ansible-role-rspamd/README.md

# rspamd

## configuration

### redis
configure redis and tell rspamd to use it:
```
redis:
  instances:
    - name: rspamd
      socket_enabled: true
      maxmemory: 200M
      maxmemory_policy: volatile-ttl
    - name: rspamd-bayes
      socket_enabled: true
      maxmemory: 500M
      maxmemory_policy: volatile-ttl
    - name: rspamd-fuzzy
      socket_enabled: true
      maxmemory: 200M
      maxmemory_policy: volatile-ttl

rspamd:
  local_configs:
    redis.conf:
      servers: /var/run/redis/redis-rspamd.sock
    classifier-bayes.conf:
      backend: redis
      servers: /var/run/redis/redis-rspamd-bayes.sock
    worker-fuzzy.inc:
      backend: redis
      servers: /var/run/redis/redis-rspamd-fuzzy.sock
```

### milter
add rspamd to your smtpd_milters:
```
postfix:
  smtpd_milters:
    - "inet:localhost:11332"
```

## dkim signing

rspamd can sign outgoing mails with dkim. the following steps are necessary:
* create a keypair: `rspamadm dkim_keygen -d <domain> -s <selector>`
  * domain should be the domain you want to sign mails for
  * selector should be an unique identifier, for example: 2021020801
* add dns record
* create private key file at `/var/lib/rspamd/dkim/<domain>.<selector>.key`
  * `chown _rspamd /var/lib/rspamd/dkim/*`
  * `chmod u=r,go= /var/lib/rspamd/dkim/*`
* create/update selector in `/etc/rspamd/dkim_selectors.map`: `<domain>   <selector>`


## spam learning
To train ham/spam from move actions from/to junk folder, `imap_sieve` needs to be enabled in dovecot.

## writing manual rules
example:
```
files:
  "/etc/rspamd/local.d/rspamd.lua":
    owner: _rspamd
    group: root
    mode: "0640"
    content: |
      -- Generica
      config['regexp']['SUBJECT_GENERICA'] = {
        re = 'Subject=/Die besten Generica/Hu',
        description = 'Subject contains "Die besten Generica"',
        score = 13.37,
        group = 'headers'
      }
```