[Rspamd-Users] API Auth

Vsevolod Stakhov vsevolod at rspamd.com
Mon Nov 26 17:17:13 UTC 2018

On 26/11/2018 16:37, Lothruin Mirwen wrote:
> Hi,
> I'm trying to develop a bridge integration between our MTA and Rspamd using
> http API.
> Spam checks go well through /checkv2 endpoint but I cannot find any
> reference to API authentcation in Rspamd documentation.
> Is there any authentication or of just will ip-trust be checked?

I have added `encrypted_only` feature in 1.8.3 so only clients who know
the correct public key are allowed to do checks. However, this also
implies that all communications MUST be encrypted. Since Rspamd uses its
own encryption method [1] it might be an issue...

[1] - https://highsecure.ru/httpcrypt.pdf

More information about the Users mailing list