IPS Bypass IP rspamd_proxy

ips
v7

(L) #1

NethServer Version: 7.5
Module: IPS
Hello

I try to Enable IPS but there are some errors on rspamd_proxy as shown below
Please help and how to set By pass IP rspamd_proxy

11/26/2018, 10:56:53 AM rspamd_proxy 7341 proxy f8b98e got IO timeout with server fuzzy1.rspamd.com(88.99.142.95:11335), after 1 retransmits
11/26/2018, 10:53:56 AM rspamd_proxy 7341 proxy 65185f got IO timeout with server fuzzy2.rspamd.com(212.24.145.107:11335), after 1 retransmits
11/26/2018, 10:51:59 AM rspamd_proxy 7341 proxy 2a9883 got IO timeout with server fuzzy1.rspamd.com(88.99.142.95:11335), after 1 retransmits
11/26/2018, 10:48:58 AM rspamd_proxy 7341 proxy 6c9eec got IO timeout with server fuzzy1.rspamd.com(88.99.142.95:11335), after 1 retransmits
11/26/2018, 10:43:52 AM rspamd_proxy 7341 proxy 10de56 got IO timeout with server fuzzy1.rspamd.com(88.99.142.95:11335), after 1 retransmits

Thank you


(Markus Neuberger) #2

Does it occur regularly?

Are you sure it’s related to IPS?

You may check IPS logs with Evebox.

Found another thread about that:


(L) #3

Hi
Yes, sure after activate the IPS then the messages shown above
Can I allow these IPs in evebox ?

Thank you


(Markus Neuberger) #4

You’re welcome, I am afraid you have to find which ips rule category is blocking and set it to alert in IPS settings.

To find the blocking rule category have a look at /var/log/suricata/fast.log or evebox.

http://docs.nethserver.org/en/v7/suricata.html#rule-categories


(L) #5

Hello @mrmarkuz
Thank you so much
It seems show on category “Network Trojan”


(Markus Neuberger) #6

You’re welcome. Did you set the trojan rule category to alert or did you disable the IPS to make it work? Which rspamd version do you use?

I got the same rspamd_proxy error messages but my IPS is set to alert. I am going to investigate further, if IPS impacts rspamd we at least have to write it to the docs…

EDIT:

I can confirm the error occurs with activated IPS.


(L) #7

Thank you again