rspamd: connection issue caused by FirewallLocalProtection
I came across this issue while testing the sieve scripts for learning spam and ham when the user moves mails between folders (#56). To be able to execute /usr/bin/rspamc via dovecot, it was necessary to delete the FirewallLocalProtection as it is executed as the mail user which is neither the apache user nor a privileged one.
Possible solutions discussed with @sunilmohan:
- modify FirewallLocalProtection to allow the mail user to access protected ports
- make
/usr/bin/rspamc
connect through a Unix domain socket and set permissions for the mail user there - set suid on /etc/dovecot/sieve/rspamd-learn-{spam,ham}.sh and make it executable for the mail user