Add documentation about Spamcheck

Signed-off-by: Balasankar "Balu" C <balasankar@gitlab.com>

Add documentation about Spamcheck
23aeb3f1 · Balasankar C · c7a6ab39 · 23aeb3f1 · 23aeb3f1 · 23aeb3f1
Unverified Commit 23aeb3f1 authored 3 years ago by Balasankar C
--- a/doc/user/admin_area/reporting/img/spamcheck.jpg
+++ b/doc/user/admin_area/reporting/img/spamcheck.jpg
--- a/doc/user/admin_area/reporting/spamcheck.md
+++ b/doc/user/admin_area/reporting/spamcheck.md
+---
+stage: Enablement
+group: Distribution
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#designated-technical-writers
+---
+
+# Spamcheck anti-spam service **(PREMIUM SELF)**
+
+> [Introduced](https://gitlab.com/gitlab-org/omnibus-gitlab/-/issues/6259) in GitLab 14.6
+
+[Spamcheck](https://gitlab.com/gitlab-org/spamcheck) is an anti-spam engine
+developed by GitLab originally to combat rising amount of spam in GitLab.com,
+and later made public to be used in self-managed GitLab instances.
+
+## Enabling Spamcheck
+
+### Enabling the service
+
+#### `omnibus-gitlab` package based installations
+
+1. Edit `/etc/gitlab/gitlab.rb` and add the following line
+
+    ```ruby
+    spamcheck['enable'] = true
+    ```
+
+1. Run reconfigure
+
+    ```shell
+    sudo gitlab-ctl reconfigure
+    ```
+
+1. This will start two new services - `spamcheck` and `spam-classifier` (can be
+   verified using `sudo gitlab-ctl status` command).
+
+### Configuring GitLab to use Spamcheck
+
+1. Go to Admin > Settings > Reporting page in the GitLab instance, and update
+   the external spamcheck settings as follows:
+    1. Check the Enable Spam Check via external API endpoint checkbox
+    1. Use `grpc://localhost:8001` as the URL
+    1. No need to fill any API key
+
+    ![Enable Spamcheck](img/spamcheck.jpg)
+1. Click save changes
+
+NOTE:
+In single-node instances, Spamcehck runs over `localhost`, and hence is running
+in an unauthenticated mode. If on multi-node instances where GitLab runs on one
+server and Spamcheck runs on another server listening over a public endpoint, it
+is recommended to enforce some sort of authentication using a reverse proxy in
+front of the Spamcheck service that can be used along with an API key. One
+example would be to use `JWT` authentication for this and specifying a bearer
+token as the API key.
+[Native authentication for Spamcheck is in the works](https://gitlab.com/gitlab-com/gl-security/engineering-and-research/automation-team/spam/spamcheck/-/issues/171).
+
+## Running Spamcheck over TLS
+
+Spamcheck service on its own can not communicate directly over TLS with GitLab.
+However, Spamcheck can be deployed behind a reverse proxy which performs TLS
+termination. In such a scenario, GitLab can be made to communicate with
+Spamcheck over TLS by specifying `tls://` scheme for the external Spamcheck URL
+instead of `grpc://` in the Admin settings.
--- a/doc/user/admin_area/settings/index.md
+++ b/doc/user/admin_area/settings/index.md
@@ -159,7 +159,7 @@ The **Preferences** settings contain:
 The **Reporting** settings contain:
  
 - [Spam and Anti-bot Protection](../../../integration/recaptcha.md) -
-  Enable anti-spam services, like reCAPTCHA or Akismet, and set IP limits.
+  Enable anti-spam services, like reCAPTCHA, Akismet or [Spamcheck](../reporting/spamcheck.md), and set IP limits.
 - [Abuse reports](../review_abuse_reports.md) - Set notification email for abuse reports.
  
 ### Repository