{"id":928,"date":"2021-04-17T16:17:58","date_gmt":"2021-04-17T07:17:58","guid":{"rendered":"https:\/\/sirius10.net\/blog\/wordpress\/?p=928"},"modified":"2021-04-17T16:24:05","modified_gmt":"2021-04-17T07:24:05","slug":"post-928","status":"publish","type":"post","link":"https:\/\/sirius10.net\/blog\/wordpress\/index.php\/2021\/04\/17\/928\/","title":{"rendered":"\u30e1\u30fc\u30eb\u30d5\u30a3\u30eb\u30bf(Rspamd)"},"content":{"rendered":"\n<p>\u3000\u306a\u306b\u304b\u5165\u308c\u3066\u304a\u304b\u306a\u3044\u3068\u8ff7\u60d1\u30e1\u30fc\u30eb\u307e\u307f\u308c\u306b\u306a\u308a\u305d\u3046\u306a\u306e\u3067\u3001<a href=\"https:\/\/server-recipe.com\/1533\/\">https:\/\/server-recipe.com\/1533\/<\/a> \u3092\u53c2\u8003\u306b\u3001Rspamd \u3092\u52d5\u304b\u3057\u3066\u307f\u307e\u3059\u3002web \u304b\u3089\u306e\u8a2d\u5b9a\u3082\u3067\u304d\u308b\u3088\u3046\u3067\u3059\u3002\u4ee5\u524d\u306f\u3001\u30d9\u30a4\u30b8\u30a2\u30f3\u30d5\u30a3\u30eb\u30bf\u3092\u5143\u306b\u3057\u305f bsfilter \u3092\u4f7f\u3063\u3066\u3044\u307e\u3057\u305f\u3002<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb<\/h2>\n\n\n\n<p class=\"console\">$ sudo apt-get install -y redis rspamd<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">\u8a2d\u5b9a<\/h2>\n\n\n\n<p>\u3000\u8a2d\u5b9a\u7528\u306e\u30b3\u30de\u30f3\u30c9\u3067\u521d\u671f\u8a2d\u5b9a\u3092\u3057\u307e\u3059\u3002<\/p>\n\n\n\n<p class=\"console\">$ sudo rspamadm configwizard<\/p>\n\n\n\n<p class=\"file\"><code>connect [fe80::8dc5:4d7b:9d41:3cef]:53 failed: 22, '\u7121\u52b9\u306a\u5f15\u6570\u3067\u3059'\ncannot open connection to nameserver at address fe80::8dc5:4d7b:9d41:3cef: \u7121\u52b9\u306a\u5f15\u6570\u3067\u3059\n  ____                                     _\n |  _ \\  ___  _ __    __ _  _ __ ___    __| |\n | |_) |\/ __|| '_ \\  \/ _` || '_ ` _ \\  \/ _` |\n |  _ < \\__ \\| |_) || (_| || | | | | || (_| |\n |_| \\_\\|___\/| .__\/  \\__,_||_| |_| |_| \\__,_|\n             |_|\n\nWelcome to the configuration tool\nWe use \/etc\/rspamd\/rspamd.conf configuration file, writing results to \/etc\/rspamd\nModules enabled: fuzzy_check, hfilter, phishing, dkim_signing, asn, settings, chartable, arc, trie, bayes_expiry, elastic, rspamd_update, ip_score, metadata_exporter, rbl, regexp, mid, multimap, dkim, surbl, mime_types, maillist, emails, once_received, dmarc, forged_recipients, milter_headers, whitelist, force_actions, spf\nModules disabled (explicitly): url_tags, url_reputation, spamtrap, dcc, mx_check, neural\nModules disabled (unconfigured): spamassassin, reputation, metric_exporter, dynamic_conf, clustering, antivirus, fuzzy_collect, maps_stats, clickhouse\nModules disabled (no Redis): greylist, url_redirector, ratelimit, replies, history_redis\nModules disabled (experimental): \nModules disabled (failed): \nDo you wish to continue?