When using DirectAdmin we recommend you use Rspamd rather than SpamAssassin as your email spam filtering system. While they both provide the same quality of spam filtering, Rspamd provides significantly faster performance and can process hundreds of email messages per second simultaneously while featuring a spam filtering engine that uses less resources than SpamAssassin. Also, Rspamd features a simple but powerful web management interface that provides the ability to set metric actions, spam scores, view spam email statistics and set spam learning from within your DirectAdmin control panel.
Rspamd will filter email and prevent incoming spam from reaching your mailbox by evaluating and analysing the message using a number of filtering rules such as using Regular Expressions (Regex) Filtering, Statistical Analysis, RBLs, etc. The email message will then have a spam score applied and will either pass the email to your mailbox, reject the email outright or add a header to the email indicating possible spam.
Some of the features built into Rspamd to fight spam include:
- Regular Expressions Filtering – allows processing of messages, their textual parts, MIME headers and SMTP data received by the MTA against a set of expressions including both normal regular expressions and message processing functions. Rspamd expressions are a powerful tool for filtering messages based on predefined rules. This feature is similar to regular expressions in SpamAssassin spam filter.
SPF – this module validates a message’s origin against the policy defined in the DNS record of sender’s domain. You can read about SPF policies here. A number of mail systems include SPF support, such as gmail or yahoo mail. - DKIM – this module validates a message cryptographic signature against a public key placed in the DNS record of sender’s domain. Like SPF, this technique is widely adopted and validates that a message was sent from a specific domain.
- DNS Black Lists – allows to estimate reputation of sender’s IP address or network. Rspamd uses a number of DNS lists including such lists as SORBS or Spamhaus. However, Rspamd doesn’t trust any specific DNS list and instead uses a conjunction of estimations to avoid mistakes and false positives. Rspamd also uses positive and grey DNS lists for checking for trusted senders.
- URL Black Lists – are rather similar to DNS black lists but measure reputation of domains seen in URLs. This technique is very useful for finding malicious domains.
- Statistics – Rspamd uses a bayesian classifier based on five gramms of input. This means that the input is evaluated not based on individual words, but organised into chains. This approach achieves better results than traditionally used monogramms (or words literally speaking).
- Fuzzy Hashes – for identifying malicious mail patterns Rspamd uses so-called fuzzy hashes. Unlike normal hashes, these structures are designed to hide small differences between text patterns allowing to find similar messages quickly. Rspamd has internal storage of such hashes and can block mass spam sendings quickly based on users’ feedback. Furthermore, fuzzy hashes are used not merely for textual data but also for images and other attachments types in email messages. Moreover, this allows for feeding Rspamd with data from honeypots without polluting the statistical module.
The spam filtering rules are an essential part of the spam fighting techniques and systems. While Rspamd provides their own prepared rules by default, we can easily add our own.
In this guide, we will explain how to add custom spam filtering rules to Rspamd to enable better spam email filtering and/or reduce false positive rates. The custom spam filtering rules we will be adding to Rspamd will use a number of different techniques and make use of the built in features such as Regular Expressions Filtering, DNS Black Lists, URL Black Lists and checking/building Fuzzy Hashes. In addition we will also add a DNS and URL White List to reduce false positives.
Note
In order to add the custom spam filtering rules to Rspamd, we will be using external Rspamd spam filtering rules provided by mail.baby. Mail Baby is a transactional outbound email provider who offer email filtering using a simple billing model and is a brand owned and operated by InterServer, a leading provider of managed web hosting, Cloud VPS hosting and dedicated servers.
While we are using custom Rspamd spam filtering rules provided by Mail Baby, you can also use this guide to install alternative custom spam filtering rules provided by MXRoute, a highly respected email hosting provider.
Perquisites
Before we start, if you haven’t installed Rspamd on your DirectAdmin server, you can install it using the following commands.
cd /usr/local/directadmin/custombuild ./build update ./build set spamd rspamd ./build rspamd ./build exim_conf
As Rspamd is a direct drop-in replacement for SpamAssassin, it uses the same configuration files in the user’s directory as SpamAssassin does. Therefore, when a user changes their SpamAssassin settings through the DirectAdmin control panel the config file is saved is automatically updated and no other changes will be required. Once custombuild has install Rspamd you will be able to access the Rspamd web interface from the Admin level dashboard within DirectAdmin.
Install Custom Spam Filtering Rules
Important
After adding these custom spam filtering rules to Rspamd you should see a reduction in the level of spam being received by your server and passed to your hosted email mailboxes. However, it is important to note these rules are only applied on inbound email received and will not be applied to any outbound email message from your server. If you are wanting to improve email deliverability from your server you will need to use a transactional outbound email provider such as mail.baby or MXRoute and change the settings in your Exim configuration file.
The custom spam filtering rule files will be stored in the local.d
folder inside the main rspamd
folder. You can navigate to the local.d
folder using the following command.
cd /etc/rspamd/local.d
Now we will download the custom spam filtering rule files from Github into the local.d
folder using the following command.
wget https://raw.githubusercontent.com/mailbaby/rspamd-rules/main/local.d/fuzzy_check.conf && wget https://raw.githubusercontent.com/mailbaby/rspamd-rules/main/local.d/fuzzy_group.conf && wget https://raw.githubusercontent.com/mailbaby/rspamd-rules/main/local.d/multimap.conf && wget https://raw.githubusercontent.com/mailbaby/rspamd-rules/main/local.d/rbl.conf && wget https://raw.githubusercontent.com/mailbaby/rspamd-rules/main/local.d/rbl_group.conf
After downloading the custom spam filtering rule files you will need to rebuild Rspamd and the Exim configuration file using the following commands.
cd /usr/local/directadmin/custombuild ./build rspamd ./build exim_conf
Now after logging into your DirectAdmin dashboard select Rspamd Spam Filtering System icon under the Admin Tools section. Once the Rspamd dashboard has loaded you will now see Mailbaby listed under the Fuzzy Hashes section.
You can adjust the score applied to each of custom spam filtering rule we have just installed by selecting Symbols from the toolbar and search for Mailbaby under the Symbols and Rules section.
You can also adjust the score applied to each Interserver RBL in the Symbols dashboard and searching for Interserver under the Symbols and Rules section.
That’s it. You have successfully added custom spam filtering rules to Rspamd to enable better spam email filtering and/or reduce false positive rates.