Integrate rspamd with cpanel

chkserv.d-rspamd

service[rspamd]=x,x,x,/etc/init.d/rspamd restart,rspamd,_rspamd

Integrate rspamd with cpanel

* go to whm -> exim configuration manager
* choose advanced editor
* search spamd & replace with this:

spamd_address = 127.0.0.1 11333 variant=rspamd

system_filter = /etc/exim_system_filter
system_filter_file_transport = address_file

* find and disable greylisting block
* find and disable _default_check_message_pre_ on acl_smtp_data
* find section acl_smtp_data:custom_begin_spam_scan
* complete block with this:


  # Remove spam headers from outside sources
  warn  remove_header  = x-spam-subject : x-spam-status : x-spam-score : x-spam-bar : x-spam-report : x-spam-flag : x-ham-report  
  
  # add spam-score and spam-report header when told by rspamd
  # also scan outgoing messages
  warn  spam        = nobody:true
        log_message = "rspam_score: $spam_score ($spam_bar) rspam_report: $spam_report"
        !authenticated = *
        add_header = X-Spam-Score: $spam_score ($spam_bar)
        add_header = X-Spam-Report: $spam_report
        add_header = X-Spam-Action: $spam_action

  warn  condition  = ${if eq{$spam_action}{rewrite subject}}
        add_header = X-Spam-Subject: ***SPAM*** $rh_subject
        add_header = X-Spam-Status: Yes
        
  defer message    = Please try again later
        condition  = ${if eq{$spam_action}{greylist}}
        
  defer message    = Please try again later
        condition  = ${if eq{$spam_action}{soft reject}}
        
  deny  message    = Message discarded as high-probability spam
        condition = ${if eq{$spam_action}{reject}}


7. disable  default_spam_scan, default_spam_scan_check block
8. disable acl_not_smtp:outgoing_spam_scan_over_int,  acl_smtp_data:no_forward_outbound_spam_over_int
9. reject mail which get score higher than 6 if they is sent via non_smtp (sendmail, php mail())
Note: this will ignore completely messages which are sent from root user.

** Find block acl_not_smtp:custom_begin_not_smtp and paste this code

  warn  condition  = ${if eq{$sender_address_local_part}{root} {no} {yes}}
        spam       = nobody:true
        log_message = "rspam_score: $spam_score ($spam_bar) rspam_report: $spam_report sender_address_local_part = $sender_address_local_part"
        add_header = X-Spam-Score: $spam_score ($spam_bar)
        add_header = X-Spam-Report: $spam_report
        add_header = X-Spam-Action: $spam_action
        
  discard message = Message discarded as high-probability spam
        condition = ${if match {$spam_report} {\NFREEMAIL_ENVFROM\N} {1} {0}}
        condition = ${if >= {$spam_score_int}{60}}

  deny  message   = Message rejected as high-probability spam
        condition = ${if >= {$spam_score_int}{60}}

  deny  message   = Message rejected as high-probability spam
        condition = ${if eq{$spam_action}{reject}}

  accept

** disable acl_not_smtp:end_default_outgoing_notsmtp_checkall

10. deliver mail with high score of spam to /dev/null if is try to be forwarded due email forwards
*** Put these block in to begin routers block, before router boxtrapper_autowhitelist or enforce_mail_permissions:

# version with using of delivery as save to /dev/null (logs will show actual delivery to recipient email, which is not true action)
# reject_forwarded_mail_marked_as_spam:
#     driver = accept
#     ignore_target_hosts = 127.0.0.1
#     condition = ${if eq {${lookup {$sender_address_domain} lsearch{/etc/userdomains}{$value}}}{}{true}{false}}
#     condition = ${if match{$header_X-Spam-Score:}{\N\+\+\+\+\+\N}{yes}{no}}
#      # condition = ${if >= {$spam_score_int}{50}}
#     domains = ! +local_domains : !$primary_hostname
#     transport = file_to_devnull

silent_drop_forwarded_mail_marked_as_spam:
    driver = redirect
    ignore_target_hosts = 127.0.0.1
    condition = ${if eq {${lookup {$sender_address_domain} lsearch{/etc/userdomains}{$value}}}{}{true}{false}}
    # condition = ${if match{$header_X-Spam-Score:}{\N\+\+\+\+\+\N}{yes}{no}}
    condition = ${if >= {$spam_score_int}{50}}
    domains = ! +local_domains : !$primary_hostname
    allow_filter
    user = mailnull
    file_transport = file_to_devnull
    data = #Exim filter\n\
        save /dev/null


** Put this transport after begin transports:   


file_to_devnull:
    driver = appendfile
    file = /dev/null


** system_filter:

# Exim filter
if "${if def:header_X-Spam-Subject: {there}}" is there
then
    headers remove Subject
    headers add "Subject: $rh_X-Spam-Subject:"
    headers remove X-Spam-Subject
endif


