mirrors
/
rspamd
mirror of https://github.com/vstakhov/rspamd.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 159 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
11729 Commits
28 Branches
Tree: 85472b4ae1
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '85472b4ae1'
${ noResults }
rspamd/README.md

README.md 10KB
Raw Normal View History

[Minor] Bye, bye travis
7 years ago
Insert build status.
10 years ago
Update readme.
9 years ago
[Doc] Slightly update readme document
8 years ago
Improve readme.
8 years ago
Update readme.
9 years ago
remove trailing space
6 years ago
Servicing changes.
10 years ago
Correct some grammar and formatting in the README.
6 years ago
[Doc] Correct README
7 years ago
Change to a more formal verb. According to ##English "sports" is valid, but too idiomatic and non-formal.
6 years ago
Correct the mis corrections.
6 years ago
Servicing changes.
10 years ago
Correct some grammar and formatting in the README.
6 years ago
[Doc] Slightly update readme document
8 years ago
Correct some grammar and formatting in the README.
6 years ago
[Doc] Slightly update readme document
8 years ago
Improve readme.
8 years ago
Rework README. --HG-- rename : README => README.md
11 years ago
Correct some grammar and formatting in the README.
6 years ago
Rework README. --HG-- rename : README => README.md
11 years ago
Update readme.
9 years ago
remove trailing space
6 years ago
Correct some grammar and formatting in the README.
6 years ago
Rework README. --HG-- rename : README => README.md
11 years ago
Update readme.
9 years ago
Correct some grammar and formatting in the README.
6 years ago
Rework README. --HG-- rename : README => README.md
11 years ago
Correct some grammar and formatting in the README.
6 years ago
Update readme.
9 years ago
Markdown fixes.
11 years ago
Rework README. --HG-- rename : README => README.md
11 years ago
Update readme.
9 years ago
Correct the mis corrections.
6 years ago
Update readme.
9 years ago
Markdown fixes.
11 years ago
Rework README. --HG-- rename : README => README.md
11 years ago
Correct some grammar and formatting in the README.
6 years ago
Rework README. --HG-- rename : README => README.md
11 years ago
Correct some grammar and formatting in the README.
6 years ago
Rework README. --HG-- rename : README => README.md
11 years ago
Correct some grammar and formatting in the README.
6 years ago
Correct the mis corrections.
6 years ago
Correct some grammar and formatting in the README.
6 years ago
Update readme.
9 years ago
Rework README. --HG-- rename : README => README.md
11 years ago
Correct some grammar and formatting in the README.
6 years ago
Rework README. --HG-- rename : README => README.md
11 years ago
Correct some grammar and formatting in the README.
6 years ago
Rework README. --HG-- rename : README => README.md
11 years ago
Correct some grammar and formatting in the README.
6 years ago
Markdown fixes.
11 years ago
Correct some grammar and formatting in the README.
6 years ago
Markdown fixes.
11 years ago
Correct some grammar and formatting in the README.
6 years ago
Improve README.
9 years ago
Fixed minor doc typo.
8 years ago
Improve README.
9 years ago
Correct some grammar and formatting in the README.
6 years ago
[Doc] Correct capitalization (mostly) in README
7 years ago
Improve README.
9 years ago
Correct some grammar and formatting in the README.
6 years ago
Improve README.
9 years ago
Correct some grammar and formatting in the README.
6 years ago
Rework README. --HG-- rename : README => README.md
11 years ago
Correct some grammar and formatting in the README.
6 years ago
Update readme.
9 years ago
Rework README. --HG-- rename : README => README.md
11 years ago
Correct some grammar and formatting in the README.
6 years ago
Update readme.
9 years ago
Rework README. --HG-- rename : README => README.md
11 years ago
Correct some grammar and formatting in the README.
6 years ago
Rework README. --HG-- rename : README => README.md
11 years ago
Correct some grammar and formatting in the README.
6 years ago
Update readme.
9 years ago
Improve readme.
8 years ago
Update readme.
9 years ago
Correct some grammar and formatting in the README.
6 years ago
[Doc] Correct capitalization (mostly) in README
7 years ago
Correct some grammar and formatting in the README.
6 years ago
Fixed minor doc typo.
8 years ago
Update readme.
9 years ago
Fixed minor doc typo.
8 years ago
[Doc] Correct capitalization (mostly) in README
7 years ago
Update readme.
9 years ago
[Doc] Correct capitalization (mostly) in README
7 years ago
Update readme.
9 years ago
Improve README.
9 years ago
Rework README. --HG-- rename : README => README.md
11 years ago
Update readme.
9 years ago
[Doc] Correct README
7 years ago
Update readme.
9 years ago
[Doc] Correct capitalization (mostly) in README
7 years ago
Rework README. --HG-- rename : README => README.md
11 years ago
Fixed minor doc typo.
8 years ago
[Doc] Correct capitalization (mostly) in README
7 years ago
Rework README. --HG-- rename : README => README.md
11 years ago
[Doc] Correct capitalization (mostly) in README
7 years ago
Update readme.
9 years ago
[Doc] Correct capitalization (mostly) in README
7 years ago
Update readme.
9 years ago
 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136 
  1. [![CircleCI](https://circleci.com/gh/vstakhov/rspamd/tree/master.svg?style=svg)](https://circleci.com/gh/vstakhov/rspamd/tree/master)

