Nethesis Forum Mails are marked as spam

Compare with my output

runagent -m mail1 podman exec -ti rspamd ash -c 'unbound-anchor -v ; stat /usr/share/dnssec-root/trusted-key.key'
Output
/usr/share/dnssec-root/trusted-key.key has content
success: the anchor is ok
  File: /usr/share/dnssec-root/trusted-key.key
  Size: 757             Blocks: 8          IO Block: 4096   regular file
Device: abh/171d        Inode: 142680651   Links: 1
Access: (0644/-rw-r--r--)  Uid: (    0/    root)   Gid: (    0/    root)
Access: 2024-11-11 14:06:47.152925717 +0000
Modify: 2024-11-11 14:06:47.152925717 +0000
Change: 2024-11-11 14:06:47.153925728 +0000

Looks not good…

root@ns8:~# runagent -m mail1 podman exec -ti rspamd ash -c 'unbound-anchor -v ;                                              stat /usr/share/dnssec-root/trusted-key.key'
/usr/share/dnssec-root/trusted-key.key has content
fail: the anchor is NOT ok and could not be fixed
  File: /usr/share/dnssec-root/trusted-key.key
  Size: 369             Blocks: 8          IO Block: 4096   regular file
Device: 801h/2049d      Inode: 405125      Links: 1
Access: (0644/-rw-r--r--)  Uid: (    0/    root)   Gid: (    0/    root)
Access: 2024-11-11 11:17:17.270153354 +0000
Modify: 2022-08-06 13:21:28.000000000 +0000
Change: 2024-11-11 11:17:10.558153075 +0000

You can try to remove the file and run the unbound-anchor -v command again, to see if some interesting error message appears.

I’ve removed the file and run unbound-anchor twice
Still the same

root@ns8:~# runagent -m mail1 podman exec -ti rspamd ash -c 'unbound-anchor -v ; stat /usr/share/dnssec-root/trusted-key.key'
/usr/share/dnssec-root/trusted-key.key does not exist
fail: the anchor is NOT ok and could not be fixed
  File: /usr/share/dnssec-root/trusted-key.key
  Size: 83              Blocks: 8          IO Block: 4096   regular file
Device: 801h/2049d      Inode: 429247      Links: 1
Access: (0644/-rw-r--r--)  Uid: (    0/    root)   Gid: (    0/    root)
Access: 2024-11-11 14:49:31.367804040 +0000
Modify: 2024-11-11 14:49:31.363804039 +0000
Change: 2024-11-11 14:49:31.367804040 +0000
root@ns8:~# runagent -m mail1 podman exec -ti rspamd ash -c 'unbound-anchor -v ; stat /usr/share/dnssec-root/trusted-key.key'
/usr/share/dnssec-root/trusted-key.key has content
fail: the anchor is NOT ok and could not be fixed
  File: /usr/share/dnssec-root/trusted-key.key
  Size: 83              Blocks: 8          IO Block: 4096   regular file
Device: 801h/2049d      Inode: 429247      Links: 1
Access: (0644/-rw-r--r--)  Uid: (    0/    root)   Gid: (    0/    root)
Access: 2024-11-11 14:49:45.691821076 +0000
Modify: 2024-11-11 14:49:31.363804039 +0000
Change: 2024-11-11 14:49:31.367804040 +0000

What are its contents?

runagent -m mail1 podman exec rspamd cat /usr/share/dnssec-root/trusted-key.key
root@ns8:~# runagent -m mail1 podman exec rspamd cat /usr/share/dnssec-root/trusted-key.key
. IN DS 20326 8 2 E06D44B80B8F1D39A95C0B0D7C65D08458E880409BBC683457104237C7F8EC8D

David. Many thank for your patience :+1:

It should be like this one:

Unbound anchor file example
rl1:/# cat /usr/share/dnssec-root/trusted-key.key
; autotrust trust anchor file
;;id: . 1
;;last_queried: 1731335896 ;;Mon Nov 11 14:38:16 2024
;;last_success: 1731335896 ;;Mon Nov 11 14:38:16 2024
;;next_probe_time: 1731378520 ;;Tue Nov 12 02:28:40 2024
;;query_failed: 0
;;query_interval: 43200
;;retry_time: 8640
.       86400   IN      DNSKEY  257 3 8 AwEAAaz/tAm8yTn4Mfeh5eyI96WSVexTBAvkMgJzkKTOiW1vkIbzxeF3+/4RgWOq7HrxRixHlFlExOLAJr5emLvN7SWXgnLh4+B5xQlNVz8Og8kvArMtNROxVQuCaSnIDdD5LKyWbRd2n9WGe2R8PzgCmr3EgVLrjyBxWezF0jLHwVN8efS3rCj/EWgvIWgb9tarpVUDK/b58Da+sqqls3eNbuv7pr+eoZG+SrDK6nWeL3c6H5Apxz7LjVc1uTIdsIXxuOLYA4/ilBmSVIzuDWfdRUfhHdY6+cn8HFRm+2hM8AnXGXws9555KrUB5qihylGa8subX2Nn6UwNR1AkUTV74bU= ;{id = 20326 (ksk), size = 2048b} ;;state=2 [  VALID  ] ;;count=0 ;;lastchange=1731335884 ;;Mon Nov 11 14:38:04 2024

As said before, double-check if some firewall rule is blocking outgoing connections, or if your ISP for some strange reason does not allow connections to DNS root servers :person_shrugging:

I’ve disabled DNSban, IPban and threatshield within Nethsecurity, but still the same issue.
On my NS8 I don’t have no firewall (other then the default) or blocks installed.

Can it be that i’ve my NS8 behind a reverse proxy ?
The portforwarding to NS8 is only SMTP port

Still struggling to get this working properly

Can it be the issue that no DNS settings are set in NS8
The Network of the Debian distro is getting IP and DNS ip from my Nethsecurity

Must i setup something in the NS8 setup with DNS servers ?
https://docs.nethserver.org/projects/ns8/en/latest/dnsmasq.html

I’ve a similar NS8 + NethSecurity deployment at my office, and Rspamd/Unbound is working properly. DNSMasq app is not needed to fix this issue.

You could try to run dig on NethSecurity to see if you obtain the same results.

 dig nethserver.org

See Remote access — NethSecurity documentazione to access NethSecurity with an SSH client.

No problem within Nethsecurity

root@NethSec8:~# dig nethserver.org

; <<>> DiG 9.18.28 <<>> nethserver.org
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46183
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;nethserver.org.                        IN      A

;; ANSWER SECTION:
nethserver.org.         206     IN      A       35.214.216.68

;; Query time: 40 msec
;; SERVER: 127.0.0.1#53(127.0.0.1) (UDP)
;; WHEN: Tue Nov 26 18:45:21 CET 2024
;; MSG SIZE  rcvd: 59

I tried also to check the unbound, but this gives now an error

root@ns8:~# runagent -m mail1 podman exec rspamd unbound-control lookup nethserver.org
[1732643369] unbound-control[124:0] error: connect: No such file or directory for /run/unbound.control.sock

How can i start the unbound service ?

ss -tunlp | grep unbound
Gives no output

runagent -m mail1 podman exec rspamd unbound-control lookup nethserver.org

[1732820462] unbound-control[74:0] error: connect: No such file or directory for /run/unbound.control.sock

Gives an error

No idea why this service has stopped.
Nothing has been changed besides the updates or a restart of the server

The fact that unbound isn’t running depicts a completely different scenario. We were investigating why it was not resolving addresses, now we are going to check why it isn’t running.

Navigate to the System logs page and select App mail1, with Follow mode. Then restart Rspamd with:

runagent -m mail1 systemctl --user restart rspamd

If some error message is sent to the logs, it should be among first lines. Please share them here.

Hello Davide
Good to hear it is still under investigation. Happy to see the great support on the forum.