[Y\/n]: \nSetup WebUI and controller worker:\nController password is not set, do you want to set one?[Y\/n]: n\nRedis servers are not set:\nThe following modules will be enabled if you add Redis servers:\n\t* greylist\n\t* url_redirector\n\t* ratelimit\n\t* replies\n\t* history_redis\nDo you wish to set Redis servers?[Y\/n]: \nInput read only servers separated by `,` [default: localhost]: \nInput write only servers separated by `,` [default: localhost]: \nDo you have any password set for your Redis?[y\/N]: \nDo you have any specific database for your Redis?[y\/N]: \nDo you want to setup dkim signing feature?[y\/N]: \nYou have 1 sqlite classifiers\nExpire time for new tokens [100d]: \nReset previous data?[y\/N]: \nDo you wish to convert them to Redis?[Y\/n]: \nConvert spam tokens\n\nConvert ham tokens\n\nMigrated 0 tokens for 2 users for symbols (BAYES_SPAM, BAYES_HAM)\nConverted classifier to the from sqlite to redis\nFile: \/etc\/rspamd\/local.d\/classifier-bayes.conf, changes list:\nbackend => redis\nnew_schema =&gt; true\nexpire =&gt; 8640000\n\nFile: \/etc\/rspamd\/local.d\/redis.conf, changes list:\nwrite_servers =&gt; localhost\nread_servers =&gt; localhost\n\nApply changes?[Y\/n]: \nCreate file \/etc\/rspamd\/local.d\/classifier-bayes.conf\nCreate file \/etc\/rspamd\/local.d\/redis.conf\n2 changes applied, the wizard is finished now\n*** Please reload the Rspamd configuration ***\n<\/code><\/p>\n\n\n\n<p>\u3000\u30d1\u30b9\u30ef\u30fc\u30c9\u306f\u5f8c\u3067\u8a2d\u5b9a\u3059\u308b\u306e\u3067\u3001\u300cController password is not set, do you want to set one?\u300d\u306b\u306f N \u3092\u7b54\u3048\u3066\u3001\u5f8c\u306f\u30c7\u30d5\u30a9\u30eb\u30c8\u3067\u3044\u3044\u3067\u3059\u3002<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">\u30d1\u30b9\u30ef\u30fc\u30c9\u306e\u8a2d\u5b9a<\/h3>\n\n\n\n<p> \u3000web \u304b\u3089\u306e\u95b2\u89a7\u7528\u3068\u7ba1\u7406\u7528\u306e\u30d1\u30b9\u30ef\u30fc\u30c9\u3092\u8a2d\u5b9a\u3057\u307e\u3059\u3002rspamadm \u3092 2 \u56de\u5b9f\u884c\u3057\u3066\u3001\u30d1\u30b9\u30ef\u30fc\u30c9\u306b\u5bfe\u3059\u308b\u30cf\u30c3\u30b7\u30e5\u3092\u8a08\u7b97\u3057\u307e\u3059\u3002\u3053\u306e\u30cf\u30c3\u30b7\u30e5\u3092\u5229\u7528\u3057\u307e\u3059\u3002<\/p>\n\n\n\n<p class=\"console\">$ rspamadm pw<\/p>\n\n\n\n<p>\u3000\u3053\u306e\u30cf\u30c3\u30b7\u30e5\u3092 \/etc\/rspamd\/local.d\/worker-controller.inc \u306b\u66f8\u304d\u307e\u3059\u3002<\/p>\n\n\n\n<p class=\"console\">$ sudo vi \/etc\/rspamd\/local.d\/worker-controller.inc<\/p>\n\n\n\n<p class=\"file\">password = &#8220;\u95b2\u89a7\u7528\u30cf\u30c3\u30b7\u30e5&#8221;;<br>enable_password = &#8220;\u7ba1\u7406\u7528\u30cf\u30c3\u30b7\u30e5&#8221;;<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">\u305d\u306e\u4ed6<\/h3>\n\n\n\n<p