Rspamd testing
16
RSPAMD TESTING
-
Upload
vsevolod-stakhov -
Category
Engineering
-
view
119 -
download
0
Transcript of Rspamd testing
RSPAMD TESTING
PROBLEM STATEMENT
WHY TESTING IS HARD
▸ Need to test on live traffic
▸ Testing environment might be less powerful (e.g. a VM)
▸ Experimental machines can fail or die
▸ Need to compare all results
PROBLEM STATEMENT
GOALS: TEST NEW VERSIONS
STABLE VERSION TESTING VERSION
COMPARE RESULTS
PROBLEM STATEMENT
GOALS: TEST NEW RULES
OLD RULES NEW RULES
COLLECT STATISTICS
NEW PLUGINS
PROBLEM STATEMENT
GOALS: COMPARE SPAM ENGINES
RSPAMD OTHER SCANNER
COMPARE QUALITY
PROBLEM STATEMENT
GOALS: COLLECT GLOBAL STATISTICS
RSPAMD
GATHER STATS
RSPAMD RSPAMDRSPAMD
1% 2% 10% 0.5%
STATISTICS
ARCHITECTURE
SCAN SCHEME
RSPAMD PROXY
STABLE CLUSTER TESTING CLUSTER TESTING CLUSTER
Proxy stable result
COMPARE RESULTS
ARCHITECTURE
MAIN FEATURES
▸ Reply immediately when get results from the main cluster
▸ Fast and low latency architecture
▸ Can use multiple compare result scripts
▸ Compare scripts could use all API functions from rspamd
ARCHITECTURE
ENCRYPTION PROXY
RSPAMD PROXY
STABLE CLUSTER
Encrypt using HTTPCrypt
Scan local file
ARCHITECTURE
ENCRYPTION PROXY
▸ Encrypt with HTTPCrypt:
▸ low latency (0 RTT before data sending)
▸ zero copy
▸ provable secure
▸ simple keys management
▸ Can open local files and send encrypted data stream
▸ Each cluster can have its own unique encryption key
▸ Local keys are rotated frequently
ARCHITECTURE
LOAD BALANCING
RSPAMD PROXY
STABLE CLUSTER TESTING CLUSTER TESTING CLUSTER
COMPARE RESULTS
50% 10%
Balance within clusters
ARCHITECTURE
LOAD BALANCING
▸ Send certain amount of traffic to each testing cluster
▸ Balance within each cluster:
▸ balancing schemes: round-robin, master-slave, random
▸ each server can have its own priority
▸ can detect if an upstream is down
▸ lazily resolve upstream names (DNS balancing)
ARCHITECTURE
FOREIGN EXTERNAL SCANNERS
RSPAMD PROXY
STABLE CLUSTEREncrypt using HTTPCrypt
Scan local file
FOREIGN CLUSTER TESTING CLUSTER
Use LUA script to parse results
ARCHITECTURE
FOREIGN EXTERNAL SCANNERS
▸ Can scan external scanners, e.g. SA or Cloudmark
▸ Can evaluate their efficiency comparing to rspamd
▸ Use Lua filter to parse external scanners results
COMPARE EXAMPLES
AN EXAMPLE OF COMPARISON SCRIPT
return function(results) local log = require "rspamd_logger"
for k,v in pairs(results) do if type(v) == 'table' then log.infox("%s: %s", k, v['default']['score']) else log.infox("err: %s: %s", k, v) end end end
FUTURE PLANS
POTENTIAL FEATURES
▸ Balance not merely HTTP but also SMTP
▸ Perform retries when master connection fails somehow
▸ Use mirrors results if the whole stable cluster is dead
▸ Location based balancing (select the nearest or the fastest server among possible choices)
