Train the bayesian filter to recognise an email as spam

$ rspamc learn_spam [path/to/email_file]

Train the bayesian filter to recognise an email as ham
$ rspamc learn_ham [path/to/email_file]

Generate a manual report on an email
$ rspamc symbols [path/to/email_file]

Show server statistics
$ rspamc stat


rspamc [options] [command] [input-file]...

rspamc –help


rspamc is a simple rspamd client, primarily for classifying or learning messages. rspamc supports the following commands:

Control commands that modify rspamd state are considered privileged and require a password to be specified with the -P option (see OPTIONS, below, for details).

This depends on a controller's settings and is discussed in the rspamd-workers page (see SEE ALSO, below, for details).

Input files may be either regular file(s) or a directory to scan. If no files are specified rspamc reads from the standard input. Controller commands usually do not accept any input, however learn* and fuzzy* commands requires input.


-h host[:port], --connect=host[:port]

Specify host and port

-P password, --password=password

Specify control password

-c name, --classifier=name

Classifier to learn spam or ham (bayes is used by default)

-w weight, --weight=weight

Weight for fuzzy operations

-f number, --flag=number

Flag for fuzzy operations

-p, --pass

Pass all filters

-v, --verbose

More verbose output

-i ip address, --ip=ip address

Emulate that message was received from specified ip address

-u username, --user=username

Emulate that message was received from specified authenticated user

-d user@domain, --deliver=user@domain

Emulate that message was delivered to specified user (for LDA/statistics)

-F user@domain, --from=user@domain

Emulate that message has specified SMTP FROM address

-r user@domain, --rcpt=user@domain

Emulate that message has specified SMTP RCPT address


Imitate SMTP HELO passing from MTA


Imitate hostname passing from MTA (rspamd assumes that it is verified by MTA)

-t seconds, --timeout=seconds

Timeout for waiting for a reply (can be floating point number, e.g. 0.1)

-b host:port, --bind=host:port

Bind to specified ip address

-j, --json

Output formatted JSON


Output UCL


Output raw data received from rspamd (compacted JSON)


Output HTTP headers from a reply


Output URLs in an extended format, showing full URL, host and the part of host that was used by surbl module (if enabled).

-n parallel_count, --max-requests=parallel_count

Maximum number of requests to rspamd executed in parallel (8 by default)

-e command, --execute=command

Execute the specified command with either mime output (if mime option is also specified) or formatted rspamd output


Output the full mime message instead of scanning results only


Add custom HTTP header for a request. You may specify header in format name=value or just name for an empty header. This option can be repeated multiple times.


Sort output according to a specific field. For counters command the allowed values for this key are name, weight, frequency and hits. Appending :desc to any of these types inverts sorting order.


List available commands


On exit rspamc returns 0 if operation was successful and an error code otherwise.


Check stdin:

rspamc < some_file

Check files:

rspamc symbols file1 file2 file3

Learn files:

rspamc -P pass learn_spam file1 file2 file3

Add fuzzy hash to set 2:

rspamc -P pass -f 2 -w 10 fuzzy_add file1 file2

Delete fuzzy hash from other server:

rspamc -P pass -h hostname:11334 -f 2 fuzzy_del file1 file2

Get statistics:

rspamc stat

Get uptime:

rspamc uptime

Add custom rule's weight:

rspamc add_symbol test 1.5

Add custom action's weight:

rspamc add_action reject 7.1


Rspamd documentation and source code may be downloaded from <>.

Copied to clipboard