehen werden. | |||
=== Liste der aktivierten/deaktivierten Plugins anzeigen === | |||
<pre> | |||
sudo rspamadm configdump -m | |||
</pre> | |||
==== Links ==== | |||
[https://rspamd.com/doc/faq.html#how-to-get-the-list-of-the-enabled-plugins https://rspamd.com/doc/faq.html#how-to-get-the-list-of-the-enabled-plugins] | |||
== Probleme == | |||
=== Uncaught TypeError: d3.arc is not a function === | |||
[[Datei:D3_arc_is_not_a_function.png|200px|Alternativer Text]] | |||
<pre> | |||
cd ~/temp/ | |||
wget https://github.com/d3/d3/releases/download/v6.3.1/d3.zip | |||
unzip d3.zip | |||
sudo cp d3.min.js /usr/share/rspamd/www/js/lib/d3.min.js | |||
</pre> | |||
==== Links ==== | |||
[https://workaround.org/ispmail/buster/filtering-out-spam-with-rspamd-2/ https://workaround.org/ispmail/buster/filtering-out-spam-with-rspamd-2/] | |||
=== Error: sieve: learn-spam: line 5: pipe command: invalid program name '/mnt/synology/mail2/maildir/vmail/sieve/rspamc-learn-spam.sh' === | |||
Es sind keine absoluten Pfadnamen erlaubt, daher muss der Pfad vom Programm entfernt werden: | |||
<pre> | |||
sudo -u vmail vi /mnt/synology/mail1/maildir/vmail/sieve/learn-spam.sieve | |||
</pre> | |||
<pre> | |||
pipe :copy "rspamc-learn-spam.sh"; | |||
</pre> | |||
Dieser Pfad muss dafür in | |||
<pre> | |||
sudo vi /etc/dovecot/dovecot.conf | |||
</pre> | |||
eingetragen werden: | |||
<pre> | |||
sieve_pipe_bin_dir = /mnt/synology/mail1/maildir/vmail/sieve/ | |||
</pre> | |||
== Links == | == Links == | ||
Zeile 76: | Zeile 718: | ||
[https://thomas-leister.de/mailserver-debian-stretch/ https://thomas-leister.de/mailserver-debian-stretch/] | [https://thomas-leister.de/mailserver-debian-stretch/ https://thomas-leister.de/mailserver-debian-stretch/] | ||
[https://help.united-domains.de/faq-article/was-ist-ein-dkim-eintrag https://help.united-domains.de/faq-article/was-ist-ein-dkim-eintrag] | [https://help.united-domains.de/faq-article/was-ist-ein-dkim-eintrag https://help.united-domains.de/faq-article/was-ist-ein-dkim-eintrag] |
Aktuelle Version vom 20. März 2023, 21:28 Uhr
Voraussetzungen
- Redis-Server muss installiert sein (keine weitere Konfiguration notwendig).
