rspamd-interface password problem

[Hans Petter Andersen]

Hello!

I've installed rspamd 0.9.0 and rspamd-interface but I am having some problems authenticating. I'm using lighttpd with mod_proxy and I've set the passwords in workers.conf. I've also set my client IP as the secure IP. rspamd has been restarted after the configuration changes. The rspamd interface (web) says the password is incorrect, and I am seeing this in rspamd.log:

2015-03-05 00:29:42 #13322(main) main: rspamd 0.9.0 is starting, build id: 

2015-03-05 00:29:42 #13322(main) ratelimit.lua:379: no servers are specified

2015-03-05 00:29:42 #13322(main) rspamd_mmaped_file_open: cannot stat file /var/lib/rspamd/bayes.spam, error No such file or directory, 2

2015-03-05 00:29:42 #13322(main) rspamd_mmaped_file_open: cannot stat file /var/lib/rspamd/bayes.ham, error No such file or directory, 2

2015-03-05 00:29:42 #13322(main) rspamd_inet_address_listen: bind failed: 98, 'Address already in use'

2015-03-05 00:29:42 #13324(controller) fork_worker: starting controller process 13324

2015-03-05 00:29:42 #13325(normal) fork_worker: starting normal process 13325

2015-03-05 00:29:42 #13326(normal) fork_worker: starting normal process 13326

2015-03-05 00:29:42 #13327(normal) fork_worker: starting normal process 13327

2015-03-05 00:29:42 #13328(normal) fork_worker: starting normal process 13328

2015-03-05 00:29:42 #13329(normal) fork_worker: starting normal process 13329

2015-03-05 00:29:42 #13330(normal) fork_worker: starting normal process 13330

2015-03-05 00:29:42 #13331(normal) fork_worker: starting normal process 13331

2015-03-05 00:29:42 #13332(normal) fork_worker: starting normal process 13332

2015-03-05 00:30:47 #13324(controller) rspamd_controller_check_password: absent password has been specified

I've noticed the message from rspamd_inet_address_listen but not sure if that should prevent me from logging into the web interface. I'm curious about the last line "absent password has been specified".

This is my workers.conf (minus the passwords and secure IP):

worker {

    type = "normal";

    bind_socket = "*:11333";

    mime = true;

}

worker {

    type = "controller";

    count = 1;

    bind_socket = "localhost:11334";

    password = "xxxxxxxxxxxxxxxxxx";

    enable_password = "xxxxxxxxxxxxxxxxxx"; 

    secure_ip = "a.b.c.d";

    static_dir = "${WWWDIR}"; 

}

"rspamc stat" also responds 403 unauthorized.

Any idea what could be wrong?

Best regards,

Hans

[Vsevolod Stakhov]

My suggestion is that the problem is in the proxy setup. What happens if
you remove lighttpd and talk directly to rspamd webui?

--
Vsevolod Stakhov

[Hans Petter Andersen]

My suggestion is that the problem is in the proxy setup. What happens if
you remove lighttpd and talk directly to rspamd webui?

You're right, thanks. After simplifying the lighttpd configuration a bit I was able to make it work.

I also noticed rspamc will communicate with rspamd if I specify the "enable_password" (not "password") from workers.conf. I have to specify the enable_password also for commands that are not privileged (e.g. stat, uptime). Is this normal?

$ rspamc -h localhost:11334 uptime

Results for command: uptime

HTTP error: 403, Unauthorized

$ rspamc -h localhost:11334 -P xxx uptime

Results for command: uptime

Rspamd version: 0.9.0

Uptime: 0 hour 21 minutes 46 seconds

Best regards,

Hans

[Vsevolod Stakhov]

On 05/03/2015 13:16, Hans Petter Andersen wrote:
> My suggestion is that the problem is in the proxy setup. What
> happens if
> you remove lighttpd and talk directly to rspamd webui?
>
>
> You're right, thanks. After simplifying the lighttpd configuration a bit
> I was able to make it work.
>
> I also noticed rspamc will communicate with rspamd if I specify the
> "enable_password" (not "password") from workers.conf. I have to specify
> the enable_password also for commands that are not privileged (e.g.
> stat, uptime). Is this normal?

That doesn't seem to be normal. But I'd need to reproduce this bug in my
environment first to make a fix (if needed).

--
Vsevolod Stakhov