Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Integrate rspamd with cpanel
service[rspamd]=x,x,x,/etc/init.d/rspamd restart,rspamd,_rspamd
* go to whm -> exim configuration manager
* choose advanced editor
* search spamd & replace with this:
spamd_address = 127.0.0.1 11333 variant=rspamd
system_filter = /etc/exim_system_filter
system_filter_file_transport = address_file
* find and disable greylisting block
* find and disable _default_check_message_pre_ on acl_smtp_data
* find section acl_smtp_data:custom_begin_spam_scan
* complete block with this:
# Remove spam headers from outside sources
warn remove_header = x-spam-subject : x-spam-status : x-spam-score : x-spam-bar : x-spam-report : x-spam-flag : x-ham-report
# add spam-score and spam-report header when told by rspamd
# also scan outgoing messages
warn spam = nobody:true
log_message = "rspam_score: $spam_score ($spam_bar) rspam_report: $spam_report"
!authenticated = *
add_header = X-Spam-Score: $spam_score ($spam_bar)
add_header = X-Spam-Report: $spam_report
add_header = X-Spam-Action: $spam_action
warn condition = ${if eq{$spam_action}{rewrite subject}}
add_header = X-Spam-Subject: ***SPAM*** $rh_subject
add_header = X-Spam-Status: Yes
defer message = Please try again later
condition = ${if eq{$spam_action}{greylist}}
defer message = Please try again later
condition = ${if eq{$spam_action}{soft reject}}
deny message = Message discarded as high-probability spam
condition = ${if eq{$spam_action}{reject}}
7. disable default_spam_scan, default_spam_scan_check block
8. disable acl_not_smtp:outgoing_spam_scan_over_int, acl_smtp_data:no_forward_outbound_spam_over_int
9. reject mail which get score higher than 6 if they is sent via non_smtp (sendmail, php mail())
Note: this will ignore completely messages which are sent from root user.
** Find block acl_not_smtp:custom_begin_not_smtp and paste this code
warn condition = ${if eq{$sender_address_local_part}{root} {no} {yes}}
spam = nobody:true
log_message = "rspam_score: $spam_score ($spam_bar) rspam_report: $spam_report"
add_header = X-Spam-Score: $spam_score ($spam_bar)
add_header = X-Spam-Report: $spam_report
add_header = X-Spam-Action: $spam_action
deny message = Message discarded as high-probability spam
condition = ${if >= {$spam_score_int}{60}}
** disable acl_not_smtp:end_default_outgoing_notsmtp_checkall
10. deliver mail with high score of spam to /dev/null if is try to be forwarded due email forwards
*** Put these block in to begin routers block, before router boxtrapper_autowhitelist or enforce_mail_permissions:
# version with using of delivery as save to /dev/null (logs will show actual delivery to recipient email, which is not true action)
# reject_forwarded_mail_marked_as_spam:
# driver = accept
# ignore_target_hosts = 127.0.0.1
# condition = ${if eq {${lookup {$sender_address_domain} lsearch{/etc/userdomains}{$value}}}{}{true}{false}}
# condition = ${if match{$header_X-Spam-Score:}{\N\+\+\+\+\+\N}{yes}{no}}
# # condition = ${if >= {$spam_score_int}{50}}
# domains = ! +local_domains : !$primary_hostname
# transport = file_to_devnull
silent_drop_forwarded_mail_marked_as_spam:
driver = redirect
ignore_target_hosts = 127.0.0.1
condition = ${if eq {${lookup {$sender_address_domain} lsearch{/etc/userdomains}{$value}}}{}{true}{false}}
# condition = ${if match{$header_X-Spam-Score:}{\N\+\+\+\+\+\N}{yes}{no}}
condition = ${if >= {$spam_score_int}{50}}
domains = ! +local_domains : !$primary_hostname
allow_filter
user = mailnull
file_transport = file_to_devnull
data = #Exim filter\n\
save /dev/null
** Put this transport after begin transports:
file_to_devnull:
driver = appendfile
file = /dev/null
** system_filter:
# Exim filter
if "${if def:header_X-Spam-Subject: {there}}" is there
then
headers remove Subject
headers add "Subject: $rh_X-Spam-Subject:"
headers remove X-Spam-Subject
endif
* add router which will store Spam messages in INBOX.Junk directory
virtual_user_spam_dir:
driver = redirect
domains = !$primary_hostname
# condition = ${if match{$header_X-Spam-Score:}{\N\+\+\+\+\+\N}{yes}{no}}
condition = ${if >= {$spam_score_int}{60}}
require_files = "+/etc/valiases/$domain:+${extract{5}{::}{${lookup passwd{${lookup{$domain}lsearch{/etc/userdomains}{$value}}}{$value}}}}/mail/$domain/$local_part"
data = "$local_part+Junk@$domain"
redirect_router = virtual_user
# cat logging.inc
type=file
filename=/var/log/rspamd.log
# cat metrics.conf
actions {
reject = 15;
rewrite_subject = 8;
add_header = 6;
greylist = 4;
}
# cat worker-controller.inc
bind_socket = "IP:11334";
password = "PASSWORD HASH";
# some filter to remove shit from qq.com
local reconf = config['regexp'];
reconf['FROM_SPAM_QQCOM'] = {
re = 'From=/<[0-9a-z]+@qq.com>/Hm',
score = 10.0,
description = 'Spam from qq.com',
group = 'header'
}
# Exim filter
if not first_delivery then
finish
endif
if "${if def:header_X-Spam-Subject: {there}}" is there then
headers remove Subject
headers add "Subject: $rh_X-Spam-Subject:"
headers remove X-Spam-Subject
endif
if $h_X-Spam-Score: contains "+++++" and $h_To does not contains "postmaster" then
if $h_X-Spam-Score: contains "+++++++++++" then
save "/dev/null"
else
deliver "spam@XXXXXX"
endif
endif
@robertol

