[Rspamd-Users] No header changes in incoming or outgoing mail when using rspamd as milter (Fedora 41 + Postfix)

Guido Winkelmann guido-rspm at unknownsite.de
Wed Apr 2 19:13:39 UTC 2025 

Hi,

I'm having trouble getting rspamd 3.11.1 to actually do anything to my emails 
that I can see and react upon.

Background:
I have been running rspamd 3.8 fairly successfully on my old email server for 
many years now. On the old mail server, postfix would use rspamd as a milter, 
and the mail would then come back with a number of new headers including 
detailed scan results. I would then use the header "X-Spam" to filter email 
into a Spam folder using a sieve script in my IMAP server (Cyrus). However, 
the OS on my old server is EOL, so I have to somewhat urgently migrate to 
something newer. Since CentOS seems to have given up on the development model 
that originally made it make sense to me as a production server OS, I decided 
to switch to Fedora.

Anyway, my problem is that, on the new server, after installing and configuring 
rspamd and configuring it as a milter in postfix (and restarting everything at 
least once…), there are no rspamd headers in my incoming emails. (Or my 
outgoing emails. I've enabled the dkim portion of rspamd during the 
configuration, so there should be something in outgoing mails, too.) I cannot 
figure out why.

Here is the relevant part from my postfix/main.cf:
=======
# Milter setup
smtpd_milters = inet:localhost:11332
milter_default_action = accept
milter_protocol = 6
=======

This is mostly identical to what it was on my old server, except the old one 
also had this line:

milter_mail_macros = i {auth_type} {auth_authen} {auth_author} {mail_addr} 
{mail_host} {mail_mailer}

I've both with and without this line, same (lack of) result.

According to 'tcpdump -i lo port 11332', there is definitely some communication 
going on between postfix and rspamd when new mail comes in. There is absolutely 
nothing in rspamd's logs about that, though. 'journalctl -u rspamd' looks like 
this:

=======
Apr 01 13:49:31 mailweb4 systemd[1]: Started rspamd.service - rapid spam 
filtering system.
Apr 01 13:49:32 mailweb4 rspamd[95376]: 2025-04-01 13:49:32 #95376(main) 
<250e55>; main; main: rspamd 3.11.1 is loading configuration, build id: release
Apr 01 15:58:50 mailweb4 systemd[1]: Stopping rspamd.service - rapid spam 
filtering system...
Apr 01 15:59:06 mailweb4 systemd[1]: rspamd.service: Deactivated successfully.
Apr 01 15:59:06 mailweb4 systemd[1]: Stopped rspamd.service - rapid spam 
filtering system.
Apr 01 15:59:06 mailweb4 systemd[1]: rspamd.service: Consumed 30.232s CPU 
time, 350M memory peak.
Apr 01 23:13:06 mailweb4 systemd[1]: Started rspamd.service - rapid spam 
filtering system.
Apr 01 23:13:06 mailweb4 rspamd[102629]: 2025-04-01 23:13:06 #102629(main) 
<f0f968>; main; main: rspamd 3.11.1 is loading configuration, build id: release
Apr 02 15:06:28 mailweb4 systemd[1]: Reloading rspamd.service - rapid spam 
filtering system...
Apr 02 15:06:28 mailweb4 systemd[1]: Reloaded rspamd.service - rapid spam 
filtering system.
=======

As if it was never doing anything at all aside from restarting.

Meanwhile, after adding -v to smtpd in /etc/postfix/master.cf, journalctl -u 
postfix shows this when new mail comes in: https://pastebin.com/7LaBhF6g
(Pastebin because it's too long.)