  2. 

  3. ## Introduction

  4. 

  5. [Rspamd](https://rspamd.com) is an advanced spam filtering system that allows evaluation of messages by a number of

  6. rules including regular expressions, statistical analysis and custom services

  7. such as URL black lists. Each message is analysed by Rspamd and given a `spam score`.

  8. 

  9. According to this spam score and the user's settings, Rspamd recommends an action for

  10. the MTA to apply to the message, for example, to pass, reject or add a header.

  11. Rspamd is designed to process hundreds of messages per second simultaneously, and provides a number of

  12. useful features.

  13. 

  14. You can watch the following [introduction video](https://www.youtube.com/watch?v=_fl9i-az_Q0) from [FOSDEM-2016](http://fosdem.org) where I describe the main features of Rspamd and explain why Rspamd is so fast.

  15. 

  16. Rspamd is [packaged](https://rspamd.com/downloads.html) for the major Linux distributions, and is also available via [FreeBSD ports](https://freshports.org/mail/rspamd), NetBSD [pkgsrc](https://pkgsrc.org) and [OpenBSD ports](http://openports.se/mail/rspamd).

  17. 

  18. ## Spam filtering features

  19. 

  20. The Rspamd distribution contains a number of mail processing features, including such techniques as:

  21. 

  22. * **Regular expressions filtering** - allows basic processing of messages, their textual parts, MIME headers and

  23. SMTP data received by MTA against a set of expressions that includes both normal regular expressions and

  24. message processing functions. Rspamd expressions are a powerful tool that allows to filter messages based on

  25. some pre-defined rules. This feature is similar to regular expressions in the SpamAssassin spam filter.

  26. 

  27. 

  28. * **SPF module** that allows to validate a message's sender against the policy defined in the DNS record of sender's domain. You can read

  29. about SPF policies [here](http://www.openspf.org/). A number of mail systems include SPF support, such as Gmail or Yahoo Mail.

  30. 

  31. 

  32. * **DKIM module** validates a message’s cryptographic signature against a public key placed in the DNS record of sender's domain. Like SPF,

  33. this technique is widely spread and allows to validate that a message is sent from that specific domain.

  34. 

  35. 

  36. * **DNS black lists** allows to estimate reputation of sender's IP address or network. Rspamd uses a number of DNS lists including such lists as

  37. `SORBS` or `Spamhaus`. However, Rspamd doesn't trust any specific DNS list and instead uses a conjunction of estimations that allows to

  38. avoid mistakes and false positives. Rspamd also uses positive and grey DNS lists for checking for trusted senders.

