Rspamd is the new antispam engine of NethServer, it replaces SpamAssassin and Amavisd-new.
The official documentation of Rspamd is available at https://rspamd.com
You need to install the Email module from the Software center page. The menu where to activate it and modify its settings is on the Email > Filter page. You can read more in the Email filter section.
Rspamd Web Interface¶
The antispam component is implemented by Rspamd which provides its administrative web interface at
The actual URL is listed under the Applications page. By default
access is granted to members of the
domain admins group and to the
user (see also Admin account). An additional special login
rspamd can be used to access it. Its credentials are available from
Email > Filter > Rspamd user interface (Web URL): just follow the
The Rspamd web UI:
- displays messages and actions counters,
- shows the server configuration,
- tracks the history of recent messages,
- allows training the Bayes filter by submitting a message from the web form.
It is the landing menu, the global statistics are available on the Rspamd service.
The graphics are displayed in this menu to explain the activity of the antispam software. You can adjust the time scale (hourly, daily, weekly, montly) and modify some other settings to refine the graphics
The Configuration > Lists menu is useful to edit lists of allowed IP/Domain/mime for the modules, you will find:
- mime list types
When you want to create an exception list in a module, you could give the path
/var/lib/rspamd/, the list will be editable by the Rspamd web interface.
Rspamd use a concept of symbols which will increase or decrease the spam score when the rule has matched. The symbol weight is modifiable, negative score are for good email, positive are for spam.
Find the matching symbols¶
The convenient way is to use the History > History menu.
Modify a symbol weight¶
An easier way to change the symbol weight is to use the Rspamd WebUI: Symbols > Symbols and rules. A search box is available, you could use it to display the symbol and modify its weight.
- Symbol score for spam is in red (positive score)
- Symbol score for ham is in green (negative score)
If you want to remove the custom settings, you could edit the file
/var/lib/rspamd/rspamd_dynamic or remove them in the Rspamd Web Interface:
Configuration > Lists > rspamd_dynamic
You could redefine manually the scores defined in
where they are placed by a symbol’s group. Like for the modules, you could overwrite
the setting in
scores.d/*_group.conf < local.d/*_group.conf < override.d/*_group.conf
The purpose of the Learning Menu is to train the Bayes filter, you could use directly the source of the email in the relevant text area to make learn to rspamd if the email is a spam or a ham.
The Scan menu can be used to scan directly an email and check its score and the matching symbols.
The Rspamd web Interface could be used to display the action done and the spam score against an email, see History > History
You could display a list of symbols by clicking on the email field, it will help you to understand the action done (reject, add_header, no_action, rewrite_subject, greylist) and gather useful informations like:
- the sender
- the recipient
- the subject
- the full score
Rspamd comes with a modular approach, all modules are not enabled by default and are
customisable by the system administrator. The default settings are in the file
/etc/rspamd/modules.d/MODULE_NAME.conf, relevant to the module name.
For a particular need, you can look the documentation with the list of modules.
Disable a module¶
You must disable a module only with a good reason. For example the ip_score module could give a high spam score due to the IP of the email sender, if it is blacklisted.
In that example we could disable the module but many modules (like ip_score) implement a white list to do not check an ip or a domain against the spam filter.
Create a file (relevant to the module name)
enabled = false;
systemctl restart rspamd
Modify the settings of a module¶
All the default settings of a module are in
/etc/rspamd/local.d/MODULE_NAME.conf to modify these parameters.
Therefore the prefered way is to use
to either change the Rspamd and NethServer default settings. The override file uses the
new parameter with a high preference, all former settings are kept.
modules.d/MODULE_NAME.conf < local.d/MODULE_NAME.conf < override.d/MODULE_NAME.conf
In that example we want to implement a list of IP to allow them in the ip_score module.
Create a file
whitelist = "file:///var/lib/rspamd/ip_score_whitelist";
systemctl restart rspamd
The whitelist is editable in the rspamd UI at Configuration > Lists > ip_score_whitelist
/var/lib/rspamd is owned by Rspamd, all files here are modifiable by the software