Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Redis: Decouple rspamd + netfilter from the rest #6233

Open
rallisf1 opened this issue Jan 4, 2025 · 0 comments
Open

Redis: Decouple rspamd + netfilter from the rest #6233

rallisf1 opened this issue Jan 4, 2025 · 0 comments
Labels
enhancement

Comments

@rallisf1
Copy link
Contributor

rallisf1 commented Jan 4, 2025

Summary

Currently you can sync fail2ban whitelists/blacklists between servers via the API (still needs a custom script and cron job), but it is almost impossible to sync spam/ham.

This is due to a design flaw in mailcow that doesn't allow for multi-server redis replication, as all services use the same redis database. In such a scenario, as opposed to a hot standby setup, things like mailcow settings and domain data should not be replicated.

My proposal is to use a second Redis container just for netfilter and rspamd, which can then be replicated across multiple instances.

Motivation

This will enable having the same level of security (at least regarding firewall and spam protection) across someone's fleet of mailcow servers. Moreover; it will make management easier as admins will be able to ban/unban/whitelist an IP through any of the replicated mailcow instances.

Additional context

Would be happy to contribute code or sponsor.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@rallisf1