Tuesday, May 03, 2022

Re: rspamd and pyzor

03.05.2022 11:38, Stuart Henderson пишет:
> On 2022-05-02, kasak <kasak@kasakoff.net> wrote:
>> Hello misc!
>>
>> I have some information for rspamd users, and one question.
>>
>> As you may know, rspamd not using pyzor by directly calling pyzor binary.
>>
>> Instead, they say, you need to create special systemd socket, and call
>> pyzor through it.
>>
>> It is described on rspamd manuals:
>> https://rspamd.com/doc/modules/external_services.html#pyzor-specific-details
>>
>> OpenBSD does not has systemd, but it has inetd.
>>
>> This is simple way to create socket similar to systemd:
>>
>> 127.0.0.1:5953    stream    tcp    nowait    root
>> /usr/local/bin/pyzor    pyzor check
>>
>> It actually works, but you may notice, that i'm using "root" here.
>>
>> I've tried to use _rspamd user, but for some reason it drops an error
>>
>> rspamd[90054]: <9ef568>; lua; pyzor.lua:134: error parsing response:
>> ERROR [Errno 13] Permission denied: '/root/.pyzor'.\\0a
>>
>> Can somebody explain to me, what is happening here? Why socket, runned
>> as _rspamd try to access root home instead of _rspamd home ?
> I bet inetd is not resetting HOME in the environment and just passes through
> the environment it was running under itself.
>
> Simplest / most efficient fix is probably to just use pyzor's --homedir flag.

Thanks for clarification! As always, you are absolutely right!

here is working config:

127.0.0.1:5953    stream    tcp    nowait    _rspamd
/usr/local/bin/pyzor    pyzor --homedir=/var/rspamd/pyzor check

>
>> And of course, maybe someone have an idea how to implement the same for
>> the razor-agents?
> Same but with -home?
>
rspamd manual assume, that we should use this construction:

ExecStart=/bin/sh -c '/usr/bin/razor-check && /usr/bin/echo -n "spam" ||
/usr/bin/echo -n "ham"'

The razor-check manual confirm this: "razor-check" terminates with exit
value 0 if the signature for the mail is catalogued on the server (spam)
or 1 if the mail is not catalogued by the server (not a spam).

I don't like this construction, and can't even imagine that we can do
the same with inetd.

Maybe i should put all this to some script and call it from inetd, but
i'm not sure it this a good idea or not.

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)