Axigen (ai) Insight: Operation and Integration Guide

Axigen (ai) Insight is an AI-powered email analysis Milter bundled with Axigen starting with version 10.7. It connects to your MTA via the Milter protocol and enriches every message with sentiment analysis, threat detection, email summarization, and language detection — injecting results as standard email headers that Axigen processing rules can act on.

Axigen (ai) Insight is available starting with Axigen X7 (10.7.x).

The service is installed but disabled by default — configure an AI backend before starting it.

1. File locations

After installing Axigen 10.7+, the following files are present on your system:

Platform	Binary	Configuration
Linux (DEB / RPM)	`/opt/axigen/bin/axigen-insight`	`/var/opt/axigen/axigen-insight/config.yaml`
Windows	`%ProgramFiles%\Axigen\bin\axigen-insight.exe`	`%ProgramFiles%\Axigen\var\axigen-insight\config.yaml`

The installed config.yaml is the upstream default. Do not edit it directly — package upgrades overwrite it. Create a config.local.yaml in the same directory with only the keys you want to override. Settings in config.local.yaml take precedence over config.yaml.

2. Configuration

2.1 Connecting to Ollama

Ollama is a local AI backend option. Add to your config.local.yaml:

Pull the model on the Ollama server before starting: ollama pull llama3.2. For better accuracy use a 14B+ model such as qwen2.5:14b.

2.2 Connecting to an OpenAI-compatible backend

Axigen (ai) Insight supports any OpenAI-compatible API — vLLM, NVIDIA Developer Cloud, LiteLLM proxy, etc.:

For the NVIDIA Developer Cloud:

Note for reasoning / thinking models (e.g. Qwen3-family): Set json_format: false and disable_keep_alives: true.

2.3 Personalizing the prompts for your organization

The threat detection prompts contain organization-specific placeholders. Replace all four before deploying:

Placeholder	Replace with	Example
`REPLACE_WITH_COMPANY_NAME`	Your company name	`Acme Corporation`
`REPLACE_WITH_YOUR_DOMAIN`	Your mail domain	`acme.com`
`REPLACE_WITH_EXECUTIVE_NAMES`	Key executives with roles	`John Smith (CEO), Jane Doe (CTO)`
`REPLACE_WITH_INDUSTRY`	Your industry	`Software / SaaS`

Copy the full system_message and user_template from config.yaml into config.local.yaml under prompt_templates.combined, then substitute the four values above.

Important: Unfilled placeholders mean the model treats the literal placeholder text as your organization name, making impersonation detection inaccurate.

2.4 Processing rules

Rules let you selectively apply AI analysis — e.g. only process emails addressed to your domain. Rules are disabled by default.

Available rule functions: any_recipient_domain(), all_recipients_domain(), sender_domain(), message_size_gt(), recipient_count_gt(), has_header(). Conditions support AND, OR, NOT, and parentheses.

2.5 Other useful settings

3. Starting the service

Linux (systemd)

The service is installed but disabled on first install:

The service runs as the axigen user, depends on axigen.service, and restarts on failure.

Windows

Or use Services (services.msc). The service is registered as AxigenInsight and depends on the Axigen service.

Manual / testing

The Milter binds on inet:8891@0.0.0.0 by default (milter.bind_address). Metrics and health are on port 9090.

4. Connecting Axigen to Axigen (ai) Insight

4.1 Configure the external filter in Axigen WebAdmin

Go to Security & Filtering → Acceptance & Routing → Advance Settings.
Click Add Acceptance / Routing Rule.
Create a new Acceptance/Routing Rule with a unique name, and under the Actions section, choose Filters → Add Filter.
Set Address: input the connection address of your Axigen (ai) Insight listener (e.g., inet://127.0.0.1:8891).
Activate the filter: create a second rule using the Execute filters action, specifying the name from the previous step.
Enable the filter and save.