I’ve restarted the service and this is the log

2024-11-29T12:44:49+01:00 [1:mail1:podman] 2024-11-29 12:44:49.825268753 +0100 CET m=+0.210049679 container died e084ee81d9b7e95f1c3a99782b6c3294f911359b13b33e8223112576c3fa85e6 (image=ghcr.io/nethserver/mail-rspamd:1.4.10, name=rspamd, PODMAN_SYSTEMD_UNIT=rspamd.service, io.buildah.version=1.23.1)
2024-11-29T12:44:49+01:00 [1:mail1:podman] 2024-11-29 12:44:49.854701455 +0100 CET m=+0.239482382 container cleanup e084ee81d9b7e95f1c3a99782b6c3294f911359b13b33e8223112576c3fa85e6 (image=ghcr.io/nethserver/mail-rspamd:1.4.10, name=rspamd, PODMAN_SYSTEMD_UNIT=rspamd.service, io.buildah.version=1.23.1)
2024-11-29T12:44:49+01:00 [1:mail1:rspamd] e084ee81d9b7e95f1c3a99782b6c3294f911359b13b33e8223112576c3fa85e6
2024-11-29T12:44:50+01:00 [1:mail1:podman] 2024-11-29 12:44:50.133507353 +0100 CET m=+0.237645165 container remove e084ee81d9b7e95f1c3a99782b6c3294f911359b13b33e8223112576c3fa85e6 (image=ghcr.io/nethserver/mail-rspamd:1.4.10, name=rspamd, PODMAN_SYSTEMD_UNIT=rspamd.service, io.buildah.version=1.23.1)
2024-11-29T12:44:50+01:00 [1:mail1:rspamd] e084ee81d9b7e95f1c3a99782b6c3294f911359b13b33e8223112576c3fa85e6
2024-11-29T12:44:50+01:00 [1:mail1:systemd] rspamd.service: Failed with result 'exit-code'.
2024-11-29T12:44:50+01:00 [1:mail1:systemd] Stopped rspamd.service - Rspamd mail filter.
2024-11-29T12:44:51+01:00 [1:mail1:rspamd] enabled
2024-11-29T12:44:51+01:00 [1:mail1:podman] 2024-11-29 12:44:51.188647749 +0100 CET m=+0.039122401 image pull  ghcr.io/nethserver/mail-rspamd:1.4.10
2024-11-29T12:44:52+01:00 [1:mail1:systemd] Started libpod-a1d1f2b690cdfc2d8143068e6a9e68ca8329e766465071a3d035635cffee1403.scope - libcrun container.
2024-11-29T12:44:52+01:00 [1:mail1:su] + none root:redis
2024-11-29T12:44:52+01:00 [1:mail1:su] + none root:redis
2024-11-29T12:44:52+01:00 [1:mail1:] WARNING Memory overcommit must be enabled! Without it, a background save or replication may fail under low memory condition. To fix this issue add 'vm.overcommit_memory = 1' to /etc/sysctl.conf and then reboot or run the command 'sysctl vm.overcommit_memory=1' for this to take effect.
2024-11-29T12:44:52+01:00 [1:mail1:] oO0OoO0OoO0Oo Redis is starting oO0OoO0OoO0Oo
2024-11-29T12:44:52+01:00 [1:mail1:redis-persistent] Server initialized
2024-11-29T12:44:52+01:00 [1:mail1:] WARNING Memory overcommit must be enabled! Without it, a background save or replication may fail under low memory condition. To fix this issue add 'vm.overcommit_memory = 1' to /etc/sysctl.conf and then reboot or run the command 'sysctl vm.overcommit_memory=1' for this to take effect.
2024-11-29T12:44:52+01:00 [1:mail1:] oO0OoO0OoO0Oo Redis is starting oO0OoO0OoO0Oo
2024-11-29T12:44:52+01:00 [1:mail1:redis-volatile] Ready to accept connections unix
2024-11-29T12:44:52+01:00 [1:mail1:redis-persistent] Ready to accept connections unix
2024-11-29T12:44:55+01:00 [1:mail1:rspamd] /usr/bin/bash: connect: Verbinding is geweigerd
2024-11-29T12:44:55+01:00 [1:mail1:rspamd] /usr/bin/bash: regel 1: /dev/tcp/127.0.0.1/11334: Verbinding is geweigerd