I'm still not sure if the fault is on the rspamd side or the postfix side. 
There is something in the postfix logs about "abort all milters", but I cannot 
see why…

Rspamd is configured mostly as vanilla as possible. I originally started it as 
is, and when I saw no results, I ran rspamadm configwizard. The transcript of 
that looks as follows:

=======
# rspamadm configwizard
  ____                                     _
 |  _ \  ___  _ __    __ _  _ __ ___    __| |
 | |_) |/ __|| '_ \  / _` || '_ ` _ \  / _` |
 |  _ < \__ \| |_) || (_| || | | | | || (_| |
 |_| \_\|___/| .__/  \__,_||_| |_| |_| \__,_|
             |_|

Welcome to the configuration tool
We use /etc/rspamd/rspamd.conf configuration file, writing results to /etc/
rspamd
Modules enabled: chartable, once_received, rbl, milter_headers, regexp, arc, 
forged_recipients, whitelist, phishing, asn, mid, mime_types, 
metadata_exporter, maillist, trie, spf, hfilter, bayes_expiry, multimap, dkim, 
dkim_signing, fuzzy_check, dmarc, settings, force_actions
Modules disabled (explicitly): aws_s3, bimi, dcc, gpt, p0f, rspamd_update, 
known_senders, elastic, spamtrap, external_relay, mx_check, http_headers
Modules disabled (unconfigured): clustering, spamassassin, ip_score, antivirus, 
metric_exporter, emails, reputation, clickhouse, maps_stats, 
external_services, fuzzy_collect, dynamic_conf
Modules disabled (no Redis): greylist, url_redirector, neural, ratelimit, 
history_redis, replies
Modules disabled (experimental): 
Modules disabled (failed): 
Do you wish to continue?[Y/n]: y
Setup WebUI and controller worker:
Controller password is not set, do you want to set one?[Y/n]: y
Enter passphrase: 
Set encrypted password to: #########
Redis servers are not set:
The following modules will be enabled if you add Redis servers:
        * greylist
        * url_redirector
        * neural
        * ratelimit
        * history_redis
        * replies
Do you wish to set Redis servers?[Y/n]: y
Input read only servers separated by `,` [default: localhost]: 
Input write only servers separated by `,` [default: localhost]: 
Do you have any username set for your Redis (ACL SETUSER and Redis 6.0+)[y/N]: 
Do you have any password set for your Redis?[y/N]: 
Do you have any specific database for your Redis?[y/N]: 
Do you want to setup dkim signing feature?[y/N]: y
=======
(Snip some parts about dkim domain keys, which are almost certainly not 
relevant.)
=======
File: /etc/rspamd/local.d/redis.conf, changes list:
write_servers => localhost
read_servers => localhost

File: /etc/rspamd/local.d/dkim_signing.conf, changes list:
use_esld => true
sign_authenticated => true
allow_username_mismatch => true
domain => {[unknownsite.de] = {[selector] = dkim, [path] = /var/lib/rspamd/
dkim/unknownsite.de.dkim.key}, [thisisatest.de] = {[selector] = dkim, [path] = 
/var/lib/rspamd/dkim/thisisatest.de.dkim.key}}
use_domain => header
allow_hdrfrom_mismatch => true
allow_hdrfrom_mismatch_sign_networks => true

File: /etc/rspamd/local.d/worker-controller.inc, changes list:
password => #########

Apply changes?[Y/n]: 
Create file /etc/rspamd/local.d/redis.conf
Create file /etc/rspamd/local.d/dkim_signing.conf
Create file /etc/rspamd/local.d/worker-controller.inc
3 changes applied, the wizard is finished now
*** Please reload the Rspamd configuration ***
======

RSpamd is installed using rpmbuild and the provided SPEC-file from the rpm 
subdirectory, although I had to make a few changes to get it to compile. In 
particular, I had to disable support for Fasttext. I found in the release 
notes for some earlier version that fasttext is supposed to be bundled now 
(which would be good because Fedora doesn't seem to ship fasttext), but if it 
is, the cmake build scripts cannot find it.

Could somebody help me with this? I'm kinda at my wits ends here…

Regards,

Guido Winkelmann

More information about the Users mailing list