stephdl
(Stéphane de Labrusse)
November 1, 2018, 12:45pm
1
Hi all
We already run this version on our servers, so far no problem, the login prompt displayed in rspamd UI is solved, some new good features and bug fixes.
you can upgrade, test and report at : https://github.com/NethServer/dev/issues/5608
yum upgrade nethserver-mail-filter rspamd --enablerepo=nethserver-testing
6 Likes
Ya_Ley
(L)
November 2, 2018, 2:21am
2
Hello
Just updated and it works without any problems for my server.
And how to remove the nethserver-testing
when your production next release ?
Thank you
stephdl
(Stéphane de Labrusse)
November 2, 2018, 6:06am
3
When we will release the stable rpm, this will be an upgrade of the testing rpm. So in short, keep it and report if something is going wrong
3 Likes
hucky
(kai)
November 3, 2018, 7:33am
4
did the update, no problems at my side
2 Likes
GG_jr
(Gabriel GHEORGHIU)
November 4, 2018, 7:52am
6
Hi guys,
Actually, I have some issues.
I have the following errors regarding Rspamd module, in messages and in Rspamd UI.
The messages are from the beginning of the installation, is not related only to this version.
The NS email server is placed in DMZ.
No other issues.
Any clues?
TIA,
Gabriel
EDIT:
rspamd.log after reboot:
stephdl
(Stéphane de Labrusse)
November 4, 2018, 8:24am
7
dns failure, nothing really related to rspamd, indeed rspamd rely on unbound to query dns.
does the port 53 is really open on your DMZ
can you make request to dns server with dig : dig google.fr
stephdl
(Stéphane de Labrusse)
November 4, 2018, 8:27am
8
this is not rspamd.log, but redis log, rspamd log is combinated with maillog
GG_jr
(Gabriel GHEORGHIU)
November 4, 2018, 9:06am
10
Yes, it’s open.
[root@mail ~]# dig google.fr
; <<>> DiG 9.9.4-RedHat-9.9.4-61.el7_5.1 <<>> google.fr
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23126
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;google.fr. IN A
;; ANSWER SECTION:
google.fr. 12 IN A 172.217.20.3
;; Query time: 3 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sun Nov 04 10:49:58 EET 2018
;; MSG SIZE rcvd: 54
[root@mail ~]#
EDIT:
The email server has one NIC, setted as GREEN.
other errors:
stephdl
(Stéphane de Labrusse)
November 4, 2018, 9:35am
11
quite all related to dns :-?
GG_jr
(Gabriel GHEORGHIU)
November 4, 2018, 9:38am
12
Yes, but anything else works without issues!
stephdl
(Stéphane de Labrusse)
November 4, 2018, 9:38am
13
please what is the outpout of
dig google.fr @127.0.0.1 -p 10053
unbound runs on another port than 53
GG_jr
(Gabriel GHEORGHIU)
November 4, 2018, 9:41am
14
I have opened this port to outbound on my utm.
I will test later. I’m not at home for now.
Thank you!
stephdl
(Stéphane de Labrusse)
November 4, 2018, 9:42am
15
DMZ for me is a full open bar to a server
stephdl
(Stéphane de Labrusse)
November 4, 2018, 9:45am
16
reading the unbound.conf, it is interesting, port 10053 is for querie, but outgoing port are
# port to answer queries from
# port: 53
port: 10053
# specify the interfaces to send outgoing queries to authoritative
# server from by ip-address. If none, the default (all) interface
# is used. Specify every interface on a 'outgoing-interface:' line.
# outgoing-interface: 192.0.2.153
# outgoing-interface: 2001:DB8::5
# outgoing-interface: 2001:DB8::6
# number of ports to allocate per thread, determines the size of the
# port range that can be open simultaneously.
# outgoing-range: 4096
outgoing-range: 384
# permit unbound to use this port number or port range for
# making outgoing queries, using an outgoing interface.
# Only ephemeral ports are allowed by SElinux
outgoing-port-permit: 32768-65535
GG_jr
(Gabriel GHEORGHIU)
November 4, 2018, 9:45am
17
I remember that I set for tests DMZ to WAN, any to any, w/o positive results.
1 Like
GG_jr
(Gabriel GHEORGHIU)
November 4, 2018, 1:33pm
18
stephdl:
please what is the outpout of
dig google.fr @127.0.0.1 -p 10053
unbound runs on another port than 53
[root@mail ~]# dig google.fr @127.0.0.1 -p 10053
; <<>> DiG 9.9.4-RedHat-9.9.4-61.el7_5.1 <<>> google.fr @127.0.0.1 -p 10053
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 63816
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;google.fr. IN A
;; Query time: 37 msec
;; SERVER: 127.0.0.1#10053(127.0.0.1)
;; WHEN: Sun Nov 04 15:27:36 EET 2018
;; MSG SIZE rcvd: 38
[root@mail ~]#
stephdl
(Stéphane de Labrusse)
November 4, 2018, 1:42pm
19
This is the root of the issue, once unboud is able to solve dns, then you will solve your issue
1 Like
stephdl
(Stéphane de Labrusse)
November 4, 2018, 2:26pm
20
this is my output
[root@prometheus ~]# dig nethesis.it @127.0.0.1 -p 10053
; <<>> DiG 9.9.4-RedHat-9.9.4-61.el7_5.1 <<>> nethesis.it @127.0.0.1 -p 10053
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41963
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;nethesis.it. IN A
;; ANSWER SECTION:
nethesis.it. 600 IN A 185.197.130.82
;; Query time: 443 msec
;; SERVER: 127.0.0.1#10053(127.0.0.1)
;; WHEN: Sun Nov 04 15:25:33 CET 2018
;; MSG SIZE rcvd: 56
1 Like