2024-11-29T12:44:58+01:00 [1:mail1:rspamd] /usr/bin/bash: connect: Verbinding is geweigerd
2024-11-29T12:44:58+01:00 [1:mail1:rspamd] /usr/bin/bash: regel 1: /dev/tcp/127.0.0.1/11334: Verbinding is geweigerd
2024-11-29T12:45:00+01:00 [1:mail1:rspamd] (main) <fdp86m>; map; rspamd_map_add: added map https://maps.rspamd.com/freemail/free.txt.zst
2024-11-29T12:45:00+01:00 [1:mail1:rspamd] (main) <da4ph6>; symcache; add_augmentation: added implied flags (0100000000000000000) for symbol BYPASS_RECIPIENT as it has passthrough augmentation
2024-11-29T12:45:00+01:00 [1:mail1:rspamd] (main) <da4ph6>; lua; rbl.lua:1126: added URL whitelist for RBL DWL_DNSWL
2024-11-29T12:45:00+01:00 [1:mail1:rspamd] (main) <da4ph6>; cfg; rspamd_map_parse_backend: map '/etc/rspamd/local.d/maps.d/spf_whitelist.inc.local' is not found, but it can be loaded automatically later
2024-11-29T12:45:00+01:00 [1:mail1:rspamd] (main) <yhcyzt>; map; rspamd_map_read_http_cached_file: read cached data for https://maps.rspamd.com/rspamd/phishing_whitelist.inc.zst from /var/lib/rspamd/110ec84de81cc98813b71d34d42dedbc199bd687.map, 170 bytes; next check at: 2024-11-29 14:56:47; last modified on: 2021-02-25 19:17:32; etag: (NULL)
2024-11-29T12:45:00+01:00 [1:mail1:rspamd] (main) <k8f914>; map; rspamd_map_read_http_cached_file: read cached data for https://maps.rspamd.com/freemail/disposable.txt.zst from /var/lib/rspamd/ea942f35f2c82e84bdb7b8ceb34537f7dbe986eb.map, 15599 bytes; next check at: 2024-11-29 13:59:35; last modified on: 2024-09-20 17:33:31; etag: (NULL)
2024-11-29T12:45:00+01:00 [1:mail1:rspamd] (normal) <da4ph6>; lua; lua_redis.lua:1254: uploaded redis script to unix:/run/redis/persistent.sock from file bayes_cache_learn.lua, sha: 67e32328bb29b39efed307d5d179a6ccf099da54
2024-11-29T12:45:00+01:00 [1:mail1:rspamd] (normal) <da4ph6>; lua; lua_redis.lua:1254: uploaded redis script to unix:/run/redis/persistent.sock from file bayes_cache_learn.lua, sha: 67e32328bb29b39efed307d5d179a6ccf099da54
2024-11-29T12:45:00+01:00 [1:mail1:rspamd] (normal) <da4ph6>; lua; lua_redis.lua:1254: uploaded redis script to unix:/run/redis/persistent.sock from file bayes_classify.lua, sha: 0075688c9013897c35b1ef045c2b9f55d12d4586
2024-11-29T12:45:00+01:00 [1:mail1:rspamd] (normal) <da4ph6>; lua; lua_redis.lua:1254: uploaded redis script to unix:/run/redis/persistent.sock from file bayes_classify.lua, sha: 0075688c9013897c35b1ef045c2b9f55d12d4586
2024-11-29T12:45:00+01:00 [1:mail1:rspamd] (normal) <da4ph6>; lua; lua_redis.lua:1254: uploaded redis script to unix:/run/redis/persistent.sock from file bayes_learn.lua, sha: 18c1f7e837d77f2d1d51cc491aa89365ed1c5bc6
2024-11-29T12:45:00+01:00 [1:mail1:rspamd] (normal) <da4ph6>; lua; lua_redis.lua:1254: uploaded redis script to unix:/run/redis/persistent.sock from file bayes_learn.lua, sha: 18c1f7e837d77f2d1d51cc491aa89365ed1c5bc6
2024-11-29T12:45:00+01:00 [1:mail1:rspamd] (normal) <da4ph6>; lua; lua_redis.lua:1254: uploaded redis script to unix:/run/redis/persistent.sock from file bayes_cache_check.lua, sha: dc0667e90f70e3df72fc6131e3b332160e82f638
