Same issue - Debian 10, LXC, my quick workaround:
echo "151.115.41.123 maps.rspamd.com" >> /etc/hosts
systemctl restart rspamd
This resolves only problems with DNS resolution. But dig is possible.
I tried to curl https://maps.rspamd.com/freemail/free.txt.zst from my server: curl is possible.
Issues seem outside rSpamd/your system…
I checked the IPs in logs:
–> no log entries
only in var/log/maillog-yyyymmdd
resolved by…
systemctl restart rspamd
The problem persits:
error reading https://maps.rspamd.com/rspamd/redirectors.inc.zst(151.115.41.123:443): connection with http server terminated incorrectly: ssl connect error: syscall fail: Connection timed out
On Github exits an issue: https://github.com/rspamd/rspamd/issues/3616
I tried to wget the file from web console … without any problems.
Heinlein has committed an individual fix: https://github.com/HeinleinSupport/rspamd/commit/8ebcc2d409d82e40c2e7adafe682f7504bdd4318
Can we do anything on Nethserver?
Did you install the latest updates?
We are testing the rspamd 3.0 it works well since a while on my server
yum update rspamd --enablerepo=nethserver-testing
It seems the fix has been pushed to 2.8 and probably you run 2.7
@stephdl how confident you feel to tell people “try it”?
I am using a “going to production” installation, feeling bold enough to start it.
You can safely come back with a
yum downgrade rspamd
Eventually restart all the services stack
signal-event nethserver-mail-filter-update
Well for sure your are the captain of your server 
For whom still not used any kind of testing package, might ask you to approve the key of the server.
yes, I did.
I will try it
I did it. The installtion was w7o n issue. After installation, one error occurs in history section:
8.10.2021, 19:37:00 controller 1015 csession 0a4878 http error occurred: Not found
I think it can only be definitively evaluated once the filter has been running for a few hours.
I found a lot of new errors again, all the same IP:
| Time | Worker type | PID | Module | Internal ID | Message |
|---|---|---|---|---|---|
| 9.10.2021, 07:00:19 | controller | 1015 | map | o33omj | error reading https://maps.rspamd.com/rspamd/mime_types.inc.zst(151.115.41.123:443): connection with http server terminated incorrectly: ssl connect error: syscall fail: Connection timed out |
| 9.10.2021, 06:51:18 | rspamd_proxy | 1014 | proxy | 735623 | cannot compare parts with more than 8192 words: (5080 + 5151) |
| 9.10.2021, 06:02:51 | controller | 1015 | map | fdp86m | error reading https://maps.rspamd.com/freemail/free.txt.zst(151.115.41.123:443): connection with http server terminated incorrectly: ssl connect error: syscall fail: Connection timed out |
| 9.10.2021, 05:50:59 | controller | 1015 | map | qamb1r | error reading https://maps.rspamd.com/rspamd/dmarc_whitelist_new.inc.zst(151.115.41.123:443): connection with http server terminated incorrectly: ssl connect error: syscall fail: Connection timed out |
| 9.10.2021, 05:49:23 | controller | 1015 | map | 7n3qic | error reading https://maps.rspamd.com/rspamd/mid.inc.zst(151.115.41.123:443): connection with http server terminated incorrectly: ssl connect error: syscall fail: Connection timed out |
| 9.10.2021, 04:31:31 | controller | 1015 | map | o33omj | error reading https://maps.rspamd.com/rspamd/mime_types.inc.zst(151.115.41.123:443): connection with http server terminated incorrectly: ssl connect error: syscall fail: Connection timed out |
| 9.10.2021, 03:57:27 | controller | 1015 | map | 1u5hdp | error reading https://maps.rspamd.com/rspamd/redirectors.inc.zst(151.115.41.123:443): connection with http server terminated incorrectly: ssl connect error: syscall fail: Connection timed out |
| 9.10.2021, 03:33:02 | controller | 1015 | map | yhcyzt | error reading https://maps.rspamd.com/rspamd/phishing_whitelist.inc.zst(151.115.41.123:443): connection with http server terminated incorrectly: ssl connect error: syscall fail: Connection timed out |
| 9.10.2021, 03:13:35 | controller | 1015 | map | fdp86m | error reading https://maps.rspamd.com/freemail/free.txt.zst(151.115.41.123:443): connection with http server terminated incorrectly: ssl connect error: syscall fail: Connection timed out |
| 9.10.2021, 03:00:17 | controller | 1015 | map | qamb1r | error reading https://maps.rspamd.com/rspamd/dmarc_whitelist_new.inc.zst(151.115.41.123:443): connection with http server terminated incorrectly: ssl connect error: syscall fail: Connection timed out |
The data are downloadable from webconsole.
The DNS record still exits in /etc/hosts
#
# 40hosts_local
#
151.115.41.123 maps.rspamd.com
IP Tools (www.iptools.su)
Whois
Hôte: maps.rspamd.com
Réponse DNS
Type: A
maps.rspamd.com. 1196 IN A 88.198.198.21
Type: A
maps.rspamd.com. 1196 IN A 151.115.41.123
I do not have thi entry
[root@prometheus ~]# grep -srni 'rspamd' /etc/host*
[root@prometheus ~]#
it seems yes, check at the top, maybe you could try by disabling threatshield
What is the output of the CLI below in the console of the server (must output a binary content)
[root@prometheus ~]# curl -k https://maps.rspamd.com/rspamd/redirectors.inc.zst
(�/�$��� �%hK6X6ms��̸��z�u�e!�)��W��YES�k[�DTaZ?�D,
Y�r��|� Ƹ6����8䂣��U��,�լ���b:��7m�;����AE�s��3Ph�
I disabled it.
I added it manually
[root@ns-srv01 ~]# curl -k https://maps.rspamd.com/rspamd/redirectors.inc.zst
���Bz�����PD`qo�$��&Zy1����H5̀��m�;��:����}R�c*�>ǔ�]�m���}���9���s1��O.Fuo:��id'�TL�;���Ӥ�OU@+}U:�ώ&C��S�{;���s�87$Ux�n:����C�qE�zl�a�S�HK�4���8������dx�>���Ѥ�
�Pd
BS0�;��j������H�.��
B��z�-M�t�p��ar�9S|[�z(���i����gOk�`��O�P�������۹���9�T��s\#��5��ҙ�A��:e
c�F!��=�/�~3��ތ�ţ��[��"��b B�,-z@h�䫨��X_�=��,0�X�!�8�
�* 0�@p_��A[
;Π('�+�o���+o y�2̲��^ �6@Z�te��0S�XAA
2�wha(|�K�L��4�Xz{�עp
���@�q4�v��i�"խd��B�9�����!����I�{���W���6Z��P�P��j