  39. 

  40. 

  41. * **URL black lists** are rather similar to DNS black lists but use URLs in a message to make an estimation of the sender's reputation.

  42. This technique is very useful for finding malicious or phished domains and filter E-mail that contains them.

  43. 

  44. 

  45. * **Statistics** - Rspamd uses a Bayesian classifier based on five-grams of input. This means that the input is estimated not based on individual

  46. words, but instead is organized in chains that are further estimated by the Bayesian classifier. This approach allows to achieve better results than

  47. traditionally used monograms (or words literally speaking), that are described in details in the following [paper](http://osbf-lua.luaforge.net/papers/osbf-eddc.pdf).

  48. 

  49. 

  50. * **Fuzzy hashes** - for checking of malicious mail patterns, Rspamd uses the so called "fuzzy hashes". Unlike normal hashes, these structures are targeted to hide

  51. the small differences between text patterns, allowing it to find similar messages quickly. Rspamd has an internal storage of such hashes and can block mass spam sendings

  52. quickly based on feedback from the user that specifies messages’ reputation. Moreover, this allows to feed Rspamd with data from ["honeypots"](http://en.wikipedia.org/wiki/Honeypot_(computing)#Spam_versions)

  53. without polluting the statistical module.

  54. 

  55. Rspamd uses the conjunction of different techniques to assign the final verdict to a message. This allows to improve the overall quality of filtering, and reduce the number of

  56. false positives (e.g. when an innocent message is badly classified as a spam one). I have tried to simplify Rspamd’s usability by adding the following elements:

  57. 

  58. * **Web interface** - Rspamd is shipped with a fully functional Ajax-based web interface, that allows one to observe Rspamd statistics, to configure rules, weights and lists, to scan

  59. and learn messages, and to view the history of scans. The interface is self-hosted, requires zero configuration and follows the recent web applications standards. You don't need a

  60. web server or applications server to run it - you just need to run Rspamd itself and a web browser.

  61. 

  62. * **Integration with MTAs** - Rspamd can work with the most popular mail transfer systems, such as Postfix, Exim or Sendmail. For Postfix and Sendmail, there is an [`Rmilter` project](https://github.com/vstakhov/rmilter),

  63. whilst for Exim there are several solutions to work with Rspamd. Should you require MTA integration then please consult the [integration guide](https://rspamd.com/doc/integration.html).

  64. 

  65. * **Extensive Lua API** - Rspamd ships with hundreds of [Lua functions](https://rspamd.com/doc/lua) that enable one to write their own rules for efficient and targeted spam filtering.

  66. 

  67. * **Dynamic tables** - Rspamd allows one to specify bulk lists as "dynamic maps", that are checked at runtime for updated data. Rspamd supports file, HTTP and HTTPS maps.

  68. 

  69. ## Performance

  70. 

  71. Rspamd is designed to be fast. The core of Rspamd is written in C and uses an event-driven model that allows it to process multiple messages simultaneously and without blocking.

  72. Moreover, a set of techniques is used in Rspamd to process messages faster:

  73. 

  74. * **Finite state machines processing** - Rspamd uses specialized finite state machines for performance critical tasks to process input faster than a set of regular expressions.

  75. Of course, it is possible to implement these machines by ordinary Perl regular expressions, but then they won't be compact or human-readable. Instead, Rspamd optimizes

  76. such actions as headers processing, received elements extraction, and protocol operations by building the concrete automata for an assigned task.

  77. 

  78. * **Expressions optimizer** - allows Rspamd to optimize expressions by execution of `likely false` or `likely true` expressions in order in the branches. That reduces a number of

  79. expensive expressions' calls when scanning a message.

  80. 

