This includes three containers:
- Rspamd itself, for use as a Postfix milter
- redis
- unbound (because rspamd's DNSBL lookups will likely fail when using public or your provider's DNS, see https://www.rspamd.com/doc/faq.html#resolver-setup).
Ideally, all of this should work in both rootless and rootful mode.
Running all of these in the same pod, the network stack is shared and everything should just work. Except for DNS. Podman likes to mess with DNS configuration and really doesn't let you set 127.0.0.1 as a nameserver (at least I couldn't get it to do that). So you'll have to add explicit configuration in rspamd as explained in https://rspamd.com/doc/configuration/options.html. Here I'll use 127.0.0.1 as primary and 1.1.1.1 (Cloudflare public DNS) only as a fallback:
dns {
nameserver = "master-slave:127.0.0.1,1.1.1.1";
}
I'll store this in my host's /etc/rspamd/local.d/options.inc file. Rest of the config is up to you (e.g. enabling redis).
podman pod create --name=rspamd-pod -p 127.0.0.1:11332:11332/tcp # check if you need more ports, this is milter only
podman create --pod=rspamd-pod --name redis redis
podman create --pod=rspamd-pod --name unbound klutchell/unbound
podman create --pod=rspamd-pod --name rspamd --mount type=bind,source=/etc/rspamd/local.d,target=/etc/rspamd/local.d,readonly rayzilt/rspamd
Note: You may want to rebuild the rayzilt/rspamd image to get the latest Rspamd version.