Rspamd more positive

Support and Discussion General Discussion
,
1

I was having problems with spam and reported it on Facebook HERE When I didn’t get a response, I went after it because the spam was annoying and Rspamd wasn’t blocking it.

I found a solution that helped me a lot!

But unfortunately at first it wasn’t working well, so I remembered to give permissions to the folders to the rspamd Linux user with the command below

chown -R _rspamd:_rspamd /etc/rspamd/override.d

I restarted Rspamd

sudo systemctl restart rspamd

That’s it, rspamd started mitigating unwanted spam promptly.

I’m letting you know in case anyone else has this problem too.

2

You blocked a certain domain ? clamav was not able to stop spam?

3

I’ll answer here too to document it and someone who has the same problem can solve it.

Hello boss!

After much research into the problems with CSF, I found a solution to the problem with fuzzy hashes that rspamd reported.

Rspamd started connecting to Fuzzy Hashs via UDP 11335 and CSF was blocking the port, the solution was to release the port at:

https://www.myhost.com:8090/firewall/csf

adding UDP In and Out ports - 11335

Another problem I’m facing is several logs that rspamd reports as:

lfd on myhost.com.br: Suspicious process running under user postfix

And there were more problems like this related to other users, so I went to investigate the CSF/LFD logs and it was returning website crons as malicious, so I added the lines in /etc/csf/csf.pignore

exe:/usr/bin/rspamadm
exe:/usr/bin/rspamc
exe:/usr/bin/rspamd
exe:/usr/bin/rspamd_stats
exe:/usr/bin/perl
exe:/usr/bin/mail.postfix
exe:/usr/bin/mailq.postfix
exe:/usr/bin/wget
exe:/usr/bin/crond
exe:/usr/local/lsws/lsphp74/bin/lsphp
exe:/usr/local/lsws/lsphp80/bin/lsphp
cmd:spamd child

But postfix is ​​still recognized as suspicious.

4

Great work, which means rspamd infact was working and it was csf causing problem.

so after you adding ports in csf, rspamd able to fight spam for you? do you have to do what you have done in the first post?

5

Yes, I had to do the first procedure by creating a no domain rule in rspamd, once the rule was done and blocking the domains, spam decreased a lot.

6

Rules you created in first post, will block certain domains from sending emails to your server.

But the question is what is no such domain is specified, then clamav is not enough to do the job ?

7

I’m sorry for the delay.

In my case, clamav is not being effective.