Skip to content

Instantly share code, notes, and snippets.

@klausbrunner
Last active May 19, 2022 07:10
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save klausbrunner/9ef70466538507fabbad56c737c43af0 to your computer and use it in GitHub Desktop.
Save klausbrunner/9ef70466538507fabbad56c737c43af0 to your computer and use it in GitHub Desktop.
Running Rspamd with redis and unbound in Podman

Quick notes on running Rspamd in a Podman pod

This includes three containers:

Ideally, all of this should work in both rootless and rootful mode.

Rspamd DNS configuration

Running all of these in the same pod, the network stack is shared and everything should just work. Except for DNS. Podman likes to mess with DNS configuration and really doesn't let you set 127.0.0.1 as a nameserver (at least I couldn't get it to do that). So you'll have to add explicit configuration in rspamd as explained in https://rspamd.com/doc/configuration/options.html. Here I'll use 127.0.0.1 as primary and 1.1.1.1 (Cloudflare public DNS) only as a fallback:

dns {
    nameserver = "master-slave:127.0.0.1,1.1.1.1";
}

I'll store this in my host's /etc/rspamd/local.d/options.inc file. Rest of the config is up to you (e.g. enabling redis).

Creating the pod

podman pod create --name=rspamd-pod -p 127.0.0.1:11332:11332/tcp # check if you need more ports, this is milter only
podman create --pod=rspamd-pod --name redis redis
podman create --pod=rspamd-pod --name unbound klutchell/unbound
podman create --pod=rspamd-pod --name rspamd --mount type=bind,source=/etc/rspamd/local.d,target=/etc/rspamd/local.d,readonly rayzilt/rspamd

Note: You may want to rebuild the rayzilt/rspamd image to get the latest Rspamd version.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment