esac
+# rspamd background. I kept seeing spamassassin at the top of top, and
+# seeming to cause my cpu fans to speed up, and remembered that rspamd
+# was supposed to be more efficient. But the last benchmark I could find
+# was at least 8 years old. so, I did a test of scanning 1 message. It
+# looks like spamassassin is about 3-4x more cpu used according to time,
+# but spamassassin seems to be doing more tests. But, there are other
+# ways to avoid cpu cycles. Most notably, I could do the spam scanning
+# as a network call to a non-laptop machine.
+#
+# rspamd has a lot less documentation than spamassassin. I was trying to
+# figure out something and I had to go to the source code, and then I
+# only figured it out because I knew how spamassassin works. I could
+# imagine that if I had time to be an expert in both, maybe I'd find
+# rspamd to be better, but I don't have time and I'm probably better off
+# learning spamassassin.
+#
+# rspam could still be useful to compare results with spamassassin, and
+# it seems to generally function fine as a spam scanner, so I'm going to
+# leave it installed.
+use_rspamd=false
+
# * Install universal packages
first_spamd_run=true
fi
-# rspamd background. I kept seeing spamassassin at the top of top, and
-# seeming to cause my cpu fans to speed up, and remembered that rspamd
-# was supposed to be more efficient. But the last benchmark I could find
-# was at least 8 years old. so, I did a test of scanning 1 message,
-# systemd-run via my jdo func shows: CPU time consumed: 21ms vs
-# 946ms. Wow, 2.2% cpu use. Ok, switching.
# light version of exim does not have sasl auth support.
# note: for bitfolk hosts, unbound has important config with conflink.
systemctl start spamassassin-maintenance
fi
fi
+if $use_rspamd; then
+ myspam_ser=rspamd
+ else
+ myspam_ser=$spamd_ser
+ fi
if spamd-timer-exists; then
systemctl enable --now spamassassin-maintenance.timer
# * rspamd config
+m usermod -a -G _rspamd $u
+
+## if we wanted to, we could run redis outside the mail nn by adding to
+## its bind config option like this, and then tell rspamd to connect to
+## this address. But it is slightly simpler to not do that.
+
#/a/exe/cedit /etc/redis/redis.conf <<'EOF'
-# redis config is only readable by redis. if we wanted to not do
+# bind 127.0.0.1 -::1 10.173.8.1
+# Note: redis config is only readable by redis. if we wanted to not do
# that for our modifications, we could add this.
# include /etc/redis-local.conf
-
-# if we wanted to, we could run redis outside the mail nn by adding to
-# its bind config option like this, and then tell rspamd to connect to
-# this address. But it is slightly simpler to not do that.
-# bind 127.0.0.1 -::1 10.173.8.1
#EOF
+# to use the web interface without launching a firefox in the network namespace, we would need
+# /etc/rspamd/local.d/worker-controller.inc:
+# bind_socket = "*:11334";
+# secure_ip = "10.173.8.1";
+# secure_ip = "127.0.0.1";
+# secure_ip = "::1";
+
+# but the web interface seems generally not needed.
+
# * spamassassin config
u /etc/sysctl.d/80-iank-mail.conf <<'EOF'
# see exim spec
DEBBUGS_DOMAIN = b.b8.nz
+EOF
+
+if $use_rspamd; then
+ cat >>/etc/exim4/conf.d/main/000_local <<'EOF'
spamd_address = 127.0.0.1 11333 variant=rspamd
EOF
+ fi
if dpkg --compare-versions "$(dpkg-query -f='${Version}\n' --show exim4)" ge 4.94; then
cat >>/etc/exim4/conf.d/main/000_local <<'EOF'
;;&
$MAIL_HOST|bk|je)
# start spamassassin/dovecot before exim.
- sre dovecot rspamd mailtest-check
+ sre dovecot $myspam_ser mailtest-check
# Wait a bit before restarting exim, else I get a paniclog entry
# like: spam acl condition: all spamd servers failed. But I'm tired
# of waiting. I'll deal with this some other way.
iankelling.org / git / distro-setup / commitdiff