  81. * **Symbols optimizer** - Rspamd tries to first evaluate the rules that are frequent or inexpensive in terms of time or CPU resources. This allows it to block spam before processing of

  82. expensive rules (rules with negative weights are always checked before other ones).

  83. 

  84. * **Event driven model** - Rspamd is designed not to block anywhere in the code, and, given that a spam check requires a lot of network operations, Rspamd can process many messages

  85. simultaneously increasing the efficiency of shared DNS caches and other system resources. Moreover, event-driven system normally scales automatically and you won't need to do any

  86. tuning in the most of cases.

  87. 

  88. * **Hyperscan regular expressions engine** - Rspamd utilizes the [Hyperscan](https://01.org/hyperscan) engine to match multiple regular expressions at the same time. You can read the following [presentation](https://highsecure.ru/rspamd-hyperscan.pdf) where the main benefits of Hyperscan are described.

  89. 

  90. * **Clever choice of data structures** - Rspamd tries to use the optimal data structure for each task. For example, it uses very efficient suffix tries for fast matching of text

  91. against a set of multiple patterns. Or it uses a radix bit trie for storing IP addresses information that provides O(1) access time complexity.

  92. 

  93. ## Extensions

  94. 

  95. Besides its C core, Rspamd provides an extensive [Lua](http://lua.org) API to access almost all the features available directly from C. Lua is an extremely easy

  96. to learn programming language though it is powerful enough to implement complex mail filters. In fact Rspamd has a significant amount of code written completely in Lua such as

  97. DNS blacklists checks, user's settings or different maps implementation. You can also write your own filters and rules in Lua adopting Rspamd functionality to your needs.

  98. Furthermore, Lua programs are very fast and their performance is rather [close](http://attractivechaos.github.io/plb/) to pure C. However, you should mention that for the most

  99. of performance critical tasks you usually use the Rspamd core functionality than Lua code. Anyway, you can also use LuaJIT with Rspamd if your goal is maximum performance.

  100. From the Lua API you can do the following tasks:

  101. 

  102. * **Reading the configuration parameters** - Lua code has the full access to the parsed configuration knobs and you can easily modify your plugins behaviour by means of the main

  103. Rspamd configuration.

  104. 

  105. * **Registering custom filters** - it is more than simple to add your own filters to Rspamd: just add new index to the global variable `rspamd_config`:

  106. 

  107. ~~~lua

  108. rspamd_config.MYFILTER = function(task)

  109. -- Do something

  110. end

  111. ~~~

  112. 

  113. * **Full access to the content of messages** - you can access text parts, headers, SMTP data and so on and so forth by using of `task` object. The full list of methods could be found

  114. [here](https://rspamd.com/doc/lua/task.html).

  115. 

  116. 

  117. * **Pre- and post- filters** - you can register callbacks that are called before or after messages processing to make results more precise or to make some early decision,

  118. for example, to implement a rate limit.

  119. 

  120. * **Registering functions for Rspamd** - you can write your own functions in Lua to extend Rspamd internal expression functions.

  121. 

  122. * **Managing statistics** - Lua scripts can define a set of statistical files to be scanned or learned for a specific message allowing to create more complex

  123. statistical systems, e.g. based on an input language. Moreover, you can even learn Rspamd statistic from Lua scripts.

  124. 

  125. * **Standalone Lua applications** - you can even write your own worker based on Rspamd core and performing some asynchronous logic in Lua. Of course, you can use the

  126. all features from Rspamd core, including such features as non-blocking IO, HTTP client and server, non-blocking Redis client, asynchronous DNS, UCL configuration and so on

  127. and so forth.

  128. 

  129. * **API documentation** - Rspamd Lua API has an [extensive documentation](https://rspamd.com/doc/lua) where you can find examples, references and the guide about how to extend

  130. Rspamd with Lua.

  131. 

  132. 

  133. ## References

  134. 

  135. * Home site: <https://rspamd.com>

  136. * Development: <https://github.com/vstakhov/rspamd>