kopano antispam and antivirus

  • for our customer we use a relaysever with https://www.mailscanner.info/ in combination with kopano this works also good as an alternative.

  • I use mailscanner on centos together with relaydelay (greylisting) and things like pyzor / razor (if I remember correctly) and others.

  • Thank you all for your reply’s

  • ive linked the mailscanner (spamassassin DB ) base to the kopano spam setup train works great.

  • hi @thctlo

    Do you got any documentation on how to do this?

  • Hi @ckruijntjens

    Have a look at Rspamd. Very versatile solution for filtering spam based on many different factors (DNSBL, IP reputation, SPF, DKIM, DMARC, Bayes, Fuzzy hashes, phishing checks, …). Can be used together with several anti virus engines (Sophos, Clam AV, …). Mails containing attachments with blacklisted extentions can be rejected (with multimap module). Can easily be integrated with kopano-spamd. Works great for me.

  • hi @ashceryth

    thanks for the information. i will definitly loop into this!

  • @ashceryth

    Is there anything special we need to configure to let kopano-spamd work with rspamd?

  • @ckruijntjens

    You can use it together with inotify-spamlearn.py script (https://github.com/bkram/inotify-spamlearn). Do you want to run Rspamd on the same host as Kopano or on a different machine? Assuming Rspamd is running on the same host the following settings for spamcmd and hamcmd should work (untested):

    spamcmd = /usr/bin/rspamc learn_spam
    hamcmd = /usr/bin/rspamc learn_ham

    If Rspamd runs on a different host than the Kopano installation my modified version of inotify-spamlearn (https://github.com/ashceryth/inotify-spamlearn/blob/master/inotify-spamlearn.py) can be used with curl for learning (tested):

    spamcmd = /usr/bin/curl --data-binary @- https://rspamd.host/learnspam?password=pass
    hamcmd = /usr/bin/curl --data-binary @- https://rspamd.host/learnham?password=pass

  • slightly unrelated question: is rspamd better than spamassassin (which is the one I use)?

  • @mcostan

    There is a comparison on their website: https://rspamd.com/comparison.html

    I was using AMaViS with SpamAssassin and switched to Rspamd a while ago. I prefer the latter because it is more modern, performant and versatile . I like that it can be integrated with Postfix via Milter (so that mails can be rejected before queuing them) by default (well, can also be done with amavisd-milter). If you utilize DKIM and DMARC you don’t need additional tools like opendkim and opendmarc anymore. There are already modules for Rspamd which can be used for signing, checking and reporting. Filtering works better (for me) as there are more factors that contribute to the spam score of a mail. There are official repos with frequent updates. Personally, I would always prefer Rspamd over SA.

  • Hi,

    now i run efa project and think i want to run this a little longer. can I let kopano-spamd learn efa. So that if i drag a mesage to the spam folder that my efa appliance detects this?

    My second question is that i can not get inotify-spamlearn working. i think i have an older pyton version? i am on centos 7. anyone has experiense with this?

  • If you drag a mail from your inbox to the junk folder kopano-spamd saves the raw mail to the spam directory specified in spamd.cfg. When a mail is moved from junk folder to inbox (ham) the mail is stored in the configured ham directory. The mails can then be picked up and used for learning spam/ham. One way to pickup these mails and hand them to your spam filter for learning is inotify-spamlearn script. Inotify-spamlearn simply monitores the directories for new mails and executes the learning command for each of them.

    You need python3 for inotify-spamlearn. You also need to install python3 version of inotify module with pip.

  • @ashceryth

    Hi thanks for your reply. The only thing i am missing now is how can i tell that spamassasin, efa is on a different machine?

  • I’m not familiar with efa. Is it just using SpamAssassin and can you simply use the sa-learn command? If yes, you could use ssh and pipe the mail over ssh to the sa-learn command on the efa host. Maybe there are also other and better possibilities…

  • You could try to use something like /usr/bin/ssh amavis@your.spamassassin.host /usr/bin/sa-learn --spam as spamcmd (haven’t tested it this way, but used something similiar a while ago) with my version of the script. Authentication can be done with ssh pub-key.

    This version of inotify-spamlearn pipes the content of the mail to the specified spamcmd/hamcmd in the config file: https://github.com/ashceryth/inotify-spamlearn/blob/master/inotify-spamlearn.py

  • @ashceryth

    im thinking of installing rspamd for a try. i am now installing this. however how i we install python 3 on centos 7 for the other package with the modules? (Inotify-spamlearn)

    i also have a question about rspamd. i cant get the webui working. i followed the quick tutorial but can not connect to my internal ip port 11334

    also i install python 3.6 and with pip i installed inotify. however the module still can not be found?

    any tips on this one?

  • Sorry, without digging into it I don’t have a clue why the webui isn’t working. If you face any truoubles the best place to ask for support would be one of their channels: https://rspamd.com/support.html

    You need to use pip3 for installing python3 modules. Did you do it that way?

  • @ashceryth

    Hi i think if i dig in some deeper i will get the ui to work. However i install python3.6 and pip3.6. then i installed with pip3.6 the notify module. however when i want to start the service it keeps saying that the module is missing?

  • Does it work when you run it manually: python3 /path/to/inotify-spamlearn.py?

Log in to reply