03.05.2022 11:38, Stuart Henderson пишет:
On 2022-05-02, kasak <ka...@kasakoff.net> wrote:
Hello misc!
I have some information for rspamd users, and one question.
As you may know, rspamd not using pyzor by directly calling pyzor binary.
Instead, they say, you need to create special systemd socket, and call
pyzor through it.
It is described on rspamd manuals:
https://rspamd.com/doc/modules/external_services.html#pyzor-specific-details
OpenBSD does not has systemd, but it has inetd.
This is simple way to create socket similar to systemd:
127.0.0.1:5953 stream tcp nowait root
/usr/local/bin/pyzor pyzor check
It actually works, but you may notice, that i'm using "root" here.
I've tried to use _rspamd user, but for some reason it drops an error
rspamd[90054]: <9ef568>; lua; pyzor.lua:134: error parsing response:
ERROR [Errno 13] Permission denied: '/root/.pyzor'.\\0a
Can somebody explain to me, what is happening here? Why socket, runned
as _rspamd try to access root home instead of _rspamd home ?
I bet inetd is not resetting HOME in the environment and just passes through
the environment it was running under itself.
Simplest / most efficient fix is probably to just use pyzor's --homedir flag.
Thanks for clarification! As always, you are absolutely right!
here is working config:
127.0.0.1:5953 stream tcp nowait _rspamd
/usr/local/bin/pyzor pyzor --homedir=/var/rspamd/pyzor check
And of course, maybe someone have an idea how to implement the same for
the razor-agents?
Same but with -home?
rspamd manual assume, that we should use this construction:
ExecStart=/bin/sh -c '/usr/bin/razor-check && /usr/bin/echo -n "spam" ||
/usr/bin/echo -n "ham"'
The razor-check manual confirm this: "razor-check" terminates with exit
value 0 if the signature for the mail is catalogued on the server (spam)
or 1 if the mail is not catalogued by the server (not a spam).
I don't like this construction, and can't even imagine that we can do
the same with inetd.
Maybe i should put all this to some script and call it from inetd, but
i'm not sure it this a good idea or not.