Installation
sudo su apt-get install -y lsb-release wget # optional CODENAME=`lsb_release -c -s` wget -O- https://rspamd.com/apt-stable/gpg.key | apt-key add - echo "deb [arch=amd64] http://rspamd.com/apt-stable/ $CODENAME main" > /etc/apt/sources.list.d/rspamd.list echo "deb-src [arch=amd64] http://rspamd.com/apt-stable/ $CODENAME main" >> /etc/apt/sources.list.d/rspamd.list apt-get update apt-get --no-install-recommends install rspamd exit
In der Version Rspamd daemon version 1.8.1
fehlt für das Webinterface das JavaScript-Paket d3.min.js
(siehe Probleme):
cd ~/temp/ wget https://github.com/d3/d3/releases/download/v6.3.1/d3.zip unzip d3.zip sudo cp d3.min.js /usr/share/rspamd/www/js/lib/d3.min.js
Links
https://rspamd.com/downloads.html
Konfiguration
Den Dämon stoppen:
sudo systemctl stop rspamd.service
/etc/rspamd/local.d/options.inc
Die Datei
sudo vi /etc/rspamd/local.d/options.inc
für globale Netzwerkkonfigurationen anlegen und mit folgenden Inhalt befüllen:
local_addrs = "127.0.0.0/8, ::1"; dns { nameserver = ["10.0.0.157:53:10"]; }
Es können auch mehrere Mailserver mit Gewichtung angegeben werden. Muster: <ip address>:<port>:<weight>
Links
https://rspamd.com/doc/configuration/options.html
/etc/rspamd/local.d/worker-normal.inc
Die Datei
sudo vi /etc/rspamd/local.d/worker-normal.inc
für Konfiguration des normal worker anlegen und mit folgenden Inhalt befüllen:
bind_socket = "localhost:11333";
Links
https://rspamd.com/doc/workers/
/etc/rspamd/local.d/worker-controller.inc
Die Datei
sudo vi /etc/rspamd/local.d/worker-controller.inc
für Controller-Einstellungen anlegen und mit folgenden Inhalt befüllen:
password = "<password for web-interface>";
Das Passwort wird mittels dem Kommando
rspamadm pw
generiert.
Links
https://rspamd.com/doc/workers/
/etc/rspamd/local.d/worker-proxy.inc
Die Datei
sudo vi /etc/rspamd/local.d/worker-proxy.inc
für Konfiguration des proxy worker anlegen (zuständig für Milter) und mit folgenden Inhalt befüllen:
bind_socket = "localhost:11332"; milter = yes; timeout = 120s; upstream "local" { default = yes; self_scan = yes; }
Links
https://rspamd.com/doc/workers/rspamd_proxy.html
/etc/rspamd/local.d/logging.inc
Die Datei
sudo vi /etc/rspamd/local.d/logging.inc
für Logging-Einstellungen anlegen und mit folgenden Inhalt befüllen:
type = "file"; filename = "/var/log/rspamd/rspamd.log"; level = "error"; debug_modules = [];
Links
https://rspamd.com/doc/configuration/logging.html
/etc/rspamd/local.d/milter_headers.conf
Die Datei
sudo vi /etc/rspamd/local.d/milter_headers.conf
für Milter-Headers-Einstellungen anlegen und mit folgenden Inhalt befüllen:
use = ["x-spamd-bar", "x-spam-level", "authentication-results"]; authenticated_headers = ["authentication-results"];
Links
https://rspamd.com/doc/modules/milter_headers.html
/etc/rspamd/local.d/classifier-bayes.conf
Die Datei
sudo vi /etc/rspamd/local.d/classifier-bayes.conf
für Statistik- bzw. Caching-Einstellungen anlegen und mit folgenden Inhalt befüllen:
## Redis als Backend definieren ## servers = "127.0.0.1"; backend = "redis";
Links
https://rspamd.com/doc/quickstart.html
/etc/rspamd/local.d/redis.conf
=> siehe dazu auch Redis-Server
Die Datei
sudo vi /etc/rspamd/local.d/redis.conf