4.2 Environment Variable

For WebMail and the Mobile App to display the AI Phishing Analysis and Summaries, the Axigen process must be started with a new environment variable:

export AXI_INSIGHT_TRUST=1

This is configured separately depending on your environments. Follow the instructions from the following documentation: Additional Fine-Tuning via Environment Variables

4.3 Injected headers

After Axigen (ai) Insight processes a message, the following headers are injected:

Header	Values	Description
`X-Axigen-Insight-Sentiment-Analysis`	`POSITIVE` / `NEGATIVE` / `NEUTRAL`	Detected sentiment
`X-Axigen-Insight-Sentiment-Confidence`	`0.00`–`1.00`	Confidence score
`X-Axigen-Insight-Sentiment-Reasoning`	Free text	Brief explanation
`X-Axigen-Insight-Phishing-Analysis`	`SAFE` / `SUSPICIOUS` / `PHISHING` / `SPEAR_PHISHING`	Threat classification
`X-Axigen-Insight-Phishing-Confidence`	`0.00`–`1.00`	Confidence score
`X-Axigen-Insight-Phishing-Indicators`	Comma-separated names	Detected indicators (empty = SAFE)
`X-Axigen-Insight-Phishing-Reasoning`	Free text	Threat explanation
`X-Axigen-Insight-Summary`	Free text (max 200 chars)	AI-generated summary
`X-Axigen-Insight-Content-Language`	BCP 47 tag (e.g. `en`, `ro`)	Detected language

Use these headers in Axigen Processing Rules — for example, route PHISHING messages to quarantine, notify a security team on SPEAR_PHISHING, or flag NEGATIVE sentiment for support workflows.

5. Self-hosted AI backend: vLLM on NVIDIA DGX Spark

If your organization has an NVIDIA DGX Spark (GB10 Superchip), you can run a high-quality LLM locally with no external API dependency and no data leaving your network.

5.1 Prerequisites

NVIDIA DGX Spark (GB10 / Blackwell GPU) with CUDA 13.0+ drivers
Docker with NVIDIA Container Toolkit installed
Model weights downloaded to /data/models (~25 GB for Qwen3.6 35B NVFP4)

5.2 Docker Compose (Qwen3.6 35B — recommended)

Create /root/vllm/docker-compose.yml on the DGX Spark host:

Start the server:

Why --default-chat-template-kwargs enable_thinking: false? The flag disables Qwen3's chain-of-thought reasoning mode server-wide. Reasoning tokens add significant latency and cost without improving classification accuracy for Axigen (ai) Insight's structured JSON tasks.

Key flags reference:

Flag	Purpose
`--enable-prefix-caching`	Caches KV for repeated system prompts; reduces latency on subsequent requests
`--kv-cache-dtype fp8`	8-bit KV cache; saves VRAM with native Blackwell support
`--reasoning-parser qwen3`	Separates `<think>` blocks from content in API responses
`--moe_backend flashinfer_cutlass`	NVFP4-optimized MoE backend for GB10
`--max-model-len 131072`	128K token context window

5.3 Connect Axigen (ai) Insight to vLLM

On the Axigen server, add to config.local.yaml:

6. Health check and metrics

Axigen (ai) Insight exposes a health endpoint and Prometheus metrics on port 9090 (configurable via monitoring.port):

7. Troubleshooting

Symptom	Likely cause	Resolution
Service fails to start	AI backend not reachable	Verify `base_url` is accessible from the Axigen server: `curl http://<backend>/health`
No analysis headers on messages	Milter not connected, or processing rules skip all mail	Check WebAdmin External Filters; if `default_action: skip`, verify at least one rule matches your traffic
All emails classified as SAFE	Organization placeholders not replaced in prompt	Fill in all four `REPLACE_WITH_*` values in `config.local.yaml` under `prompt_templates`
High latency (5–30s per message)	Thinking/reasoning mode enabled, or model too large	Set `think: false`; consider a smaller or faster model
Circuit breaker open (in logs)	Backend returning repeated errors	Check backend logs; circuit breaker resets automatically after 60 seconds
JSON parse errors in logs	Reasoning model returning tokens outside JSON structure	Set `json_format: false` and ensure thinking mode is disabled
`axigen-insight` not starting after install	Service is disabled by design on first install	Configure backend in `config.local.yaml`, then `systemctl enable --now axigen-insight`