Latest DA feature for rspamd WEBUI proxy breaks rspamc

lordlex

Verified User
Joined
Aug 17, 2008
Messages
23
Location
Romania
Hi. Don't know how many of you use rspamd and use it's bundled tools, like rspamc, but I write this just to be found if needed by anyone, and also maybe DA developers will consider implement it in a future release.
I used it from the time it was just a beta in DA and I'm quite happy with it. Also, I used @zEitEr 's plugin for the webui... It is doing a great job and it's highly configurable.

Some versions ago, DA added the webui proxy (https://www.directadmin.com/features.php?id=2757) which it's awesome to have, but the file worker-controller.inc added to /etc/rspamd/local.d is breaking the rspamc tool (https://rspamd.com/doc/quickstart.html#using-rspamc-console-routine), giving a connection error. The tool use network connection to localhost on port 11334.

The solution to solve the problem is to have this lines in the worker-controller.inc file.

Code:
bind_socket = "/var/run/rspamd/rspamd_controller.sock mode=0600 owner=_rspamd";
bind_socket = "localhost:11334";
My worry now is that an update could rewrite it :)

Best regards,
Dan
 

lordlex

Verified User
Joined
Aug 17, 2008
Messages
23
Location
Romania
Hello Martynas. Not really, but I did test it now and for the command:
Code:
rspamc -h localhost:11333 stat
it gives:
Code:
HTTP error: 500, invalid command
The worker used by rspamc is the controller, that usually run on 11334 and, if the worker listen on localhost:11334, it works without the -h argument.

Best regards,
Dan
 

smtalk

Administrator
Staff member
Joined
Aug 22, 2006
Messages
9,305
Location
LT, EU
Okay, for stat the following should work:
Code:
rspamc -h /var/run/rspamd/rspamd_controller.sock stat
If you run it on localhost:11334 (as mentioned in your first post) - any of your customers could view it, and they could even send commands to the controller. With the socket - they can't.
 

lordlex

Verified User
Joined
Aug 17, 2008
Messages
23
Location
Romania
Yes, it works that way, including other commands, like learn_spam. And yes, it is safer like that as it doesn't look like it have any kind of protection.
 
Top