Latest DA feature for rspamd WEBUI proxy breaks rspamc

lordlex

Verified User
Joined
Aug 17, 2008
Messages
58
Location
Romania
Hi. Don't know how many of you use rspamd and use it's bundled tools, like rspamc, but I write this just to be found if needed by anyone, and also maybe DA developers will consider implement it in a future release.
I used it from the time it was just a beta in DA and I'm quite happy with it. Also, I used @zEitEr 's plugin for the webui... It is doing a great job and it's highly configurable.

Some versions ago, DA added the webui proxy (https://www.directadmin.com/features.php?id=2757) which it's awesome to have, but the file worker-controller.inc added to /etc/rspamd/local.d is breaking the rspamc tool (https://rspamd.com/doc/quickstart.html#using-rspamc-console-routine), giving a connection error. The tool use network connection to localhost on port 11334.

The solution to solve the problem is to have this lines in the worker-controller.inc file.

Code:
bind_socket = "/var/run/rspamd/rspamd_controller.sock mode=0600 owner=_rspamd";
bind_socket = "localhost:11334";

My worry now is that an update could rewrite it :)

Best regards,
Dan
 
Hello Martynas. Not really, but I did test it now and for the command:
Code:
rspamc -h localhost:11333 stat
it gives:
Code:
HTTP error: 500, invalid command
The worker used by rspamc is the controller, that usually run on 11334 and, if the worker listen on localhost:11334, it works without the -h argument.

Best regards,
Dan
 
Okay, for stat the following should work:
Code:
rspamc -h /var/run/rspamd/rspamd_controller.sock stat

If you run it on localhost:11334 (as mentioned in your first post) - any of your customers could view it, and they could even send commands to the controller. With the socket - they can't.
 
Yes, it works that way, including other commands, like learn_spam. And yes, it is safer like that as it doesn't look like it have any kind of protection.
 
Sorry to bring up an old thread, but somehow might be related.
With SpamAssassin I was running the sa-learn command at user-level, so that the bayes would generate in the user's home folder.
With spamc, if I try to run the command at user level pointing to the sock file, it would still return permissions denied, hence my question is, should I run spamc as root or maybe there is something it could be done about it that I haven't thought of?

Thanks :)
 
Back
Top