Rspamd: A replacement for Spamassassin & Postscreen

Discuss your pilot or production implementation with other Zimbra admins or our engineers.
vstakhov
Posts: 6
Joined: Sat Sep 09, 2017 12:40 pm

Re: Rspamd: A replacement for Spamassassin & Postscreen

Postby vstakhov » Wed Jan 10, 2018 9:09 pm

I think it's quite clear that no generic purposes spam filter can deal with spam in all languages all over the world out of the box. You need to customise both Rspamd and SA for your particular environment. Both Rspamd and SA have similar techniques to filter spam (Rspamd can even use SA rules). Therefore, I'm not surprised that your customised SA deals with *your* mail traffic better than uncustomised Rspamd. Furthermore, Rspamd has many modules disabled by default providing, generally speaking, personal or small company spam filtering functions out-of-the-box. For everything more than that you need to add your custom intelligence to improve spam filtering (custom rules, corpus training, complaints processing, etc).

With regard to the performance and CPU usage spikes: I'm pretty sure that there was something special about your usage patterns. Unfortunately, you have not provided information about this issue so I'm totally lost what was wrong in your case: some of Rspamd users have really highly loaded systems with more than 1000 messages per second in peak times. And you were the first who reported about weird cpu usage (even on CentOS 6), so I can conclude that you were doing something wrong (or, at least, unexpected and thus untested).


bunny
Posts: 17
Joined: Sat Sep 13, 2014 1:48 am

Re: Rspamd: A replacement for Spamassassin & Postscreen

Postby bunny » Thu Jan 11, 2018 9:06 am

Hello Sir,
Thanks to the author for providing the updated version of rspamd-1.6.5-4.x86_64 with which rspamd is starting without any problem.

I have temporarily setup and enabled rspamd on our production server which is in DMZ behind the Firewall. When rspamd service is started, mails-both inbound and outbound are not passing through the server. Some are getting rejected with “query refused” error and some are found in the deferred queue with error “connection refused”.

Code: Select all

Error logs from zimbra.log:

-warning: <IPAddress>.relays.mail-abuse.org: RBL lookup error: Host or domain name not found. Name service error for name=<IPAddress>.relays.mail-abuse.org type=A: Host not found, try again
-to=<userID@ourdomain>, relay=none, delay=48, delays=48/0.01/0/0, dsn=4.4.1, status=deferred (connect to 127.0.0.1[127.0.0.1]:10024: Connection refused)
-warning: connect to Milter service inet:localhost:11332: Connection refused


Also, I have noticed the following error messages in /var/log/messages
Jan 11 14:16:31 primary named-sdb[8510]: error (network unreachable) resolving '1.1.2.144.zen.spamhaus.org/A/IN': 2a00:1a28:1251:178:73:210:119:fa53#53
Jan 11 14:16:31 primary named-sdb[8510]: error (network unreachable) resolving '26.221.168.184.sbl.spamhaus.org/A/IN': 2a03:b0c0:1:d0::257b:e00e#53
Jan 11 14:42:40 primary named-sdb[8510]: error (host unreachable) resolving '26.189.93.201.in-addr.arpa/PTR/IN': 189.19.56.230#53


My named.conf installed in the server itself is as follows:

Code: Select all

options {
        listen-on port 53 { 127.0.0.1; <serverIP>; };
        listen-on-v6 port 53 { ::1; };
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        allow-query     { localhost; any; };
        recursion yes;

        dnssec-enable yes;
        dnssec-validation yes;
        dnssec-lookaside auto;

        /* Path to ISC DLV key */
        bindkeys-file "/etc/named.iscdlv.key";

        managed-keys-directory "/var/named/dynamic";
// configured paths to named.pid and session.key files in next 2 lines
//      pid-file "/var/named/chroot/var/run/named/named.pid";
//      session-keyfile "/var/named/chroot/var/run/named/session.key";
};

logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};

zone "." IN {
        type hint;
        file "named.ca";
};

include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";


In our server, I have also enabled zimbra-milter to implement sendToDistList restrictions and cbpolicyd for ratelimit.

May I know where I have mis-configured the system.

Thanks & Regards,
phoenix
Ambassador
Ambassador
Posts: 25206
Joined: Fri Sep 12, 2014 9:56 pm

Re: Rspamd: A replacement for Spamassassin & Postscreen

Postby phoenix » Thu Jan 11, 2018 9:52 am

It looks like those errors are related to DNS, I'd start by checking if you can test those RBL lookups from the command line on your ZCS server and also check if your firewall is ok and/or your network.
Regards

Bill

Rspamd: A high performance spamassassin replacement

If you'd like to see this implemented in a future version of ZCS then please vote on Bugzilla entries 97706 & 108168
bunny
Posts: 17
Joined: Sat Sep 13, 2014 1:48 am

Re: Rspamd: A replacement for Spamassassin & Postscreen

Postby bunny » Thu Jan 11, 2018 11:29 am

Hello Sir,

If I dig from the prompt, main domains are responding, but not sub-domains. For eg:
From
Jan 11 17:05:33 primary named-sdb[3781]: error (network unreachable) resolving 'bondedsender.org/DS/IN': 2001:500:f::1#53

Bondsender.org is responding

From
Jan 11 17:05:25 primary named-sdb[3781]: error (network unreachable) resolving 'x.ns.spamhaus.org/AAAA/IN': 2400:cb00:2049:1::a29f:1823#53

spamhaus.org is responding whereas sbl.spamhaus.org and zen.spamhaus.org

From
Jan 11 16:54:12 primary named-sdb[27291]: error (connection refused) resolving '197.123.75.208.b.barracudacentral.org/A/IN': 64.235.145.15#53

barracudacentral.org works

Thanks & Regards,
phoenix
Ambassador
Ambassador
Posts: 25206
Joined: Fri Sep 12, 2014 9:56 pm

Re: Rspamd: A replacement for Spamassassin & Postscreen

Postby phoenix » Thu Jan 11, 2018 2:25 pm

I didn't ask you to check the domains, I asked you to check the RBL entries: https://www.startpage.com/do/dsearch?qu ... ge=english I also mentioned that it might be a problem with your firewall or network and you need to check those as well.
Regards

Bill

Rspamd: A high performance spamassassin replacement

If you'd like to see this implemented in a future version of ZCS then please vote on Bugzilla entries 97706 & 108168

Return to “Administrators”

Who is online

Users browsing this forum: Google [Bot] and 13 guests