[Rspamd-Users] DKIM keys in Redis

Alexander Huemer oowieph7aede at xx.vu
Fri Nov 22 22:58:59 UTC 2024 

Hi!

I run rspamd (3.4 on Debian stable, amd64) alongside opensmtpd for a 
couple of domains. The setup is pretty vanilla, nothing crazy.
Recently an idea started to grow on me for which I want a 'programmatic' 
way to add DKIM keys to the rspamd configuration. Of course I could 
append a stanza to local.d/dkim_signing.conf and bounce the daemon, but 
[1] speaks about 'DKIM keys in Redis', which seams more appropriate.

My issue is that I do not have a good mental model of what Redis 
_really_ is or how rspamd uses it. Yes, Redis is a KV store with a 
network interface, sure. But when it comes to how Redis persists data or 
should be backed-up, it gets very fuzzy for me. And, before I put data 
somewhere that I do not want to lose (like DKIM keys), I want to 
understand the properties of the software sufficiently. This train of 
thought also made me understand that I should perhaps have thought about 
this earlier, since Redis is a dependency of rspamd anyways, and I 
frankly do not actually know why.

It seems to me like rspamd uses Redis like a traditional database, at 
least for some use cases, but isn't Redis way more volatile than a 
typical relational database?  Like... Something is being written into 
Redis and power goes away. Can I be confident data won't get lost?

[2] makes me believe that at least some of the data that rspamd stores 
in Redis should be treated with diligence.

* Should the Redis instance that runs alongside a typical rspamd 
  instance be backed up?

I tried reading about the topic, primarily [3], but that honestly 
sparked more questions than it answered. I have no clue what the right 
course of action is in regards to
- Making sure that data being written into Redis is being persisted to 
  disk
- Properly backing up data that lives inside Redis

My current mental model of those aspects of Redis can only be described 
as FUD.

* Is there a recommendation from the rspamd project regarding Redis 
  settings that influence data persistence? (RDB, AOF).

Due to my lack of sufficiently deep understanding I am considering to 
use something that I know how to operate reliably (e.g. sqlite) as 
source of truth for DKIM keys and inject data into Redis when the daemon 
is bounced, if required, due to fear that Redis persistence might not 
work as expected.

My hope is that I can get some recommendations on this mailing list so 
that I can avoid the (probably) unnecessary additional step of classic 
SQL database.

Apologies if (at least some of) those questions should actually go to 
the Redis people. IMHO the questions mainly relate to how Redis is being 
used by rspamd.

Thanks,
-Alex

[1] https://rspamd.com/doc/modules/dkim_signing.html#dkim-keys-in-redis
[2] https://rspamd.com/doc/configuration/redis.html
[3] https://redis.io/docs/latest/operate/oss_and_stack/management/persistence/

More information about the Users mailing list