2024-11-29T12:45:00+01:00 [1:mail1:rspamd] (normal) <da4ph6>; lua; lua_redis.lua:1254: uploaded redis script to unix:/run/redis/persistent.sock from file bayes_cache_check.lua, sha: dc0667e90f70e3df72fc6131e3b332160e82f638
2024-11-29T12:45:00+01:00 [1:mail1:rspamd] (normal) <da4ph6>; lua; lua_redis.lua:1254: uploaded redis script to unix:/run/redis/persistent.sock from file bayes_classify.lua, sha: 0075688c9013897c35b1ef045c2b9f55d12d4586
2024-11-29T12:45:00+01:00 [1:mail1:rspamd] (normal) <da4ph6>; lua; lua_redis.lua:1254: uploaded redis script to unix:/run/redis/persistent.sock from file bayes_classify.lua, sha: 0075688c9013897c35b1ef045c2b9f55d12d4586
2024-11-29T12:45:00+01:00 [1:mail1:rspamd] (normal) <da4ph6>; lua; lua_redis.lua:1254: uploaded redis script to unix:/run/redis/persistent.sock from file bayes_learn.lua, sha: 18c1f7e837d77f2d1d51cc491aa89365ed1c5bc6
2024-11-29T12:45:00+01:00 [1:mail1:rspamd] (normal) <da4ph6>; lua; lua_redis.lua:1254: uploaded redis script to unix:/run/redis/persistent.sock from file bayes_learn.lua, sha: 18c1f7e837d77f2d1d51cc491aa89365ed1c5bc6
2024-11-29T12:45:00+01:00 [1:mail1:rspamd] (controller) <da4ph6>; lua; lua_redis.lua:1254: uploaded redis script to unix:/run/redis/volatile.sock from file ratelimit_cleanup_pending.lua, sha: cd653186a50918be9389f99095e2e34625004596
2024-11-29T12:45:00+01:00 [1:mail1:rspamd] (controller) <da4ph6>; lua; lua_redis.lua:1254: uploaded redis script to unix:/run/redis/volatile.sock from file ratelimit_cleanup_pending.lua, sha: cd653186a50918be9389f99095e2e34625004596
2024-11-29T12:45:00+01:00 [1:mail1:rspamd] (normal) <da4ph6>; lua; lua_redis.lua:1254: uploaded redis script to unix:/run/redis/volatile.sock from file neural_maybe_invalidate.lua, sha: dc4556c7a1cd47d361b56026db3e644eea127d94
2024-11-29T12:45:00+01:00 [1:mail1:rspamd] (normal) <da4ph6>; lua; lua_redis.lua:1254: uploaded redis script to unix:/run/redis/volatile.sock from file neural_maybe_invalidate.lua, sha: dc4556c7a1cd47d361b56026db3e644eea127d94
2024-11-29T12:45:05+01:00 [1:mail1:rspamd] (hs_helper) rspamd_rs_compile_cb: compiled 0 regular expressions to the hyperscan tree, postpone loaded notification for 1 seconds to avoid races
2024-11-29T12:45:06+01:00 [1:mail1:rspamd] (main) <4ae116>; main; rspamd_srv_handler: received hyperscan cache loaded from /var/lib/rspamd/
2024-11-29T12:45:06+01:00 [1:mail1:rspamd] (controller) <imhkkk>; monitored; rspamd_monitored_dns_cb: DNS query blocked on multi.uribl.com (127.0.0.1 returned), possibly due to high volume
2024-11-29T12:45:10+01:00 [1:mail1:rspamd] (controller) <k4k3se>; monitored; rspamd_monitored_dns_cb: DNS reply returned 'no error' for bl.score.senderscore.com while 'no records with this name' was expected when querying for '1.0.0.127.bl.score.senderscore.com'(likely DNS spoofing or BL internal issues)

I’ve setup a testserver from the Rocky VM image with only the mailserver installed
This give the same output as my live Debian server on the tests