Merge branch '348514-spamcheck-docs' into 'master'

Add user documentation about Spamcheck

See merge request gitlab-org/gitlab!76830

doc/user/admin_area/reporting/spamcheck.md

+---
+stage: Enablement
+group: Distribution
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#designated-technical-writers
+---
+
+# Spamcheck anti-spam service **(PREMIUM SELF)**
+
+> [Introduced](https://gitlab.com/gitlab-org/omnibus-gitlab/-/issues/6259) in GitLab 14.8.
+
+[Spamcheck](https://gitlab.com/gitlab-org/spamcheck) is an anti-spam engine
+developed by GitLab originally to combat rising amount of spam in GitLab.com,
+and later made public to be used in self-managed GitLab instances.
+
+## Enable Spamcheck
+
+Spamcheck is only available for package-based installations:
+
+1. Edit `/etc/gitlab/gitlab.rb` and enable Spamcheck:
+
+    ```ruby
+    spamcheck['enable'] = true
+    ```
+
+1. Reconfigure GitLab:
+
+    ```shell
+    sudo gitlab-ctl reconfigure
+    ```
+
+1. Verify that the new services `spamcheck` and `spam-classifier` are
+   up and running:
+
+   ```shell
+   sudo gitlab-ctl status
+   ```
+
+## Configure GitLab to use Spamcheck
+
+1. On the top bar, select **Menu > Admin**.
+1. On the left sidebar, select **Settings > Reporting**.
+1. Expand **Spam and Anti-bot Protection**.
+1. Update the Spam Check settings:
+   1. Check the "Enable Spam Check via external API endpoint" checkbox.
+   1. For **URL of the external Spam Check endpoint** use `grpc://localhost:8001`.
+   1. Leave **Spam Check API key** blank.
+1. Select **Save changes**.
+
+NOTE:
+In single-node instances, Spamcehck runs over `localhost`, and hence is running
+in an unauthenticated mode. If on multi-node instances where GitLab runs on one
+server and Spamcheck runs on another server listening over a public endpoint, it
+is recommended to enforce some sort of authentication using a reverse proxy in
+front of the Spamcheck service that can be used along with an API key. One
+example would be to use `JWT` authentication for this and specifying a bearer
+token as the API key.
+[Native authentication for Spamcheck is in the works](https://gitlab.com/gitlab-com/gl-security/engineering-and-research/automation-team/spam/spamcheck/-/issues/171).
+
+## Running Spamcheck over TLS
+
+Spamcheck service on its own can not communicate directly over TLS with GitLab.
+However, Spamcheck can be deployed behind a reverse proxy which performs TLS
+termination. In such a scenario, GitLab can be made to communicate with
+Spamcheck over TLS by specifying `tls://` scheme for the external Spamcheck URL
+instead of `grpc://` in the Admin settings.

doc/user/admin_area/settings/index.md

@@ -160,7 +160,7 @@ The **Preferences** settings contain:
 The **Reporting** settings contain:
 
 - [Spam and Anti-bot Protection](../../../integration/recaptcha.md) -
-  Enable anti-spam services, like reCAPTCHA or Akismet, and set IP limits.
+  Enable anti-spam services, like reCAPTCHA, Akismet or [Spamcheck](../reporting/spamcheck.md), and set IP limits.
 - [Abuse reports](../review_abuse_reports.md) - Set notification email for abuse reports.
 
 ### Repository