für Redis-Einstellungen anlegen und mit folgenden Inhalt befüllen:
servers = "127.0.0.1";
Links
https://rspamd.com/doc/configuration/redis.html
https://kb.leuxner.net/article/rspamd-statistics-configuration-with-redis/
White-Listing
Zur Übernahme der Konfiguration den Server neustarten:
sudo systemctl restart rspamd.service
White-Listing von Domänen
Bearbeiten/Anlegen der Datei
sudo vi /etc/rspamd/local.d/multimap.conf
und mit folgendem Inhalt befüllen (score
wird von der Spambewertung abgezogen):
WHITELIST_SENDER_DOMAIN { type = "from"; filter = "email:domain:tld"; map = "${LOCAL_CONFDIR}/local.d/whitelist.sender.domain.map"; score = accept; }
Bearbeiten/Anlegen der Datei
sudo vi /etc/rspamd/local.d/whitelist.sender.domain.map
und mit den Domönen, die nicht gefiltert werden sollen, befüllen:
wunschliste.de e-tec.at thalia.at hot.at der-schweighofer.at kirner.or.at gmx.at q-point.com willhaben.at goovis.net bettenreiter.at
White-Listing von Mail-Adressen
Bearbeiten/Anlegen der Datei
sudo vi /etc/rspamd/local.d/multimap.conf
und mit folgendem Inhalt befüllen (score
wird von der Spambewertung abgezogen):
WHITELIST_SENDER_EMAIL { type = "from"; map = "${LOCAL_CONFDIR}/local.d/whitelist.sender.email.map"; action = "accept"; }
Bearbeiten/Anlegen der Datei
sudo vi /etc/rspamd/local.d/whitelist.sender.email.map
und mit den Mail-Adressen, die nicht gefiltert werden sollen, befüllen:
benachrichtigung@wunschliste.de
Links
https://www.virtualweb.at/blog/141-whitelist-sender-domain-bei-rspamd
https://gist.github.com/ThomasLeister/f41adad98bb46d0c8418de50b5efb4a0
https://www.rspamd.com/doc/modules/whitelist.html
https://www.rspamd.com/doc/modules/multimap.html
Grey-Listing deaktvieren
Der Begriff Greylisting bezeichnet eine Form der Spam-Bekämpfung bei E-Mails, bei der die erste E-Mail von unbekannten Absendern zunächst abgewiesen und erst nach einem weiteren Zustellversuch angenommen wird [1].
Dazu die Datei
sudo vi /etc/rspamd/local.d/greylist.conf
anlegen bzw. bearbeiten und folgendes eintragen:
enabled = false;
Links
https://rspamd.com/doc/modules/
DKIM Signing
Nur, wenn nicht OpenDKIM verwendet wird!
Erstellen des privaten (2020.key
) Schlüssels und des öffentlichen DNS-TXT (2020.txt
) Eintrages:
sudo -i mkdir /var/lib/rspamd/dkim/ rspamadm dkim_keygen -b 2048 -s '2020' -k /var/lib/rspamd/dkim/2020.key > /var/lib/rspamd/dkim/2020.txt chown -R _rspamd:_rspamd /var/lib/rspamd/dkim chmod 440 /var/lib/rspamd/dkim/* exit
Der Parameter -s
ist ein Selektor, welcher in der DNS-TXT-Datei (Auschnitt aus der Datei 2020.txt: 2020._domainkey IN TXT
) verwendet wird.
Dieser Selektor is frei wählbar - hier wurde die Jahreszahl der Erstellung gewählt.
Diesen Schlüssel in die Datei
sudo vi /etc/rspamd/local.d/dkim_signing.conf
eintragen:
path = "/var/lib/rspamd/dkim/$selector.key"; selector = "2020"; ### Enable DKIM signing for alias sender addresses allow_username_mismatch = true;
Im Anschluss diese Konfiguration auch noch für das ARC-Modul kopieren:
sudo cp /etc/rspamd/local.d/dkim_signing.conf /etc/rspamd/local.d/arc.conf
Noch in Bearbeitung - TXT-Record in die Domäne eintragen
Links
https://rspamd.com/doc/modules/dkim_signing.html
