IPS Bypass IP rspamd_proxy


NethServer Version: 7.5
Module: IPS

I try to Enable IPS but there are some errors on rspamd_proxy as shown below
Please help and how to set By pass IP rspamd_proxy

11/26/2018, 10:56:53 AM rspamd_proxy 7341 proxy f8b98e got IO timeout with server fuzzy1.rspamd.com(, after 1 retransmits
11/26/2018, 10:53:56 AM rspamd_proxy 7341 proxy 65185f got IO timeout with server fuzzy2.rspamd.com(, after 1 retransmits
11/26/2018, 10:51:59 AM rspamd_proxy 7341 proxy 2a9883 got IO timeout with server fuzzy1.rspamd.com(, after 1 retransmits
11/26/2018, 10:48:58 AM rspamd_proxy 7341 proxy 6c9eec got IO timeout with server fuzzy1.rspamd.com(, after 1 retransmits
11/26/2018, 10:43:52 AM rspamd_proxy 7341 proxy 10de56 got IO timeout with server fuzzy1.rspamd.com(, after 1 retransmits

Thank you

Does it occur regularly?

Are you sure it’s related to IPS?

You may check IPS logs with Evebox.

Found another thread about that:

Yes, sure after activate the IPS then the messages shown above
Can I allow these IPs in evebox ?

Thank you

You’re welcome, I am afraid you have to find which ips rule category is blocking and set it to alert in IPS settings.

To find the blocking rule category have a look at /var/log/suricata/fast.log or evebox.


Hello @mrmarkuz
Thank you so much
It seems show on category “Network Trojan”

You’re welcome. Did you set the trojan rule category to alert or did you disable the IPS to make it work? Which rspamd version do you use?

I got the same rspamd_proxy error messages but my IPS is set to alert. I am going to investigate further, if IPS impacts rspamd we at least have to write it to the docs…


I can confirm the error occurs with activated IPS.

Thank you again


A few days ago I have been updated the Nethserver but still errors on rspamd_proxy after activate IPS


I have the same problem. I tested with IPS activated but with all categories set to “Disable” and still get the same error message every 20 minutes or so.

My first question would be: Is this a bug? and second: what are the repercussions of this error? I don’t see any real problem with the spam server, actually since I started using rspamd I have better control of spam.

Thank you.

Hi. Can someone please answer my last question. Or tell me if I need to open a new thread.

Sorry for the late answer. I found another thread where the problem is caused by a proxy.
As you wrote there seem to be no problems but I have to recheck.
It’s a special scenario to have IPS and mailserver on one machine. I am going to investigate and report as soon as I find a way to enable IPS without rspamd errors.

Thanks. Hope you find it.

I cannot reproduce it anymore, trying since yesterday. Did you already update to the new version 1.8.3 of rspamd?

Actually rspamd was updated automatically in my system 2 days ago:

cat /var/log/yum.log | grep rspamd
Mar 11 03:55:24 Updated: rspamd.x86_64 1.8.3-1

I don’t see the error message any more. I think it’s fixed.

I will report if there are problems.

Thank you.

1 Like

I’m still getting the same error:

Where can I find (or activate) rspamd logs? The directory /var/log/rspamd is empty in my system.

Rspamd logs to /var/log/maillog.