class=\"console\">$ sudo vi \/etc\/rspamd\/local.d\/redis.conf<\/p>\n\n\n\n<p class=\"file\">write_servers = &#8220;127.0.0.1:6379&#8221;;<br>read_servers = &#8220;127.0.0.1:6379&#8221;;<\/p>\n\n\n\n<p>\u3000\u5230\u7740\u3057\u305f\u30e1\u30fc\u30eb\u306e\u30d8\u30c3\u30c0\u306b\u300cX-Spam-Level\u300d\u306a\u3069\u306e\u60c5\u5831\u3092\u8ffd\u52a0\u3059\u308b\u305f\u3081\u306e\u8a2d\u5b9a\u3092\u3057\u307e\u3059\u3002<\/p>\n\n\n\n<p class=\"console\">$ sudo vi \/etc\/rspamd\/local.d\/milter_headers.conf<\/p>\n\n\n\n<p class=\"file\"><code>use = [\"spam-header\", \"x-spam-level\", \"x-spam-status\", \"x-virus\", \"authentication-results\"];\nskip_local = false;\nskip_authenticated = true;\nextended_spam_headers = true;\nroutines {\n  spam-header {\n    header = \"X-Spam-Flag\";\n    remove = 1;\n    value = \"YES\";\n  }\n  x-spam-level {\n    header = \"X-Spam-Level\";\n    remove = 1;\n    char = \"*\";\n  }\n  x-spam-status {\n    header = \"X-Spam-Status\";\n    remove = 1;\n  }\n  x-virus {\n    header = \"X-Virus-Check\";\n    remove = 1;\n    symbols = [\"CLAM_VIRUS\"];\n  }\n  authentication-results {\n    header = \"Authentication-Results\";\n    remove = 1;\n    add_smtp_user = false;\n    spf_symbols {\n      pass = \"R_SPF_ALLOW\";\n      fail = \"R_SPF_FAIL\";\n      softfail = \"R_SPF_SOFTFAIL\";\n      neutral = \"R_SPF_NEUTRAL\";\n      temperror = \"R_SPF_DNSFAIL\";\n      none = \"R_SPF_NA\";\n      permerror = \"R_SPF_PERMFAIL\";\n    }\n    dkim_symbols {\n      pass = \"R_DKIM_ALLOW\";\n      fail = \"R_DKIM_REJECT\";\n      temperror = \"R_DKIM_TEMPFAIL\";\n      none = \"R_DKIM_NA\";\n      permerror = \"R_DKIM_PERMFAIL\";\n    }\n    dmarc_symbols {\n      pass = \"DMARC_POLICY_ALLOW\";\n      permerror = \"DMARC_BAD_POLICY\";\n      temperror = \"DMARC_DNSFAIL\";\n      none = \"DMARC_NA\";\n      reject = \"DMARC_POLICY_REJECT\";\n      softfail = \"DMARC_POLICY_SOFTFAIL\";\n      quarantine = \"DMARC_POLICY_QUARANTINE\";\n    }\n  }\n}\n<\/code><\/p>\n\n\n\n<h2 class=\"wp-block-heading\">web \u3067\u7ba1\u7406<\/h2>\n\n\n\n<p>\u3000web \u304b\u3089\u95b2\u89a7\uff0f\u7ba1\u7406\u3067\u304d\u308b\u3088\u3046\u306b\u8a2d\u5b9a\u3057\u307e\u3059\u3002Apache \u306e mod_proxy, mod_proxy_http \u3092\u6709\u52b9\u306b\u3057\u3066\u3001mod_rewrite \u3067\u66f8\u304d\u63db\u3048\u307e\u3059\u3002\u5916\u90e8\u304b\u3089\u3082\u30a2\u30af\u30bb\u30b9\u3067\u304d\u3066\u3057\u307e\u3046\u306e\u3067\u5bfe\u7b56\u304c\u5fc5\u8981\u3067\u3059\u3002<\/p>\n\n\n\n<p class=\"console\">$ sudo a2enmod proxy<br>$ sudo a2enmod proxy_http<br>$ vi \/etc\/apache2\/sites-available\/\u30b5\u30a4\u30c8\u8a2d\u5b9a<\/p>\n\n\n\n<p>\u3000\u4ee5\u4e0b\u3092\u8ffd\u52a0\u3057\u307e\u3059\u3002<\/p>\n\n\n\n<p class=\"file\"><code>&lt;Location \/rspamd&gt;\n        Require ip 192.168.0\n        Order allow,deny\n        Allow from all\n&lt;\/Location&gt;\n&lt;IfModule mod_rewrite.c&gt;\n        RewriteEngine  on\n        RewriteRule ^\/rspamd$ \/rspamd\/ [R,L]\n        RewriteRule ^\/rspamd\/(.