Skip to content

rspamd: connection issue caused by FirewallLocalProtection

I came across this issue while testing the sieve scripts for learning spam and ham when the user moves mails between folders (#56). To be able to execute /usr/bin/rspamc via dovecot, it was necessary to delete the FirewallLocalProtection as it is executed as the mail user which is neither the apache user nor a privileged one.

Possible solutions discussed with @sunilmohan:

  • modify FirewallLocalProtection to allow the mail user to access protected ports
  • make /usr/bin/rspamc connect through a Unix domain socket and set permissions for the mail user there
  • set suid on /etc/dovecot/sieve/rspamd-learn-{spam,ham}.sh and make it executable for the mail user