This comment has been minimized.

Copy link

commented May 18, 2017

Hi!

I found your gist and I followed your guide but my exim not connect to rspamd. I'm using centos 7 and rspamd in same server with cpanel. Could you help me?
I'm using exim 4.89 (cpanel 11.64).

Thanks!

@vstakhov

This comment has been minimized.

Copy link

commented May 22, 2017

I'm looking forward towards improvement of the Exim integration document. Would you mind if I include your recipes to the official Rspamd documentation? Or you can add your own pull request against vstakhov/rspamd.com repo

@ScOut3R

This comment has been minimized.

Copy link

commented Oct 16, 2018

Thank you @mdupa! This was desperately needed!

I hope you don't mind, I improved upon your solution with the following benefits:

  • outgoing emails are sent through rspamd
  • Replies module will work
  • Suspicious emails can be blocked
  • Greylisting is functional

Additional steps to your instructions:

  1. Disable default_check_message_pre on acl_smtp_date
  2. Use the following code block for custom_begin_spam_scan:
  warn   
        # Remove spam headers from outside sources
        remove_header  = x-spam-subject : x-spam-status : x-spam-score : x-spam-bar : x-spam-report : x-spam-flag : x-ham-report  

  accept condition = ${if match_ip{$sender_host_address}{net-iplsearch;/etc/trustedmailhosts}{1}{0}}
  
  accept hosts = : +loopback

  # add spam-score and spam-report header when told by rspamd
  # also scan outgoing messages
  warn  spam        = nobody:true
        log_message = "rspam_score: $spam_score ($spam_bar) rspam_report: $spam_report"
        !authenticated = *
        add_header = X-Spam-Score: $spam_score ($spam_bar)
        add_header = X-Spam-Report: $spam_report
        add_header = X-Spam-Action: $spam_action

  # allow authenticated users
  accept authenticated = *
        
  warn  condition  = ${if eq{$spam_action}{rewrite subject}}
        remove_header = Subject
        add_header = Subject: ***SPAM*** $h_subject
        add_header = X-Spam-Status: Yes

  defer message    = Please try again later
        condition  = ${if eq{$spam_action}{greylist}}
        
  defer message    = Please try again later
        condition  = ${if eq{$spam_action}{soft reject}}

  deny  message    = Message discarded as high-probability spam
        condition  = ${if eq{$spam_action}{reject}}

FYI @vstakhov

@mdpuma

This comment has been minimized.

Copy link
Owner Author

commented Jan 2, 2019

I'm looking forward towards improvement of the Exim integration document. Would you mind if I include your recipes to the official Rspamd documentation? Or you can add your own pull request against vstakhov/rspamd.com repo

Sure, you may include this recipe to official rspamd documentation.

@mdpuma

This comment has been minimized.

Copy link
Owner Author

commented Jan 2, 2019

I hope you don't mind, I improved upon your solution with the following benefits:

Thank, i have updated gist with some changes

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.