I'm considering switching from SpamAssassin to Rspamd as everybody raves about it. The feature set like improved bayes filtering and easy greylisting sounds interesting. There's a catch though: Rspamd requires Redis for all of this to work. And this comes with the next catch: Redis is absolutely unsuitable for a shared server environment, from what I can read in the documentation and other websites.
My server is a shared webhosting and e-mail environment. Users run their websites on the same server as the MTA runs on. Everybody has their own system user account and is isolated from other accounts. But Redis doesn't care about that and opens a TCP socket or UNIX socket which is accessible for local users. And it only supports a static, global, stored-in-plaintext password for the entire Redis server. And there can only be one server on a host, if you follow the OS packages (Ubuntu in this case) and don't install and manage it all manually. So if I restrict Redis to Rspamd use, I couldn't even make use of it for other services, too, because it's locked down. That doesn't scale at all, which I believe Redis is all about.
What options do I have now? Is it a good idea to use Rspamd with its Redis requirement in this environment? Do I need to buy/rent a seperate machine only for e-mail? Do I need to spend more weeks into a Docker environment to provide the necessary isolation of Redis? Can I use these Rspamd features without Redis or with a more secure Redis alternative? Or is Rspamd not worth it and I should continue to use SpamAssassin?
Redis feels much like the ancient protocols FTP or SMTP from the beginning of the internet. Which nobody raves about anymore today.