From 769e2fc8b0d629a19759e3d23064e11ddf14ce77 Mon Sep 17 00:00:00 2001 From: Ian Kelling Date: Mon, 8 Jul 2024 14:08:51 -0400 Subject: [PATCH] disable rspamd but have a variable to turn it back on --- mail-setup | 62 +++++++++++++++++++++++++++++++++++++++----------- mailtest-check | 23 +++++++++++-------- 2 files changed, 62 insertions(+), 23 deletions(-) diff --git a/mail-setup b/mail-setup index 9ad7eea..dcda9e9 100755 --- a/mail-setup +++ b/mail-setup @@ -439,6 +439,27 @@ case $HOSTNAME in esac +# rspamd background. I kept seeing spamassassin at the top of top, and +# seeming to cause my cpu fans to speed up, and remembered that rspamd +# was supposed to be more efficient. But the last benchmark I could find +# was at least 8 years old. so, I did a test of scanning 1 message. It +# looks like spamassassin is about 3-4x more cpu used according to time, +# but spamassassin seems to be doing more tests. But, there are other +# ways to avoid cpu cycles. Most notably, I could do the spam scanning +# as a network call to a non-laptop machine. +# +# rspamd has a lot less documentation than spamassassin. I was trying to +# figure out something and I had to go to the source code, and then I +# only figured it out because I knew how spamassassin works. I could +# imagine that if I had time to be an expert in both, maybe I'd find +# rspamd to be better, but I don't have time and I'm probably better off +# learning spamassassin. +# +# rspam could still be useful to compare results with spamassassin, and +# it seems to generally function fine as a spam scanner, so I'm going to +# leave it installed. +use_rspamd=false + # * Install universal packages @@ -467,12 +488,6 @@ if ! spamd-timer-exists; then first_spamd_run=true fi -# rspamd background. I kept seeing spamassassin at the top of top, and -# seeming to cause my cpu fans to speed up, and remembered that rspamd -# was supposed to be more efficient. But the last benchmark I could find -# was at least 8 years old. so, I did a test of scanning 1 message, -# systemd-run via my jdo func shows: CPU time consumed: 21ms vs -# 946ms. Wow, 2.2% cpu use. Ok, switching. # light version of exim does not have sasl auth support. # note: for bitfolk hosts, unbound has important config with conflink. @@ -488,6 +503,11 @@ elif $first_spamd_run; then systemctl start spamassassin-maintenance fi fi +if $use_rspamd; then + myspam_ser=rspamd + else + myspam_ser=$spamd_ser + fi if spamd-timer-exists; then systemctl enable --now spamassassin-maintenance.timer @@ -986,17 +1006,28 @@ fi # * rspamd config +m usermod -a -G _rspamd $u + +## if we wanted to, we could run redis outside the mail nn by adding to +## its bind config option like this, and then tell rspamd to connect to +## this address. But it is slightly simpler to not do that. + #/a/exe/cedit /etc/redis/redis.conf <<'EOF' -# redis config is only readable by redis. if we wanted to not do +# bind 127.0.0.1 -::1 10.173.8.1 +# Note: redis config is only readable by redis. if we wanted to not do # that for our modifications, we could add this. # include /etc/redis-local.conf - -# if we wanted to, we could run redis outside the mail nn by adding to -# its bind config option like this, and then tell rspamd to connect to -# this address. But it is slightly simpler to not do that. -# bind 127.0.0.1 -::1 10.173.8.1 #EOF +# to use the web interface without launching a firefox in the network namespace, we would need +# /etc/rspamd/local.d/worker-controller.inc: +# bind_socket = "*:11334"; +# secure_ip = "10.173.8.1"; +# secure_ip = "127.0.0.1"; +# secure_ip = "::1"; + +# but the web interface seems generally not needed. + # * spamassassin config u /etc/sysctl.d/80-iank-mail.conf <<'EOF' # see exim spec @@ -1493,8 +1524,13 @@ acl_not_smtp = acl_check_not_smtp DEBBUGS_DOMAIN = b.b8.nz +EOF + +if $use_rspamd; then + cat >>/etc/exim4/conf.d/main/000_local <<'EOF' spamd_address = 127.0.0.1 11333 variant=rspamd EOF + fi if dpkg --compare-versions "$(dpkg-query -f='${Version}\n' --show exim4)" ge 4.94; then cat >>/etc/exim4/conf.d/main/000_local <<'EOF' @@ -4108,7 +4144,7 @@ case $HOSTNAME in ;;& $MAIL_HOST|bk|je) # start spamassassin/dovecot before exim. - sre dovecot rspamd mailtest-check + sre dovecot $myspam_ser mailtest-check # Wait a bit before restarting exim, else I get a paniclog entry # like: spam acl condition: all spamd servers failed. But I'm tired # of waiting. I'll deal with this some other way. diff --git a/mailtest-check b/mailtest-check index 7fc8420..7ffa90a 100755 --- a/mailtest-check +++ b/mailtest-check @@ -180,7 +180,16 @@ spamc-process() { #### begin arg processing #### -do_spama=false +# choose between rspamd and spamassassin +use_rspamd=false +if $use_rspamd; then + spamd_ser=rspamd +else + spamd_ser=spamd + if systemctl cat spamassassin &>/dev/null; then + spamd_ser=spamassassin + fi +fi # spamassassin checking takes about 8 seconds. slow=false @@ -215,12 +224,6 @@ fi maini=0 -# spamd_ser=spamd -# if systemctl cat spamassassin &>/dev/null; then -# spamd_ser=spamassassin -# fi -spamd_ser=rspamd - source /a/bin/bash_unpublished/source-state doprom=false @@ -337,10 +340,10 @@ EOF # rspamc, i might need to pass --helo=helo_string to avoid # hostname_unknown result. - if $do_spama; then - spamc-process - else + if $use_rspamd; then rspamc-process + else + spamc-process fi if (( ${#results[@]} || ${#missing[@]} )); then -- 2.30.2