SpamAssassin vs Rspamd – My Findings So Far

[sahostking]

I decided to revisit SpamAssassin today in light of the recent increase in spam issues, just to evaluate how it performs in comparison.

I installed it via da build, and then configured additional rules using the following:

wget https://mcgrail.com/downloads/kam.sa-channels.mcgrail.com.key
sa-update --import kam.sa-channels.mcgrail.com.key
sa-update --gpgkey 24C063D8 --channel kam.sa-channels.mcgrail.com

Additionally, I blocked a known problematic domain (yinoce.com) by adding it to /etc/virtual/blacklist_domains.

I also added the following custom rules to /etc/mail/spamassassin/local.cf:

header HK_GOOGLE_GROUPS exists:X-Google-Group-Id
score HK_GOOGLE_GROUPS 2.5
describe HK_GOOGLE_GROUPS Message sent via Google Groups

dns_server 127.0.0.1
dns_query_restriction deny bl.score.senderscore.com
dns_query_restriction deny sa-trusted.bondedsender.org
dns_query_restriction deny sa-accredit.habeas.com
dns_query_restriction deny zen.spamhaus.org
dns_query_restriction deny multi.uribl.com

score RCVD_IN_ZEN 0
score RCVD_IN_XBL 0
score RCVD_IN_PBL 0

For RBL blocking, I’m handling that at the Exim level instead of within SpamAssassin. I’m also applying strict scoring for authentication failures (SPF, DKIM, and reverse DNS) using:

/etc/exim.easy_spam_fighter/variables.conf.custom

EASY_NO_REVERSE_IP==60
EASY_SPF_FAIL==60
EASY_DKIM_FAIL==60

And for the RBL lists:

/etc/exim.strings.conf.custom

RBL_DNS_LIST==bl.spamcop.net : mail.bl.blocklist.de : bl.spameatingmonkey.net : bl.mailspike.net : b.barracudacentral.org : multi.surbl.org : black.junkemailfilter.com : truncate.gbudb.net

To test effectiveness, I monitored two customer accounts that had been consistently receiving daily spam. Since implementing these changes, both users have reported that they have not received any spam. This is particularly notable given that SpamAssassin is running without greylisting and with minimal customization.

Based on this initial test, SpamAssassin appears to be performing very well out of the box. While Rspamd is often considered more advanced, it seems to require more fine-tuning and symbol configuration to achieve similar results.

I have to admit, the results are somewhat surprising—though it’s possible I’ve simply had a good run so far. I’ll continue monitoring over time to see if this holds up.

 

[petersconsult]

Hello There!
i'm so thankful for this post, as the 2 servers i manage for clients are both suffering a constant mountain of spam..

The last time i tried installing SpamAssassin, it didn't really help..
i'm curious about using those RBLs you mention..

is there a good how-to you could recommend on SpamAssassin configuration?

Also, and most importantly, are your clients not getting to many false-positives? (legit emails marked as spam)
Thank You!

 

[LawsHosting]

I always used SA, but am curious about how Rspamd is any better, if it is........
I don't run servers now, just a VPS for personal stuff.

 

[sahostking]

I’ve updated my original post with additional details based on what I’ve implemented so far.

At this stage, these are just initial tests, but on the server I’m currently using, the results have been excellent—especially when compared to the previous Rspamd setup we had in place. So far, it’s performing very reliably, though I’ll continue monitoring to determine whether any further tuning is required.

If anyone else has experience, suggestions, or alternative approaches, I’d really appreciate the input. Sharing knowledge like this helps improve outcomes for everyone.

Lastly, I’m currently looking into Pigeonhole (Sieve), as it appears it can assist with training the Bayes database and further improving spam detection accuracy. I’ll report back if I see any noticeable improvements after implementing it.

 

[petersconsult]

quick question:
you mention these rules in /etc/mail/spamassassin/local.cf:

dns_query_restriction deny bl.score.senderscore.com
dns_query_restriction deny sa-trusted.bondedsender.org
dns_query_restriction deny sa-accredit.habeas.com
dns_query_restriction deny zen.spamhaus.org
dns_query_restriction deny multi.uribl.com

aren't those RBLs?

