Rspamd-1.8.1 needs testers

stephdl · November 1, 2018, 12:45pm

Hi all

We already run this version on our servers, so far no problem, the login prompt displayed in rspamd UI is solved, some new good features and bug fixes.

you can upgrade, test and report at : https://github.com/NethServer/dev/issues/5608

yum upgrade nethserver-mail-filter rspamd --enablerepo=nethserver-testing

Ya_Ley · November 2, 2018, 2:21am

Hello

Just updated and it works without any problems for my server.
And how to remove the nethserver-testing when your production next release ?

Thank you

stephdl · November 2, 2018, 6:06am

When we will release the stable rpm, this will be an upgrade of the testing rpm. So in short, keep it and report if something is going wrong

hucky · November 3, 2018, 7:33am

did the update, no problems at my side

GG_jr · November 3, 2018, 8:27am

cc: @stephdl

Same at my side!

GG_jr · November 4, 2018, 7:52am

Hi guys,

Actually, I have some issues.
I have the following errors regarding Rspamd module, in messages and in Rspamd UI.
The messages are from the beginning of the installation, is not related only to this version.
The NS email server is placed in DMZ.
No other issues.
Any clues?

TIA,
Gabriel

EDIT:

rspamd.log after reboot:

stephdl · November 4, 2018, 8:24am

dns failure, nothing really related to rspamd, indeed rspamd rely on unbound to query dns.

does the port 53 is really open on your DMZ
can you make request to dns server with dig : dig google.fr

stephdl · November 4, 2018, 8:27am

this is not rspamd.log, but redis log, rspamd log is combinated with maillog

GG_jr · November 4, 2018, 8:51am

OK, thank you!

GG_jr · November 4, 2018, 9:06am

Yes, it’s open.

[root@mail ~]# dig google.fr

; <<>> DiG 9.9.4-RedHat-9.9.4-61.el7_5.1 <<>> google.fr
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23126
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;google.fr.                     IN      A

;; ANSWER SECTION:
google.fr.              12      IN      A       172.217.20.3

;; Query time: 3 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sun Nov 04 10:49:58 EET 2018
;; MSG SIZE  rcvd: 54

[root@mail ~]#

EDIT:

The email server has one NIC, setted as GREEN.

other errors:

stephdl · November 4, 2018, 9:35am

quite all related to dns :-?

GG_jr · November 4, 2018, 9:38am

Yes, but anything else works without issues!

stephdl · November 4, 2018, 9:38am

please what is the outpout of

dig google.fr @127.0.0.1 -p 10053

unbound runs on another port than 53

GG_jr · November 4, 2018, 9:41am

I have opened this port to outbound on my utm.
I will test later. I’m not at home for now.
Thank you!

stephdl · November 4, 2018, 9:42am

DMZ for me is a full open bar to a server

stephdl · November 4, 2018, 9:45am

reading the unbound.conf, it is interesting, port 10053 is for querie, but outgoing port are

    # port to answer queries from
    # port: 53
    port: 10053

    # specify the interfaces to send outgoing queries to authoritative
    # server from by ip-address. If none, the default (all) interface
    # is used. Specify every interface on a 'outgoing-interface:' line.
    # outgoing-interface: 192.0.2.153
    # outgoing-interface: 2001:DB8::5
    # outgoing-interface: 2001:DB8::6

    # number of ports to allocate per thread, determines the size of the
    # port range that can be open simultaneously.
    # outgoing-range: 4096
    outgoing-range: 384

    # permit unbound to use this port number or port range for
    # making outgoing queries, using an outgoing interface.
    # Only ephemeral ports are allowed by SElinux
    outgoing-port-permit: 32768-65535

GG_jr · November 4, 2018, 9:45am

I remember that I set for tests DMZ to WAN, any to any, w/o positive results.

GG_jr · November 4, 2018, 1:33pm

[root@mail ~]# dig google.fr @127.0.0.1 -p 10053

; <<>> DiG 9.9.4-RedHat-9.9.4-61.el7_5.1 <<>> google.fr @127.0.0.1 -p 10053
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 63816
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;google.fr.                     IN      A

;; Query time: 37 msec
;; SERVER: 127.0.0.1#10053(127.0.0.1)
;; WHEN: Sun Nov 04 15:27:36 EET 2018
;; MSG SIZE  rcvd: 38

[root@mail ~]#

stephdl · November 4, 2018, 1:42pm

This is the root of the issue, once unboud is able to solve dns, then you will solve your issue

stephdl · November 4, 2018, 2:26pm

this is my output

[root@prometheus ~]# dig nethesis.it @127.0.0.1 -p 10053

; <<>> DiG 9.9.4-RedHat-9.9.4-61.el7_5.1 <<>> nethesis.it @127.0.0.1 -p 10053
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41963
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;nethesis.it.			IN	A

;; ANSWER SECTION:
nethesis.it.		600	IN	A	185.197.130.82

;; Query time: 443 msec
;; SERVER: 127.0.0.1#10053(127.0.0.1)
;; WHEN: Sun Nov 04 15:25:33 CET 2018
;; MSG SIZE  rcvd: 56