*) http:\/\/sirius10.net:11334\/$1 [P,L]\n&lt;\/IfModule&gt;\n<\/code><\/p>\n\n\n\n<p>\u3000Require ip \u3067\u5185\u90e8\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u304b\u3089\u306e\u307f\u8a31\u53ef\u3057\u3066\u3044\u307e\u3059\u3002Apache \u3092\u518d\u8d77\u52d5\u3057\u307e\u3059\u3002<\/p>\n\n\n\n<p class=\"console\">$ sudo service apache2 restart<\/p>\n\n\n\n<p>\u3000localhost \u4ee5\u5916\u304b\u3089\u3082\u3064\u306a\u304c\u308b\u3088\u3046\u306b\u8a2d\u5b9a\u3057\u307e\u3059\u3002<\/p>\n\n\n\n<p class=\"console\">$ sudo vi \/etc\/rspamd\/local.d\/worker-controller.inc<\/p>\n\n\n\n<p>\u3000\u6b21\u306e 1 \u884c\u3092\u8ffd\u52a0\u3057\u307e\u3057\u305f\u3002<\/p>\n\n\n\n<p class=\"file\">bind_socket = &#8220;*:11334&#8221;;<\/p>\n\n\n\n<p>\u3000rspamd \u3092\u518d\u8d77\u52d5\u3057\u307e\u3059\u3002<\/p>\n\n\n\n<p class=\"console\">$ sudo service rspamd restart<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">postfix \u306e\u8a2d\u5b9a<\/h2>\n\n\n\n<p>\u3000\/etc\/postfix\/main.cf \u306b\u4ee5\u4e0b\u3092\u8ffd\u8a18\u3057\u307e\u3059\u3002<\/p>\n\n\n\n<p class=\"file\">#rspamd<br>smtpd_milters = inet:localhost:11332<br>milter_default_action = accept<br>milter_protocol = 6<\/p>\n\n\n\n<p>\u3000postfix \u3092\u518d\u8d77\u52d5\u3057\u307e\u3059\u3002<\/p>\n\n\n\n<p class=\"console\">$ service postfix restart<\/p>\n\n\n\n<p>\u3000\u3053\u308c\u3067\u9001\u53d7\u4fe1\u3059\u308b\u30e1\u30fc\u30eb\u3092\u30c1\u30a7\u30c3\u30af\u3059\u308b\u3088\u3046\u3067\u3059\u3002<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"952\" height=\"621\" src=\"https:\/\/sirius10.net\/blog\/wordpress\/wp-content\/uploads\/2021\/04\/2021-04-06-150852_952x621_scrot.png\" alt=\"\" class=\"wp-image-932\" srcset=\"https:\/\/sirius10.net\/blog\/wordpress\/wp-content\/uploads\/2021\/04\/2021-04-06-150852_952x621_scrot.png 952w, https:\/\/sirius10.net\/blog\/wordpress\/wp-content\/uploads\/2021\/04\/2021-04-06-150852_952x621_scrot-300x196.png 300w, https:\/\/sirius10.net\/blog\/wordpress\/wp-content\/uploads\/2021\/04\/2021-04-06-150852_952x621_scrot-768x501.png 768w\" sizes=\"auto, (max-width: 952px) 100vw, 952px\" \/><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\">\u30db\u30ef\u30a4\u30c8\u30ea\u30b9\u30c8\u306e\u4f5c\u6210<\/h2>\n\n\n\n<p>\u3000Rspamd \u3067\u30db\u30ef\u30a4\u30c8\u30ea\u30b9\u30c8\u306e\u4f5c\u6210\u65b9\u6cd5\u306f\u6b21\u306e\u3088\u3046\u306b\u306a\u308a\u307e\u3059\u3002<\/p>\n\n\n\n<p