rspamd log - where to look for?

Started by Taym, February 08, 2021, 06:10:19 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
February 08, 2021, 06:10:19 PM Last Edit: February 08, 2021, 06:59:43 PM by Taym
Hello all,

It's great to be here. I've been using opnSense for few months now, quite satisfactorily.

I've recently added Postfix+rspamd. All seems to be working OK, but I wonder how effective is rspamd. Or, at least I'd like to see what rspamd is doing. But, I can't seem to find where.

Is there a log I can check? If so, where is it?
Should I look into the Postfix log instead, and, if so, what would I be looking for in it?

Thank you!
Taym
February 08, 2021, 09:21:27 PM #1 Last Edit: February 08, 2021, 09:23:20 PM by Bismarck
Hello you, there is a handy WebGUI for Rspamd, but its hidden and you need to tinker a bit to make it visible.

1. First you need to create a file in

/usr/local/etc/rspamd/override.d/worker-controller.inc

with this:
Quotebind_socket = "*:11334";

2. restart rspamd, now the WebGUI should be reachable via

http://192.168.100.1:11334 (IP should the LAN IP of your firewall)

https://rspamd.com/webui/

3. If you like a nice Link in the service section of the WebUI, create another file in:

/usr/local/opnsense/mvc/app/models/OPNsense/Links/Menu/Menu.xml (missing folders must be created)

with this content:
Quote<menu>
    <Services>
        <Rspamd-Web VisibleName="Rspamd Web" cssClass="fa fa-envelope fa-fw" isExternal="Y" url="http://192.168.100.1:11334/" />
    </Services>
</menu>
(same here, IP should the LAN IP of your firewall)

now execute following command in the shell:

Quote/usr/local/etc/rc.configure_plugins

4 . Refresh your browser, there should now be a link in services like here:



5. Or just tail the rspamd log

Quotetail -f /var/log/rspamd/rspamd.log

Hope that was helpful. ;)
February 08, 2021, 10:00:18 PM #2 Last Edit: February 09, 2021, 01:25:51 AM by Taym
Thank you so much!
(I wonder why isn't the WebGUI acrive by default?)
Taym
February 09, 2021, 01:25:05 AM #3
Quote from: Taym on February 08, 2021, 10:00:18 PM
Thank you so much!
(I wonder why isn't the WebGUI acrive by default?)

Thanks again.

Is this the file? I'm asking because it is in a different location than you indicated.

Thanks!
Taym
February 09, 2021, 08:06:22 AM #4
Quote from: Taym on February 08, 2021, 10:00:18 PM
Thank you so much!
(I wonder why isn't the WebGUI acrive by default?)
Good question, tbh I don't know.
February 09, 2021, 08:07:44 AM #5
Quote from: Taym on February 09, 2021, 01:25:05 AM
Thanks again.

Is this the file? I'm asking because it is in a different location than you indicated.

Thanks!

Just create that folder override.d

https://rspamd.com/doc/faq.html#what-are-the-locald-and-overrided-directories
February 09, 2021, 09:06:20 AM #6
Quote from: Bismarck on February 09, 2021, 08:07:44 AM
Just create that folder override.d

https://rspamd.com/doc/faq.html#what-are-the-locald-and-overrided-directories

Thanks again. Super useful resources.
After reading that, I may try to create the additional config file in local.d, then, so that new configuration is merged with the original one that apparently already exist.

Thanks for your help!
Taym
February 09, 2021, 02:35:26 PM #7
So, I got it to work! :)
I also had to edit  /usr/local/etc/rspamd/worker-controller.inc to add few secure_ip s to connect to.

And, so, it looks rspamd is actually NOT scanning anything :D I must have misconfigured postfix<->rspamd integration.

So, one more step to go. I'll open another post on this.
Taym
Print
Go Up Pages1
User actions