Rspamd-1.8.1 needs testers

rspamd

(Stéphane de Labrusse) #1

Hi all

We already run this version on our servers, so far no problem, the login prompt displayed in rspamd UI is solved, some new good features and bug fixes.

you can upgrade, test and report at : https://github.com/NethServer/dev/issues/5608

yum upgrade nethserver-mail-filter rspamd --enablerepo=nethserver-testing


(Ya Ley) #2

Hello

Just updated and it works without any problems for my server.
And how to remove the nethserver-testing when your production next release ?

Thank you


(Stéphane de Labrusse) #3

When we will release the stable rpm, this will be an upgrade of the testing rpm. So in short, keep it and report if something is going wrong


(kai) #4

did the update, no problems at my side


(Gabriel GHEORGHIU) #5

cc: @stephdl

Same at my side!


(Gabriel GHEORGHIU) #6

Hi guys,

Actually, I have some issues.
I have the following errors regarding Rspamd module, in messages and in Rspamd UI.
The messages are from the beginning of the installation, is not related only to this version.
The NS email server is placed in DMZ.
No other issues.
Any clues?

TIA,
Gabriel

EDIT:

rspamd.log after reboot:


(Stéphane de Labrusse) #7

dns failure, nothing really related to rspamd, indeed rspamd rely on unbound to query dns.

does the port 53 is really open on your DMZ
can you make request to dns server with dig : dig google.fr


(Stéphane de Labrusse) #8

this is not rspamd.log, but redis log, rspamd log is combinated with maillog


(Gabriel GHEORGHIU) #9

OK, thank you!


(Gabriel GHEORGHIU) #10

Yes, it’s open.

[root@mail ~]# dig google.fr

; <<>> DiG 9.9.4-RedHat-9.9.4-61.el7_5.1 <<>> google.fr
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23126
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;google.fr.                     IN      A

;; ANSWER SECTION:
google.fr.              12      IN      A       172.217.20.3

;; Query time: 3 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sun Nov 04 10:49:58 EET 2018
;; MSG SIZE  rcvd: 54

[root@mail ~]#

EDIT:

The email server has one NIC, setted as GREEN.

other errors:


(Stéphane de Labrusse) #11

quite all related to dns :-?


(Gabriel GHEORGHIU) #12

Yes, but anything else works without issues! :slightly_frowning_face:


(Stéphane de Labrusse) #13

please what is the outpout of

dig google.fr @127.0.0.1 -p 10053

unbound runs on another port than 53


(Gabriel GHEORGHIU) #14

I have opened this port to outbound on my utm.
I will test later. I’m not at home for now.
Thank you!


(Stéphane de Labrusse) #15

DMZ for me is a full open bar to a server :smiley:


(Stéphane de Labrusse) #16

reading the unbound.conf, it is interesting, port 10053 is for querie, but outgoing port are

    # port to answer queries from
    # port: 53
    port: 10053

    # specify the interfaces to send outgoing queries to authoritative
    # server from by ip-address. If none, the default (all) interface
    # is used. Specify every interface on a 'outgoing-interface:' line.
    # outgoing-interface: 192.0.2.153
    # outgoing-interface: 2001:DB8::5
    # outgoing-interface: 2001:DB8::6

    # number of ports to allocate per thread, determines the size of the
    # port range that can be open simultaneously.
    # outgoing-range: 4096
    outgoing-range: 384

    # permit unbound to use this port number or port range for
    # making outgoing queries, using an outgoing interface.
    # Only ephemeral ports are allowed by SElinux
    outgoing-port-permit: 32768-65535

(Gabriel GHEORGHIU) #17

I remember that I set for tests DMZ to WAN, any to any, w/o positive results.


(Gabriel GHEORGHIU) #18
[root@mail ~]# dig google.fr @127.0.0.1 -p 10053

; <<>> DiG 9.9.4-RedHat-9.9.4-61.el7_5.1 <<>> google.fr @127.0.0.1 -p 10053
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 63816
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;google.fr.                     IN      A

;; Query time: 37 msec
;; SERVER: 127.0.0.1#10053(127.0.0.1)
;; WHEN: Sun Nov 04 15:27:36 EET 2018
;; MSG SIZE  rcvd: 38

[root@mail ~]#

(Stéphane de Labrusse) #19

This is the root of the issue, once unboud is able to solve dns, then you will solve your issue


(Stéphane de Labrusse) #20

this is my output

[root@prometheus ~]# dig nethesis.it @127.0.0.1 -p 10053

; <<>> DiG 9.9.4-RedHat-9.9.4-61.el7_5.1 <<>> nethesis.it @127.0.0.1 -p 10053
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41963
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;nethesis.it.			IN	A

;; ANSWER SECTION:
nethesis.it.		600	IN	A	185.197.130.82

;; Query time: 443 msec
;; SERVER: 127.0.0.1#10053(127.0.0.1)
;; WHEN: Sun Nov 04 15:25:33 CET 2018
;; MSG SIZE  rcvd: 56