diff --git a/bundles/rspamd/files/ip_whitelist.map b/bundles/rspamd/files/ip_whitelist.map
new file mode 100644
index 0000000..74b0d95
--- /dev/null
+++ b/bundles/rspamd/files/ip_whitelist.map
@@ -0,0 +1,3 @@
+% for ip in sorted(node.metadata.get('rspamd/ignore_spam_check_for_ips', set())):
+${ip}
+% endfor
diff --git a/bundles/rspamd/files/local.d/classifier-bayes.conf b/bundles/rspamd/files/local.d/classifier-bayes.conf
new file mode 100644
index 0000000..e3dd51a
--- /dev/null
+++ b/bundles/rspamd/files/local.d/classifier-bayes.conf
@@ -0,0 +1 @@
+backend = "redis";
diff --git a/bundles/rspamd/files/local.d/logging.inc b/bundles/rspamd/files/local.d/logging.inc
new file mode 100644
index 0000000..01dc2c4
--- /dev/null
+++ b/bundles/rspamd/files/local.d/logging.inc
@@ -0,0 +1,2 @@
+systemd = true;
+type = "console";
diff --git a/bundles/rspamd/files/local.d/milter_headers.conf b/bundles/rspamd/files/local.d/milter_headers.conf
new file mode 100644
index 0000000..73bc830
--- /dev/null
+++ b/bundles/rspamd/files/local.d/milter_headers.conf
@@ -0,0 +1,2 @@
+use = ["x-spamd-bar", "x-spam-level", "authentication-results"];
+authenticated_headers = ["authentication-results"];
diff --git a/bundles/rspamd/files/local.d/multimap.conf b/bundles/rspamd/files/local.d/multimap.conf
new file mode 100644
index 0000000..66935ea
--- /dev/null
+++ b/bundles/rspamd/files/local.d/multimap.conf
@@ -0,0 +1,6 @@
+IP_WHITELIST {
+    type = "ip";
+    prefilter = true;
+    map = "/etc/rspamd/local.d/ip_whitelist.map";
+    action = "accept";
+}
diff --git a/bundles/rspamd/files/local.d/redis.conf b/bundles/rspamd/files/local.d/redis.conf
new file mode 100644
index 0000000..5a9c582
--- /dev/null
+++ b/bundles/rspamd/files/local.d/redis.conf
@@ -0,0 +1 @@
+servers = "127.0.0.1";
diff --git a/bundles/rspamd/files/local.d/worker-normal.inc b/bundles/rspamd/files/local.d/worker-normal.inc
new file mode 100644
index 0000000..e26e6b8
--- /dev/null
+++ b/bundles/rspamd/files/local.d/worker-normal.inc
@@ -0,0 +1 @@
+bind_socket = "localhost:11333";
diff --git a/bundles/rspamd/files/local.d/worker-proxy.inc b/bundles/rspamd/files/local.d/worker-proxy.inc
new file mode 100644
index 0000000..e49b3ec
--- /dev/null
+++ b/bundles/rspamd/files/local.d/worker-proxy.inc
@@ -0,0 +1,7 @@
+bind_socket = "localhost:11332";
+milter = yes;
+timeout = 120s;
+upstream "local" {
+    default = yes;
+    self_scan = yes;
+}
diff --git a/bundles/rspamd/files/override.d/antivirus.conf b/bundles/rspamd/files/override.d/antivirus.conf
new file mode 100644
index 0000000..5dd7791
--- /dev/null
+++ b/bundles/rspamd/files/override.d/antivirus.conf
@@ -0,0 +1,6 @@
+clamav {
+    servers = "/run/clamav/clamd.ctl";
+    action = "reject";
+    type = "clamav";
+    symbol = "CLAM_VIRUS";
+}
diff --git a/bundles/rspamd/files/worker-controller.inc b/bundles/rspamd/files/worker-controller.inc
new file mode 100644
index 0000000..44ede52
--- /dev/null
+++ b/bundles/rspamd/files/worker-controller.inc
@@ -0,0 +1 @@
+password = "${node.metadata.get('rspamd/web_password')}";
diff --git a/bundles/rspamd/items.py b/bundles/rspamd/items.py
index e69de29..2b35a17 100644
--- a/bundles/rspamd/items.py
+++ b/bundles/rspamd/items.py
@@ -0,0 +1,66 @@
+from os import listdir
+from os.path import join
+
+repo.libs.tools.require_bundle(node, 'redis', 'rspamd does not work without a redis cache')
+
+directories = {
+    '/etc/rspamd/local.d': {
+        'purge': True,
+        'needs': {
+            'pkg_apt:rspamd',
+        },
+        'triggers': {
+            'svc_systemd:rspamd:restart',
+        },
+    },
+    '/etc/rspamd/override.d': {
+        'purge': True,
+        'needs': {
+            'pkg_apt:rspamd',
+        },
+        'triggers': {
+            'svc_systemd:rspamd:restart',
+        },
+    },
+}
+
+files = {
+    '/etc/rspamd/local.d/ip_whitelist.map': {
+        'content_type': 'mako',
+        'triggers': {
+            'svc_systemd:rspamd:restart',
+        },
+    },
+    '/etc/rspamd/local.d/worker-controller.inc': {
+        'content_type': 'mako',
+        'triggers': {
+            'svc_systemd:rspamd:restart',
+        },
+    }
+}
+
+local_config_path = join(repo.path, 'bundles', 'rspamd', 'files', 'local.d')
+for f in listdir(local_config_path):
+    files[f'/etc/rspamd/local.d/{f}'] = {
+        'source': f'local.d/{f}',
+        'triggers': {
+            'svc_systemd:rspamd:restart',
+        },
+    }
+
+override_config_path = join(repo.path, 'bundles', 'rspamd', 'files', 'override.d')
+for f in listdir(override_config_path):
+    files[f'/etc/rspamd/override.d/{f}'] = {
+        'source': f'override.d/{f}',
+        'triggers': {
+            'svc_systemd:rspamd:restart',
+        },
+    }
+
+svc_systemd = {
+    'rspamd': {
+        'needs': {
+            'pkg_apt:rspamd',
+        },
+    },
+}
diff --git a/bundles/rspamd/metadata.py b/bundles/rspamd/metadata.py
index 9d7e2c6..acb38c6 100644
--- a/bundles/rspamd/metadata.py
+++ b/bundles/rspamd/metadata.py
@@ -1,7 +1,15 @@
 defaults = {
     'apt': {
         'packages': {
+            'clamav': {},
+            'clamav-daemon': {},
+            'clamav-freshclam': {},
+            'clamav-unofficial-sigs': {}, 
             'rspamd': {},
         },
     },
-} 
+    'rspamd': {
+        'web_password': repo.vault.password_for(node.name + ' rspamd web password'),
+        'ignore_spam_check_for_ips': [],
+    },
+}