Here are some tips before I had a look a few days/weels ago on an instance that also suffers from spam :
You can have a deep look at how mails are flagged as spam (or not, in that case…) with
grep "write_log" /var/log/rspamd/rspamd.log
Which will display a shitload of info, but typically you should find something like :
id: <firstname.lastname@example.org>, ..., ip: 184.108.40.206, from: <email@example.com>, (default: F (no action): [1.39/12.00]
The last part indicates the spamniness score of the mail (1.39) and the treshold to be rejected (here, 12.0)
Note that you can get a less crowded result using something like :
grep "write_log" /var/log/rspamd/rspamd.log | grep -o 'id:.*] '
which may be more readable to compare results for legit mails vs. spams (still quite technical though)
Turns out that the default treshold in Yunohost is 21, which is a bit huge … So I manually tweaked the instance to use 12 instead which fights spam a bit better. c.f. the content of /etc/rspamd/local.d/metrics.conf :
# Metrics settings
# This define overridden options.
reject = 12;
add_header = 8;
greylist = 4;
Which imho are more decent values … i think it removed ~50% of the spam (you can get an idea by comparing the scores of your spam in the logs) … but still not perfect because rspamd has trouble flagging some spams.
Unfortunately nobody looks or knows too much about spam fighting in Yunohost so this is a bit “not really maintained / taken care of”.There are lots of settings to optimize stuff … Also the fact is that the version of rspamd available in Debian’s vanilla repo is quite old and the maintainers of rspamd are not really happy if you come and talk about the version of rspamd from Debian… So a lot might also improve by using a more recent version of rspamd in Bullseye (the next Debian) …