Manage Spam Filtering

Monitor and manage rspamd spam filtering for the kup6s.com mail server.

Current Configuration

The mail.kup6s.com rspamd installation includes:

  • Unbound DNS sidecar for recursive RBL lookups

  • Spamhaus ZEN + DBL blocklists (IP and domain-based)

  • Barracuda RBL and Spamcop blocklists

  • rspamd.com remote fuzzy servers for known spam detection

  • Bayes auto-learning with optimized thresholds

  • Scoring thresholds: reject >= 12, add_header >= 5, greylist >= 3

Monitoring Rspamd

Web UI

The rspamd web interface is accessible through the Mailu admin panel or via port-forward:

kubectl port-forward -n mailu deploy/rspamd 11334:11334
# Open http://localhost:11334

The web UI shows:

  • Message processing history

  • Symbol scores and triggered rules

  • Throughput statistics

  • Bayes learning status

Prometheus Metrics

Rspamd exposes metrics on port 11334 that are scraped by Prometheus. View in Grafana at https://grafana.ops.kup6s.net.

Check Statistics

kubectl exec -n mailu deploy/rspamd -c rspamd -- rspamc stat

Verify RBL Functionality

After deployment, verify that DNS-based blocklists are working:

# Test Spamhaus ZEN resolution via Unbound
kubectl exec -n mailu deploy/rspamd -c unbound -- \
  drill @127.0.0.1 2.0.0.127.zen.spamhaus.org

# Verify Kubernetes DNS still works through Unbound
kubectl exec -n mailu deploy/rspamd -c rspamd -- \
  nslookup redis.mailu.svc.cluster.local 127.0.0.1

# Check rspamd configuration
kubectl exec -n mailu deploy/rspamd -c rspamd -- rspamadm configtest

Test Spam Detection

Send a GTUBE test message (guaranteed spam detection):

echo "XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X" | \
  mail -s "Spam Test" test@kup6s.com

Manual Spam Learning

Train rspamd to recognize specific messages:

# Learn a message as spam
kubectl exec -n mailu deploy/rspamd -c rspamd -- \
  rspamc learn_spam < spam_message.eml

# Learn a message as ham (legitimate)
kubectl exec -n mailu deploy/rspamd -c rspamd -- \
  rspamc learn_ham < good_message.eml

Troubleshooting

Too Much Spam Getting Through

  1. Check rspamd logs for RBL lookup errors:

    kubectl logs -n mailu deploy/rspamd -c rspamd | grep -i "rbl\|dns\|error"

  2. Verify Unbound is running:

    kubectl get pods -n mailu -l app.kubernetes.io/component=rspamd
# Should show 2/2 containers ready

  3. Check Bayes learning status:

    kubectl exec -n mailu deploy/rspamd -c rspamd -- rspamc stat | grep "learns"

Legitimate Mail Rejected

  1. Check rspamd web UI for the message’s symbol scores

  2. Consider increasing the reject threshold in the overrides ConfigMap

  3. Whitelist trusted domains if needed

Configuration Source

  • CDK8S Source: generic-charts/cdk8s-mailu/src/constructs/rspamd-construct.ts

  • Overrides ConfigMap: Contains actions.conf, classifier-bayes.conf, fuzzy_check.conf, rbl.conf

  • Unbound Config: generic-charts/cdk8s-mailu/src/constructs/unbound-configmap.ts

  • Deployment Config: dp-infra/mailu/config.yaml