Thank You!

EDIT: also, what's the mcgrail thing? just curious.. Thank You!

 

[Richard G]

aren't those RBLs?

Yes but:

For RBL blocking, I’m handling that at the Exim level instead of within SpamAssassin.

As he said:

And for the RBL lists:

/etc/exim.strings.conf.custom

I'm using the same method, out of Spamassin and into the exim.strings.conf.custom because you don't need to use them twice (will cause blocks sooner) and less work for Spamassassin if they are blocked earlier.

EDIT: also, what's the mcgrail thing? just curious.. Thank You!

I'm interested in that answer too.

 

[Richard G]

I had a look on the site and read this:

If you are using a RedHat based Linux distro you can just copy the channel configuration file in the /etc/mail/spamassassin/channel.d/ directory.

But there is no channel.d directory so I created it and put the config file in there.
Will that be taken and updated automatically? Don't I need to activate that "channel.d" directory inclusion in Spamassassin somewhere?

And read this:

The channel update should be run periodically via Cron, with an additional SpamAssassin lint check for safety, running sa-compile (if enabled), and restarting the spamd / MIMEDefang / Amavis services as needed for your environment!

However... if I try to issue that command then:

root#/etc/mail/spamassassin]# sa-compile
Can't exec "re2c": No such file or directory at /usr/bin/sa-compile line 114.
/usr/bin/sa-compile requires re2c for proper operation.

seems the DA Spamassassin installation does not have/use a re2c.

 

[sahostking]

Hi,

Just to clarify a couple of things here:

The /etc/mail/spamassassin/channel.d/ directory won’t be used automatically on most DirectAdmin setups. Simply creating it and dropping the config file there doesn’t enable anything unless SpamAssassin is specifically configured to read from it (which it usually isn’t in DA builds).

On cPanel/WHM systems, KAM rules are commonly already included by default as part of the SpamAssassin/Exim integration, which is why you may see references to them being “just there” without manual setup.

For context, the KAM (mcgrail) rules are a widely used set of additional SpamAssassin rules that focus on detecting common spam patterns. They include checks for things like suspicious headers, encoding tricks, bulk-mail characteristics, and other patterns frequently seen in spam campaigns. They don’t target specific languages directly, but rather the types of content and formatting often associated with spam.

The correct way to enable KAM rules on DirectAdmin is via sa-update, for example:

sa-update --import kam.sa-channels.mcgrail.com.key
sa-update --gpgkey 24C063D8 --channel kam.sa-channels.mcgrail.com

That explicitly registers and pulls the rules, so there’s no need to rely on channel.d.

When you run sa-update, the rules are downloaded into:

/var/lib/spamassassin/

SpamAssassin loads them automatically from there, so no manual placement or inclusion is required.

Regarding sa-compile — the error you’re seeing is because re2c isn’t installed:

Can't exec "re2c": No such file or directory

That’s normal on many DirectAdmin systems. You can either:

Install it (yum install re2c / apt install re2c) and use sa-compile, or
Skip sa-compile entirely (SpamAssassin will still work fine, just slightly less optimized)

So nothing is actually broken in your setup

 

[Richard G]

So nothing is actually broken in your setup

Thank you. I tried again and hen it fails on GPG.

root@server26: /etc/mail/spamassassin]# sa-update --gpgkey 24C063D8 --channel kam.sa-channels.mcgrail.com
gpg: process '/usr/bin/gpg' finished: exit 2
error: GPG validation failed!
The update downloaded successfully, but it was not signed with a trusted GPG
key. Instead, it was signed with the following keys:

24C063D8

Perhaps you need to import the channel's GPG key? For example:


wget https://spamassassin.apache.org/updates/GPG.KEY

sa-update --import GPG.KEY


channel 'kam.sa-channels.mcgrail.com': GPG validation failed, channel failed

So I tried with that wget line to import the GPG key, that goes fine. Then using that command with the gpg key to install again, same error.