This document provides instructions on setting up a Redis cache in Rspamd.
The Redis cache server, is utilized as a highly efficient key-value storage by various Rspamd modules, including the following:
Furthermore, Redis is used to store Bayes tokens in the statistics module. Rspamd offers multiple configuration options for Redis storage. Moreover, Redis replicationis supported, enabling Rspamd to write values to one set of Redis servers and read data from another set.
There are couple of ways to configure Redis for a module. First of all, you can place all Redis options inside the relevant module’s section:
dmarc {
servers = "127.0.0.1";
}
However, it is recommended to use the local and override directories for such configurations. For instance, you can create a file called /etc/rspamd/local.d/dmarc.conf for this specific case:
# local.d/dmarc.conf
servers = "127.0.0.1";
You can specify multiple servers by separating them with commas. Each server can also have an optional port value:
servers = "serv1,serv2:6371";
By default, Rspamd uses port 6379 for Redis. Alternatively, you can define the full features of upstream options when specifying servers:
servers = "master-slave:127.0.0.1,10.0.1.1";
You can simplify the configuration of Redis options for each individual module by using a common redis section. This can be done by defining the section in a separate file, such as /etc/rspamd/local.d/redis.conf. This approach helps streamline the configuration process and make it more organized.
For more detailed information, you can refer to the upstreams documentation.
# /etc/rspamd/local.d/redis.conf
read_servers = "127.0.0.1,10.0.0.1";
write_servers = "127.0.0.1";
Please bear in mind that you should either use servers for both read_servers and write_servers or define read_servers and write_servers separately. So it is either servers or read_servers+write_servers together.
Additionally, you have the option to redefine Redis options inside the redis section specifically for the desired module or modules. This provides flexibility in configuring Redis options on a per-module basis:
# /etc/rspamd/local.d/redis.conf
read_servers = "127.0.0.1,10.0.0.1";
write_servers = "127.0.0.1";
dmarc {
servers = "10.0.1.1";
}
In this example, the dmarc module will use a different set of servers than other modules. If you want to exclude specific modules from using the common Redis options, you can add them to the disabled_modules list, like this:
# /etc/rspamd/local.d/redis.conf
servers = "127.0.0.1";
disabled_modules = ["ratelimit"];
This configuration snippet prevents the ratelimit module from using the common Redis configuration. If Redis is not explicitly configured for this module (either in the redis -> ratelimit section or in the ratelimit section), the module will be disabled.
Rspamd supports the following Redis options (common for all modules):
servers: upstreams list for both read and write requestsread_servers: upstreams list for read only servers (usually replication slaves)write_servers: upstreams list for write only servers (usually replication master)timeout: timeout in seconds to get reply from Redis (e.g. 0.5s or 1min)db: number of database to use (by default, Rspamd will use the default Redis database with number 0)password: password to connect to Redis (no password by default)username: username to use when authenticating to Redisprefix: use the specified prefix for keys in Redis (if supported by module)expand_keys (1.7.0+): if set to true ‘expand’ key names used in queries (discussed further below)Starting from version 1.7.0, if you set the redis.expand_keys configuration parameter to true, special values can be replaced in key names before they are sent to Redis when performing queries via Lua (as in plugins like multimap, ratelimit, and settings). If you are using module-specific Redis configuration, you can specify this setting in the module configuration instead of redis.
Given this setting is enabled, where-ever names of keys could be specified in configuration special values could be used, for example map = "redis://${ip}!foo in multimap configuration would dynamically set key name to something like 1.2.3.4!foo. Variable names which could be used are as follows:
ip: sending IP of a messageprincipal_recipient: the address of the principal recipient of a message (Deliver-To request header, first SMTP recipient or MIME recipient according to availability)principal_recipient_domain: the domain name of the principal recipientesld_principal_recipient_domain: the domain name of the principal recipient, normalised to eSLDsmtp_from: SMTP sender addresssmtp_from_domain: SMTP sender address domainesld_smtp_from_domain: SMTP sender address domain, normalised to eSLDsmtp_from_domain_or_helo: SMTP sender address domain or HELO if address is empty/absentesld_smtp_from_domain_or_helo: SMTP sender address domain or HELO if address is empty/absent, normalised to eSLDmime_from: MIME sender addressmime_from_domain: MIME sender address domainesld_mime_from_domain: MIME sender address domain, normalised to eSLDFrom the version 1.8.3, Rspamd supports Redis Sentinel. Sentinels could be defined as following:
# local.d/redis.conf
sentinels = "127.0.0.1,10.0.0.1,10.0.0.2"; # Servers list (default port 5000)
sentinel_watch_time = 1min; # How often Rspam will query sentinels for masters and slaves
sentinel_masters_pattern = "^mymaster.*$"; # Defines masters pattern to match in Lua syntax (no pattern means all masters)
Rspamd will utilize sentinels to determine which servers should be designated as write_servers and which should be designated as read_servers. Although Redis sentinel does not fully support multi-master configurations, this feature can still be valuable for switching masters when accessing non-volatile data such as statistics, fuzzy storage, or neural network data. However, it is important to note that you must still configure an initial set of servers to be used in case no sentinel is accessible.