SpamAssassin vs Rspamd – My Findings So Far

[sahostking]

I decided to revisit SpamAssassin today in light of the recent increase in spam issues, just to evaluate how it performs in comparison.

I installed it via da build, and then configured additional rules using the following:

wget https://mcgrail.com/downloads/kam.sa-channels.mcgrail.com.key
sa-update --import kam.sa-channels.mcgrail.com.key
sa-update --gpgkey 24C063D8 --channel kam.sa-channels.mcgrail.com

Additionally, I blocked a known problematic domain (yinoce.com) by adding it to /etc/virtual/blacklist_domains.

I also added the following custom rules to /etc/mail/spamassassin/local.cf:

header HK_GOOGLE_GROUPS exists:X-Google-Group-Id
score HK_GOOGLE_GROUPS 2.5
describe HK_GOOGLE_GROUPS Message sent via Google Groups

dns_server 127.0.0.1
dns_query_restriction deny bl.score.senderscore.com
dns_query_restriction deny sa-trusted.bondedsender.org
dns_query_restriction deny sa-accredit.habeas.com
dns_query_restriction deny zen.spamhaus.org
dns_query_restriction deny multi.uribl.com

score RCVD_IN_ZEN 0
score RCVD_IN_XBL 0
score RCVD_IN_PBL 0

For RBL blocking, I’m handling that at the Exim level instead of within SpamAssassin. I’m also applying strict scoring for authentication failures (SPF, DKIM, and reverse DNS) using:

/etc/exim.easy_spam_fighter/variables.conf.custom

EASY_NO_REVERSE_IP==60
EASY_SPF_FAIL==60
EASY_DKIM_FAIL==60

And for the RBL lists:

/etc/exim.strings.conf.custom

RBL_DNS_LIST==bl.spamcop.net : mail.bl.blocklist.de : bl.spameatingmonkey.net : bl.mailspike.net : b.barracudacentral.org : multi.surbl.org : black.junkemailfilter.com : truncate.gbudb.net

To test effectiveness, I monitored two customer accounts that had been consistently receiving daily spam. Since implementing these changes, both users have reported that they have not received any spam. This is particularly notable given that SpamAssassin is running without greylisting and with minimal customization.

Based on this initial test, SpamAssassin appears to be performing very well out of the box. While Rspamd is often considered more advanced, it seems to require more fine-tuning and symbol configuration to achieve similar results.

I have to admit, the results are somewhat surprising—though it’s possible I’ve simply had a good run so far. I’ll continue monitoring over time to see if this holds up.

 

[petersconsult]

Hello There!
i'm so thankful for this post, as the 2 servers i manage for clients are both suffering a constant mountain of spam..

The last time i tried installing SpamAssassin, it didn't really help..
i'm curious about using those RBLs you mention..

is there a good how-to you could recommend on SpamAssassin configuration?

Also, and most importantly, are your clients not getting to many false-positives? (legit emails marked as spam)
Thank You!

 

[LawsHosting]

I always used SA, but am curious about how Rspamd is any better, if it is........
I don't run servers now, just a VPS for personal stuff.

 

[sahostking]

I’ve updated my original post with additional details based on what I’ve implemented so far.

At this stage, these are just initial tests, but on the server I’m currently using, the results have been excellent—especially when compared to the previous Rspamd setup we had in place. So far, it’s performing very reliably, though I’ll continue monitoring to determine whether any further tuning is required.

If anyone else has experience, suggestions, or alternative approaches, I’d really appreciate the input. Sharing knowledge like this helps improve outcomes for everyone.

Lastly, I’m currently looking into Pigeonhole (Sieve), as it appears it can assist with training the Bayes database and further improving spam detection accuracy. I’ll report back if I see any noticeable improvements after implementing it.

 

[petersconsult]

quick question:
you mention these rules in /etc/mail/spamassassin/local.cf:

dns_query_restriction deny bl.score.senderscore.com
dns_query_restriction deny sa-trusted.bondedsender.org
dns_query_restriction deny sa-accredit.habeas.com
dns_query_restriction deny zen.spamhaus.org
dns_query_restriction deny multi.uribl.com

aren't those RBLs?

Thank You!

EDIT: also, what's the mcgrail thing? just curious.. Thank You!

 

[Richard G]

aren't those RBLs?

Yes but:

For RBL blocking, I’m handling that at the Exim level instead of within SpamAssassin.

As he said:

And for the RBL lists:

/etc/exim.strings.conf.custom

I'm using the same method, out of Spamassin and into the exim.strings.conf.custom because you don't need to use them twice (will cause blocks sooner) and less work for Spamassassin if they are blocked earlier.

EDIT: also, what's the mcgrail thing? just curious.. Thank You!

I'm interested in that answer too.

 

[Richard G]

I had a look on the site and read this:

If you are using a RedHat based Linux distro you can just copy the channel configuration file in the /etc/mail/spamassassin/channel.d/ directory.

But there is no channel.d directory so I created it and put the config file in there.
Will that be taken and updated automatically? Don't I need to activate that "channel.d" directory inclusion in Spamassassin somewhere?

And read this:

The channel update should be run periodically via Cron, with an additional SpamAssassin lint check for safety, running sa-compile (if enabled), and restarting the spamd / MIMEDefang / Amavis services as needed for your environment!

However... if I try to issue that command then:

root#/etc/mail/spamassassin]# sa-compile
Can't exec "re2c": No such file or directory at /usr/bin/sa-compile line 114.
/usr/bin/sa-compile requires re2c for proper operation.

seems the DA Spamassassin installation does not have/use a re2c.