class=\"console\">$ cd \/etc\/rspamd\/local.d<br>$ sudo vi multimap.conf<\/p>\n\n\n\n<p class=\"file\"><code>IP_WHITELIST {\n      type = \"ip\";\n      prefilter = \"true\";\n      map = \"${LOCAL_CONFDIR}\/local.d\/ip_whitelist.map\";\n      action = \"accept\";\n}\nWHITELIST_SENDER_DOMAIN {\n      type = \"from\";\n      filter = \"email:domain\";\n      map = \"${LOCAL_CONFDIR}\/local.d\/sender_domain_whitelist.map\";\n      score = -6.0\n}<\/code><\/p>\n\n\n\n<p class=\"console\">$ sudo touch ip_whitelist.map sender_domain_whitelist.map<br>$ sudo chown -R _rspamd:_rspamd .<\/p>\n\n\n\n<p>\u3000\u5f8c\u306f\u3001web \u306e\u7ba1\u7406\u753b\u9762\u3067\u3001\u53d7\u3051\u53d6\u308a\u305f\u3044 IP \u30a2\u30c9\u30ec\u30b9\u306a\u3089\u3001ip_whitelist.map \u3078\u3001\u30c9\u30e1\u30a4\u30f3\u306a\u3089 sender_domain_whitelist.map \u3078\u8ffd\u52a0\u3059\u308c\u3070\u3044\u3044\u3067\u3059\u3002<\/p>\n","protected":false},"excerpt":{"rendered":"<p>\u3000\u306a\u306b\u304b\u5165\u308c\u3066\u304a\u304b\u306a\u3044\u3068\u8ff7\u60d1\u30e1\u30fc\u30eb\u307e\u307f\u308c\u306b\u306a\u308a\u305d\u3046\u306a\u306e\u3067\u3001https:\/\/server-recipe.com\/1533\/ \u3092\u53c2\u8003\u306b\u3001Rspamd \u3092\u52d5\u304b\u3057\u3066\u307f\u307e\u3059\u3002web \u304b\u3089\u306e\u8a2d\u5b9a\u3082\u3067\u304d\u308b\u3088\u3046\u3067\u3059\u3002\u4ee5\u524d\u306f\u3001\u30d9\u30a4\u30b8\u30a2\u30f3\u30d5 [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[8],"tags":[],"class_list":["post-928","post","type-post","status-publish","format-standard","hentry","category-server-config"],"_links":{"self":[{"href":"https:\/\/sirius10.net\/blog\/wordpress\/index.php\/wp-json\/wp\/v2\/posts\/928","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/sirius10.net\/blog\/wordpress\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/sirius10.net\/blog\/wordpress\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/sirius10.net\/blog\/wordpress\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/sirius10.net\/blog\/wordpress\/index.php\/wp-json\/wp\/v2\/comments?post=928"}],"version-history":[{"count":9,"href":"https:\/\/sirius10.net\/blog\/wordpress\/index.php\/wp-json\/wp\/v2\/posts\/928\/revisions"}],"predecessor-version":[{"id":1039,"href":"https:\/\/sirius10.net\/blog\/wordpress\/index.php\/wp-json\/wp\/v2\/posts\/928\/revisions\/1039"}],"wp:attachment":[{"href":"https:\/\/sirius10.net\/blog\/wordpress\/index.php\/wp-json\/wp\/v2\/media?parent=928"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/sirius10.net\/blog\/wordpress\/index.php\/wp-json\/wp\/v2\/categories?post=928"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/sirius10.net\/blog\/wordpress\/index.php\/wp-json\/wp\/v2\/tags?post=928"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}