https://rspamd.com/doc/modules/arc.html
https://www.heise.de/ct/artikel/E-Mails-signieren-mit-DKIM-221505.html?seite=all
Apache
sudo a2enmod proxy sudo a2enmod proxy_http sudo a2enmod rewrite
sudo systemctl restart apache2.service
cd /etc/apache2/sites-available sudo vi rspamd1.conf
<VirtualHost *:80> ServerName rspamd1.kirner.or.at ServerPath / DocumentRoot /var/www DirectoryIndex index.html RewriteEngine on RewriteRule ^/rspamd$ /rspamd/ [R] ProxyPreserveHost On ProxyPass /rspamd http://localhost:11334/ ProxyPassReverse /rspamd http://localhost:11334/ </VirtualHost>
<VirtualHost *:80> ServerName rspamd1.kirner.or.at DocumentRoot /var/www ProxyVia On ProxyRequests Off <Location "/"> ProxyPass http://localhost:11334/ ProxyPassReverse http://localhost:11334/ Order allow,deny Allow from all </Location> </VirtualHost>
sudo a2ensite rspamd1.conf sudo systemctl reload apache2.service
Postfix
/etc/postfix/main.cf
Die Datei
sudo vi /etc/postfix/main.cf
bearbeiten und am Ende folgende Konfigurationen hinzufügen:
## Spamfilter und DKIM-Signaturen via Rspamd ## smtpd_milters = inet:localhost:11332 non_smtpd_milters = inet:localhost:11332 milter_protocol = 6 milter_mail_macros = i {mail_addr} {client_addr} {client_name} {auth_authen} milter_default_action = accept
Dovecot
dovecot.conf
Die Datei
sudo vi /etc/dovecot/dovecot.conf
bearbeiten und im Abschnitt plugin (am Ende) folgende Konfigurationen hinzufügen:
Speicherort lokal
plugin { sieve_plugins = sieve_imapsieve sieve_extprograms ### Spam learning ### # From elsewhere to Spam folder #imapsieve_mailbox1_name = Spam imapsieve_mailbox1_name = Junk imapsieve_mailbox1_causes = COPY imapsieve_mailbox1_before = file:/var/vmail/sieve/global/report-spam.sieve # From Spam folder to elsewhere imapsieve_mailbox2_name = * #imapsieve_mailbox2_from = Spam imapsieve_mailbox2_from = Junk imapsieve_mailbox2_causes = COPY imapsieve_mailbox2_before = file:/var/vmail/sieve/global/report-ham.sieve sieve_pipe_bin_dir = /var/vmail/sieve/global/ sieve_global_extensions = +vnd.dovecot.pipe +vnd.dovecot.environment +vnd.dovecot.debug }
Speicherort NAS
plugin { sieve_plugins = sieve_imapsieve sieve_extprograms ### Spam learning ### # From elsewhere to Spam folder #imapsieve_mailbox1_name = Spam imapsieve_mailbox1_name = Junk imapsieve_mailbox1_causes = COPY imapsieve_mailbox1_before = file:/mnt/synology/mail1/maildir/vmail/sieve/learn-spam.sieve # From Spam folder to elsewhere imapsieve_mailbox2_name = * #imapsieve_mailbox2_from = Spam imapsieve_mailbox2_from = Junk imapsieve_mailbox2_causes = COPY imapsieve_mailbox2_before = file:/mnt/synology/mail1/maildir/vmail/sieve/learn-ham.sieve #sieve_pipe_bin_dir = /usr/bin sieve_pipe_bin_dir = /mnt/synology/mail1/maildir/vmail/sieve/ sieve_global_extensions = +vnd.dovecot.pipe +vnd.dovecot.environment +vnd.dovecot.debug }
TODO: Move to 90-sieve.conf and 90-sieve-extprograms.conf
Links
https://wiki2.dovecot.org/HowTo/AntispamWithSieve
Sieve-Filterscripts
learn-spam.sieve
Speicherort lokal
sudo -u vmail vi /var/vmail/sieve/learn-spam.sieve
Speicherort NAS
sudo -u vmail vi /mnt/synology/mail1/maildir/vmail/sieve/learn-spam.sieve
