efa-project.org

Howdy,

I see a little bit of discussion about docker - and I'm keen to use a docker implementation of EFA.

I'd be happy to help (I'd need help with the building, since I've really only use EFA from a deployed appliance).

I would think that converting to use docker images would enable a couple of benefits:
* Each component (postfix, spamassasin, mailscanner, etc) can be updated independently
* Each component could be scaled independently too
* Folks can deploy it on any linux host, without worrying about installing pre-built perl modules or building the modules (since the docker container images would have all the dependancies as part of the image build). CI/CD could automatically build them too...
* The appliance install image is trimmed down to basically a docker install, a docker composer file and then configuration...

Anyway, some ideas - I want to move my EFA implementation to an existing cloud host which is running docker containers and being able to move the EFA components would be useful. If nobody has done it, then I'll have a go anyway...

Hi,

Sound like an excellent idea. I have been playing around a little with this, but unfortunately I haven't got enough time (or knowledge) to do this on my own.

I did start with a clamav-container, and I guess that this might be "the lowest hangnig fruit" - it seems that there is not much config that needs to be changed to use clam as an extremal service.

Also the SQL-part should be easy (?) to move to a separate container.

If you start this journey, I can contribute if I can (I'm not a developer, but I am a fairly experienced admin)

I did look at the V4 implementation , but was not entirely happy on the solution as it seems that it basically creates a new instance every time it starts

Howdy, just saw your message as well as noticing that v5 is out.

Might seem if I can set it up as containers - unlike the link you showed for v4, which basically looks like it shoves everything in a container, my approach will be to run each "service" in its own container (if they are happy to run that way).

If it seems to work, I'll post here, so that others can play with it if it is of interest to them as well.

There have been many requests for Dockerized eFa...

I haven't done it for the very reason you mention. MailScanner is not suitable for containerization and is not designed as a microservice and is quite monolithic.

Although it has gotten better, the following problems still exist with MailScanner:

• Although postfix can be separated out, the milter (MSMilter) still requires MailScanner to coexist.

• clamd can be separated out, but MailScanner doesn't understand how to send content to a remote daemon for scanning. Same problem for other virus scanners.

• MailScanner requires Spamassassin to coexist.

• MailWatch needs to coexist with MailScanner to see the configuration.

Thanks for the info.

What a shame that its not a suitable target for containerisation. Are there plans to improve on this down the track?

While its quite easy to share disk mounts between containers, it probably doesnt help if microservices dont know how to talk to other microservices (ie: the clamd/mailerscanner).

My motivation to do this is to reduce the VMs that I run - which means its one less host that I need to manage (I pretty much run everything else in a container.)

Well, although not ideal, you could stuff most of it into a single container. It should work, but you won't have the benefit of having everything in its own respective container, of course.

I think getting this software to function in a microservice model will require a major rewrite of the code. Many of these components predate such concepts.

Hi,

My motivation is the same, I'm moving away from VMs.

I understand that it can be complicated and time-consuming to go "all-in" with containerization. Is it possible to start with one or a a few of the services (clam, sql, web-interface and possibly others ), and move more services as we figure out how?

Even if we cant make MailScanner scan over tcp (MailScanner is way out of my field of expertise...) , can't we have a local "clam cli" in the main EfA-container that scans via a centralized, and shared, clam-service? I did something like that on another project.