SpamAssassin vs Rspamd – My Findings So Far

[sahostking]

I decided to revisit SpamAssassin today in light of the recent increase in spam issues, just to evaluate how it performs in comparison.

I installed it via da build, and then configured additional rules using the following:

wget https://mcgrail.com/downloads/kam.sa-channels.mcgrail.com.key
sa-update --import kam.sa-channels.mcgrail.com.key
sa-update --gpgkey 24C063D8 --channel kam.sa-channels.mcgrail.com

Additionally, I blocked a known problematic domain (yinoce.com) by adding it to /etc/virtual/blacklist_domains.

I also added the following custom rules to /etc/mail/spamassassin/local.cf:

header HK_GOOGLE_GROUPS exists:X-Google-Group-Id
score HK_GOOGLE_GROUPS 2.5
describe HK_GOOGLE_GROUPS Message sent via Google Groups

dns_server 127.0.0.1
dns_query_restriction deny bl.score.senderscore.com
dns_query_restriction deny sa-trusted.bondedsender.org
dns_query_restriction deny sa-accredit.habeas.com
dns_query_restriction deny zen.spamhaus.org
dns_query_restriction deny multi.uribl.com

score RCVD_IN_ZEN 0
score RCVD_IN_XBL 0
score RCVD_IN_PBL 0

For RBL blocking, I’m handling that at the Exim level instead of within SpamAssassin. I’m also applying strict scoring for authentication failures (SPF, DKIM, and reverse DNS) using:

/etc/exim.easy_spam_fighter/variables.conf.custom

EASY_NO_REVERSE_IP==60
EASY_SPF_FAIL==60
EASY_DKIM_FAIL==60

And for the RBL lists:

/etc/exim.strings.conf.custom

RBL_DNS_LIST==bl.spamcop.net : mail.bl.blocklist.de : bl.spameatingmonkey.net : bl.mailspike.net : b.barracudacentral.org : multi.surbl.org : black.junkemailfilter.com : truncate.gbudb.net

To test effectiveness, I monitored two customer accounts that had been consistently receiving daily spam. Since implementing these changes, both users have reported that they have not received any spam. This is particularly notable given that SpamAssassin is running without greylisting and with minimal customization.

Based on this initial test, SpamAssassin appears to be performing very well out of the box. While Rspamd is often considered more advanced, it seems to require more fine-tuning and symbol configuration to achieve similar results.

I have to admit, the results are somewhat surprising—though it’s possible I’ve simply had a good run so far. I’ll continue monitoring over time to see if this holds up.

 

[petersconsult]

Hello There!
i'm so thankful for this post, as the 2 servers i manage for clients are both suffering a constant mountain of spam..

The last time i tried installing SpamAssassin, it didn't really help..
i'm curious about using those RBLs you mention..

is there a good how-to you could recommend on SpamAssassin configuration?

Also, and most importantly, are your clients not getting to many false-positives? (legit emails marked as spam)
Thank You!

 

[LawsHosting]

I always used SA, but am curious about how Rspamd is any better, if it is........
I don't run servers now, just a VPS for personal stuff.

 

[sahostking]

I’ve updated my original post with additional details based on what I’ve implemented so far.

At this stage, these are just initial tests, but on the server I’m currently using, the results have been excellent—especially when compared to the previous Rspamd setup we had in place. So far, it’s performing very reliably, though I’ll continue monitoring to determine whether any further tuning is required.

If anyone else has experience, suggestions, or alternative approaches, I’d really appreciate the input. Sharing knowledge like this helps improve outcomes for everyone.

Lastly, I’m currently looking into Pigeonhole (Sieve), as it appears it can assist with training the Bayes database and further improving spam detection accuracy. I’ll report back if I see any noticeable improvements after implementing it.