Skip to content

Instantly share code, notes, and snippets.

Last active May 19, 2022 07:10
What would you like to do?
Running Rspamd with redis and unbound in Podman

Quick notes on running Rspamd in a Podman pod

This includes three containers:

Ideally, all of this should work in both rootless and rootful mode.

Rspamd DNS configuration

Running all of these in the same pod, the network stack is shared and everything should just work. Except for DNS. Podman likes to mess with DNS configuration and really doesn't let you set as a nameserver (at least I couldn't get it to do that). So you'll have to add explicit configuration in rspamd as explained in Here I'll use as primary and (Cloudflare public DNS) only as a fallback:

dns {
    nameserver = "master-slave:,";

I'll store this in my host's /etc/rspamd/local.d/ file. Rest of the config is up to you (e.g. enabling redis).

Creating the pod

podman pod create --name=rspamd-pod -p # check if you need more ports, this is milter only
podman create --pod=rspamd-pod --name redis redis
podman create --pod=rspamd-pod --name unbound klutchell/unbound
podman create --pod=rspamd-pod --name rspamd --mount type=bind,source=/etc/rspamd/local.d,target=/etc/rspamd/local.d,readonly rayzilt/rspamd

Note: You may want to rebuild the rayzilt/rspamd image to get the latest Rspamd version.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment