Rspamd, filter and mail

Hi everyone,

I had read some posts here about the bad (?) configuration of rspamd. And to be honest, I didn’t check in it. But I have a LOT of spam on my mails. Around 10/15 a day.

So I have three questions :

Is the web ui of rspamd accessible, and if yes, how ?
Do you know a better way to filter this ? Automaticaly or manually via filter ? (plugin, txt file, whatever)
Should I filter them via a webmail or thunderbird ?

I’m pretty satisfy abour Yunohost, Like REALLY satisfy. But just this damn spam which kill me. :slight_smile:

Thank you !

Anyone ? :smiley:

Last update before I’m trying to break everything via modifying files :smiley:

Here are some tips before I had a look a few days/weels ago on an instance that also suffers from spam :

You can have a deep look at how mails are flagged as spam (or not, in that case…) with

grep "write_log" /var/log/rspamd/rspamd.log

Which will display a shitload of info, but typically you should find something like :

id: <someid@some.domain.tld>, ..., ip: 1.2.3.4, from: <foobar@someother.domain.tld>, (default: F (no action): [1.39/12.00]

The last part indicates the spamniness score of the mail (1.39) and the treshold to be rejected (here, 12.0)

Note that you can get a less crowded result using something like :

grep "write_log" /var/log/rspamd/rspamd.log | grep -o 'id:.*] '

which may be more readable to compare results for legit mails vs. spams (still quite technical though)

Turns out that the default treshold in Yunohost is 21, which is a bit huge … So I manually tweaked the instance to use 12 instead which fights spam a bit better. c.f. the content of /etc/rspamd/local.d/metrics.conf :

# Metrics settings
# This define overridden options.

actions {
  reject = 12;
  add_header = 8;
  greylist = 4;
}

Which imho are more decent values … i think it removed ~50% of the spam (you can get an idea by comparing the scores of your spam in the logs) … but still not perfect because rspamd has trouble flagging some spams.

Unfortunately nobody looks or knows too much about spam fighting in Yunohost so this is a bit “not really maintained / taken care of”.There are lots of settings to optimize stuff … Also the fact is that the version of rspamd available in Debian’s vanilla repo is quite old and the maintainers of rspamd are not really happy if you come and talk about the version of rspamd from Debian… So a lot might also improve by using a more recent version of rspamd in Bullseye (the next Debian) …