require ["vnd.dovecot.pipe", "copy", "vnd.dovecot.debug"]; #debug_log "learn-spam.sieve called..."; # alternative: # pipe :copy "rspamc" ["learn_spam"]; # requires: # sieve_pipe_bin_dir = /usr/bin # within /etc/dovecot/dovecot.conf pipe :copy "rspamc-learn-spam.sh";
rspamc-learn-spam.sh
Speicherort NAS
sudo -u vmail vi /mnt/synology/mail1/maildir/vmail/sieve/rspamc-learn-spam.sh
#!/bin/sh exec /usr/bin/rspamc learn_spam
sudo chmod a+x /mnt/synology/mail1/maildir/vmail/sieve/rspamc-learn-spam.sh
learn-ham.sieve
Speicherort lokal
sudo -u vmail vi /var/vmail/sieve/learn-ham.sieve
Speicherort NAS
sudo -u vmail vi /mnt/synology/mail1/maildir/vmail/sieve/learn-ham.sieve
require ["vnd.dovecot.pipe", "copy", "imapsieve", "environment", "variables, "vnd.dovecot.debug"]; #debug_log "learn-ham.sieve called..."; if environment :matches "imap.mailbox" "*" { set "mailbox" "${1}"; } if string "${mailbox}" "Trash" { stop; } # alternative: # pipe :copy "rspamc" ["learn_ham"]; # requires: # sieve_pipe_bin_dir = /usr/bin # within /etc/dovecot/dovecot.conf pipe :copy "rspamc-learn-ham.sh";
rspamc-learn-ham.sh
Speicherort NAS
sudo -u vmail vi /mnt/synology/mail1/maildir/vmail/sieve/rspamc-learn-ham.sh
#!/bin/sh exec /usr/bin/rspamc learn_ham
sudo chmod a+x /mnt/synology/mail1/maildir/vmail/sieve/rspamc-learn-ham.sh
Sieve-Skripte neu kompilieren
sudo -u vmail sievec /mnt/synology/mail1/maildir/vmail/sieve/learn-spam.sieve sudo -u vmail sievec /mnt/synology/mail1/maildir/vmail/sieve/learn-ham.sieve
Links
https://github.com/darix/dovecot-sieve-antispam-rspamd/blob/master/learn-spam.rspamd.script
https://kb.leuxner.net/article/allow-users-to-categorize-spam-using-imap/
Testen
Einfach eine Mail mit dem Inhalt
XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X
an den eigenen Account schicken.
Links
https://de.wikipedia.org/wiki/GTUBE
Debuggen
Log-Level auf debug setzen
Siehe /etc/rspamd/local.d/logging.inc/, danach den Service neustarten sudo systemctl restart rspamd.service
.
Danach können mittels
sudo tail -f /var/log/rspamd/rspamd.log
die Logging-Nachrichten live angesehen werden.
Liste der aktivierten/deaktivierten Plugins anzeigen
sudo rspamadm configdump -m
Links
https://rspamd.com/doc/faq.html#how-to-get-the-list-of-the-enabled-plugins
Probleme
Uncaught TypeError: d3.arc is not a function
cd ~/temp/ wget https://github.com/d3/d3/releases/download/v6.3.1/d3.zip unzip d3.zip sudo cp d3.min.js /usr/share/rspamd/www/js/lib/d3.min.js
Links
https://workaround.org/ispmail/buster/filtering-out-spam-with-rspamd-2/
Error: sieve: learn-spam: line 5: pipe command: invalid program name '/mnt/synology/mail2/maildir/vmail/sieve/rspamc-learn-spam.sh'
Es sind keine absoluten Pfadnamen erlaubt, daher muss der Pfad vom Programm entfernt werden:
sudo -u vmail vi /mnt/synology/mail1/maildir/vmail/sieve/learn-spam.sieve
pipe :copy "rspamc-learn-spam.sh";
Dieser Pfad muss dafür in
sudo vi /etc/dovecot/dovecot.conf
eingetragen werden:
sieve_pipe_bin_dir = /mnt/synology/mail1/maildir/vmail/sieve/
Links
https://rspamd.com/doc/quickstart.html
https://www.syn-flut.de/rspamd-das-bessere-spamassassin
https://thomas-leister.de/mailserver-debian-stretch/
https://help.united-domains.de/faq-article/was-ist-ein-dkim-eintrag
Zurück zu Spamfilter