* add router which will store Spam messages in INBOX.Junk directory

virtual_user_spam_dir:
    driver = redirect
    domains = !$primary_hostname
    # condition = ${if match{$header_X-Spam-Score:}{\N\+\+\+\+\+\N}{yes}{no}}
    condition = ${if >= {$spam_score_int}{60}}
    require_files = "+/etc/valiases/$domain:+${extract{5}{::}{${lookup passwd{${lookup{$domain}lsearch{/etc/userdomains}{$value}}}{$value}}}}/mail/$domain/$local_part"
    data = "$local_part+Junk@$domain"
    redirect_router = virtual_user

multimap.conf

# /etc/rspamd/local.d
# local settings for multimap module

MM_WHITELISTED_ASN {
  type = "asn";
  map = "${LOCAL_CONFDIR}/local.d/whitelisted_asn.map";
  description = "Messages which are coming from whitelisted ASN";
  score = -10;
}
MM_BLACKLISTED_IP {
  type = "ip";
  map = "${LOCAL_CONFDIR}/local.d/blacklisted_sourceip.map";
  description = "Blacklisted ips";
  score = 12;
}
MM_WHITELISTED_IP {
	type = "ip";
	map = "${LOCAL_CONFDIR}/local.d/whitelisted_sourceip.map";
	description = "Whitelisted ips";
	score = -10;
}
MM_UNSECURED_CAPTCHA_FORM {
  type = "header";
  header = "Subject";
  map = "${LOCAL_CONFDIR}/local.d/rejected_by_subject.map";
  regexp = true;
  score = 10;
  symbols = ["HAS_X_PHP_SCRIPT"];
#  action = "reject";
}

MM_BLACKLISTED_BY_FORGED_SENDER {
	type = "from";
	filter = "email:user";
	map = "${LOCAL_CONFDIR}/local.d/blacklisted_by_forged_sender.map";
	symbols = ["FORGED_SENDER"];
	action = "reject";
}
MM_BLACKLISTED_BY_SENDER {
        type = "from";
        filter = "email:user";
        map = "${LOCAL_CONFDIR}/local.d/blacklisted_by_sender.map";
        action = "reject";
}
MM_WHITELISTED_BY_SUBJECT {
  type = "header";
  header = "Subject";
  map = "${LOCAL_CONFDIR}/local.d/whitelisted_by_subject.map";
  regexp = true;
  score = -5;
#  action = "reject";
}
MM_WHITELISTED_BY_FROM_HEADER {
  type = "from";
  map = "${LOCAL_CONFDIR}/local.d/whitelisted_by_from_header.map";
  regexp = true;
  score = -7;
#  action = "reject";
}
MM_BLACKLISTED_BY_FROM_HEADER {
  type = "from";
  map = "${LOCAL_CONFDIR}/local.d/blacklisted_by_from_header.map";
  regexp = true;
  score = 6;
#  action = "reject";
}

override.d

# cat logging.inc 
type=file
filename=/var/log/rspamd.log

# cat metrics.conf 
actions {
      reject = 15;
      rewrite_subject = 8;
      add_header = 6;
      greylist = 4;
}

# cat worker-controller.inc 
bind_socket = "IP:11334";
password = "PASSWORD HASH";

system_filter

# Exim filter

if not first_delivery then
	finish
endif

if "${if def:header_X-Spam-Subject: {there}}" is there then
	headers remove Subject
	headers add "Subject: $rh_X-Spam-Subject:"
	headers remove X-Spam-Subject
endif

if $h_X-Spam-Score: contains "+++++" and $h_To does not contains "postmaster" then
        if $h_X-Spam-Score: contains "+++++++++++" then
                save "/dev/null"
        else
                deliver "spam@XXXXXX"
        endif
endif

Hi!

I found your gist and I followed your guide but my exim not connect to rspamd. I'm using centos 7 and rspamd in same server with cpanel. Could you help me?
I'm using exim 4.89 (cpanel 11.64).

Thanks!

I'm looking forward towards improvement of the Exim integration document. Would you mind if I include your recipes to the official Rspamd documentation? Or you can add your own pull request against vstakhov/rspamd.com repo

Thank you @mdupa! This was desperately needed!

I hope you don't mind, I improved upon your solution with the following benefits:

• outgoing emails are sent through rspamd
• Replies module will work
• Suspicious emails can be blocked
• Greylisting is functional

Additional steps to your instructions:

1. Disable default_check_message_pre on acl_smtp_date
2. Use the following code block for custom_begin_spam_scan:

  warn   
        # Remove spam headers from outside sources
        remove_header  = x-spam-subject : x-spam-status : x-spam-score : x-spam-bar : x-spam-report : x-spam-flag : x-ham-report  

  accept condition = ${if match_ip{$sender_host_address}{net-iplsearch;/etc/trustedmailhosts}{1}{0}}
  
  accept hosts = : +loopback

  # add spam-score and spam-report header when told by rspamd
  # also scan outgoing messages
  warn  spam        = nobody:true
        log_message = "rspam_score: $spam_score ($spam_bar) rspam_report: $spam_report"
        !authenticated = *
        add_header = X-Spam-Score: $spam_score ($spam_bar)
        add_header = X-Spam-Report: $spam_report
        add_header = X-Spam-Action: $spam_action

  # allow authenticated users
  accept authenticated = *
        
  warn  condition  = ${if eq{$spam_action}{rewrite subject}}
        remove_header = Subject
        add_header = Subject: ***SPAM*** $h_subject
        add_header = X-Spam-Status: Yes

  defer message    = Please try again later
        condition  = ${if eq{$spam_action}{greylist}}
        
  defer message    = Please try again later
        condition  = ${if eq{$spam_action}{soft reject}}

  deny  message    = Message discarded as high-probability spam
        condition  = ${if eq{$spam_action}{reject}}

FYI @vstakhov

I'm looking forward towards improvement of the Exim integration document. Would you mind if I include your recipes to the official Rspamd documentation? Or you can add your own pull request against vstakhov/rspamd.com repo

Sure, you may include this recipe to official rspamd documentation.

I hope you don't mind, I improved upon your solution with the following benefits:

Thank, i have updated gist with some changes

There are any video step by step? i'm not so good with english.