Rspamd more positive

lucasfurlan · February 21, 2024, 7:51pm

I was having problems with spam and reported it on Facebook HERE When I didn’t get a response, I went after it because the spam was annoying and Rspamd wasn’t blocking it.

I found a solution that helped me a lot!

github.com/Mailu/Mailu

Help please blocking spam

opened 06:37AM - 11 Jul 20 UTC

closed 12:52AM - 18 Jul 20 UTC

ghost

Hello, I'm new using rspamd and want to know if anyone knows how to block some d…omain. There is a domain (let it be "spamdomain.com") that is spamming constantly, and I don't know how to stop it. I'm using WebUI, and I was reading in your docs https://rspamd.com/doc/modules/multimap.html that multimap and prefilters would help with this, but I'm super noob and don't know where to put it, neither the syntax (I tried to understand the docs, but it was confusing to me). I suspect that the filter that I need is "email:domain", right? Anyone can give me a hand with this? Many thanks in advance

But unfortunately at first it wasn’t working well, so I remembered to give permissions to the folders to the rspamd Linux user with the command below

chown -R _rspamd:_rspamd /etc/rspamd/override.d

I restarted Rspamd

sudo systemctl restart rspamd

That’s it, rspamd started mitigating unwanted spam promptly.

I’m letting you know in case anyone else has this problem too.

usmannasir · February 22, 2024, 7:00am

You blocked a certain domain ? clamav was not able to stop spam?

lucasfurlan · February 23, 2024, 6:54pm

I’ll answer here too to document it and someone who has the same problem can solve it.

Hello boss!

After much research into the problems with CSF, I found a solution to the problem with fuzzy hashes that rspamd reported.

Rspamd started connecting to Fuzzy Hashs via UDP 11335 and CSF was blocking the port, the solution was to release the port at:

https://www.myhost.com:8090/firewall/csf

adding UDP In and Out ports - 11335

Another problem I’m facing is several logs that rspamd reports as:

lfd on myhost.com.br: Suspicious process running under user postfix

And there were more problems like this related to other users, so I went to investigate the CSF/LFD logs and it was returning website crons as malicious, so I added the lines in /etc/csf/csf.pignore

exe:/usr/bin/rspamadm
exe:/usr/bin/rspamc
exe:/usr/bin/rspamd
exe:/usr/bin/rspamd_stats
exe:/usr/bin/perl
exe:/usr/bin/mail.postfix
exe:/usr/bin/mailq.postfix
exe:/usr/bin/wget
exe:/usr/bin/crond
exe:/usr/local/lsws/lsphp74/bin/lsphp
exe:/usr/local/lsws/lsphp80/bin/lsphp
cmd:spamd child

But postfix is still recognized as suspicious.

usmannasir · February 24, 2024, 6:42am

Great work, which means rspamd infact was working and it was csf causing problem.

so after you adding ports in csf, rspamd able to fight spam for you? do you have to do what you have done in the first post?

lucasfurlan · February 24, 2024, 12:27pm

Yes, I had to do the first procedure by creating a no domain rule in rspamd, once the rule was done and blocking the domains, spam decreased a lot.

usmannasir · February 25, 2024, 11:10am

Rules you created in first post, will block certain domains from sending emails to your server.

But the question is what is no such domain is specified, then clamav is not enough to do the job ?

lucasfurlan · March 7, 2024, 3:50pm

I’m sorry for the delay.

In my case, clamav is not being effective.

ScrapMTL · May 30, 2025, 2:55pm

Sorry to revive a year old thread, but I’m having trouble getting RSPAMD to learn from the JUNK folders. I tried your above steps, but it’s still the same. It does catch some obvious spam, and rejects or adds headers. But it won’t learn with moving items in and out of junk. Were there any other steps you needed to take?