Rspamd soft reject email with getMail (wbilger)

I am not sure it is greylisting your problem, this is an email rejected by greylist

Feb  3 19:02:35 prometheus rspamd[1742]: <b0febf>; proxy; rspamd_add_passthrough_result: <NM666760DDE5563C048francet_mkt_prod1@nl.la1
ere.fr>: set pre-result to 'soft reject' (no score): 'Try again later' from greylist(1)

Feb  3 19:02:35 prometheus rspamd[1742]: <b0febf>; proxy; rspamd_task_write_log: id: <NM666760DDE5563C048francet_mkt_prod1@nl.la1ere.
fr>, qid: <4EFAB18012AC9>, ip: 82.165.159.39, from: <bounces@nl.la1ere.fr>, (default: F (soft reject): [17.89/19.90] [BAYES_SPAM(5.10
){100.00%;},SPAM_FLAG(5.00){},UNITEDINTERNET_SPAM(5.00){},RBL_SPAMHAUS_SBL(2.00){82.165.159.39:from;},XM_CASE(0.50){},FORGED_SENDER(0
.30){region@nl.la1ere.fr;bounces@nl.la1ere.fr;},BAD_REP_POLICIES(0.10){},MIME_GOOD(-0.10){multipart/alternative;text/plain;},MX_GOOD(
-0.01){cached: a.mx.p4.neolane.net;},ASN(0.00){asn:8560, ipnet:82.165.0.0/16, country:DE;},DKIM_TRACE(0.00){nl.la1ere.fr:+;},DMARC_PO
LICY_ALLOW(0.00){nl.la1ere.fr;none;},DMARC_POLICY_ALLOW_WITH_FAILURES(0.00){},FROM_HAS_DN(0.00){},FROM_NEQ_ENVFROM(0.00){region@nl.la
1ere.fr;bounces@nl.la1ere.fr;},GREYLIST(0.00){greylisted;Mon, 03 Feb 2020 18:07:35 GMT;new record;},HAS_REPLYTO(0.00){contact@nl.la1e
re.fr;},IP_REPUTATION_HAM(0.00){asn: 8560(-0.13), country: DE(-0.00), ip: 82.165.159.39(0.00);},MID_RHS_MATCH_FROM(0.00){},MIME_TRACE
(0.00){0:+;1:+;2:~;},PRECEDENCE_BULK(0.00){},PREVIOUSLY_DELIVERED(0.00){sylvie@domain.org},RCPT_COUNT_ONE(0.00){1;},RCVD_COUNT_T
WO(0.00){2;},RCVD_TLS_LAST(0.00){},REPLYTO_DN_EQ_FROM_DN(0.00){},REPLYTO_DOM_EQ_FROM_DOM(0.00){},R_DKIM_ALLOW(0.00){nl.la1ere.fr:s=ne
olane;},R_SPF_SOFTFAIL(0.00){~all;},TO_DN_NONE(0.00){},TO_MATCH_ENVRCPT_ALL(0.00){}]), len: 78251, time: 421.811ms, dns req: 74, dige
st: <c5d82b1e8a90debba26aedb520245b21>, rcpts: <sylvie@domain.org>, mime_rcpts: <sylvie@domain.org>, forced: soft reject "Try
 again later"; score=nan (set by greylist)

as you can see rspamd states what is the module who did the soft reject

Now I’m really confused, it is not greylisting, it is greylist?
Can we tell why it was greylisted, or rejected by greylist, this is a perfectly legitimate email, and is very important from a customer?
Will the fact that this domain is now on the whitelist help here? But doesn’t help in the case of a different or new customer sending a similar email.

you issued a task timeout

We need to split this thread, we have maybe two different issues and without log evidences we cannot find something interesting…we come back later

I would like you try to increase the task_timeout = 8s; in /etc/rspamd/rspamd.conf

It is a template so any settings change in the filter panel will erase your change.

Lets say 15s

think to restart rspamd after

cc @davidep

we have a timeout of 120s for getMail, in theory we should have the same

That is for that one specific message.
I am definitely having the issue in this thread, soft-reject emails with getmail. There are a couple possible issues, from my understanding there shoudn’t be soft rejects with greylisting disabled, but there are, and if they are timeouts, then why are they being labeled as ‘soft rejects’ in the webinterface. Also, there should be a way to completely disable soft rejects when using getmail, as they cannot be resent so are essentially lost.

Simply you reach a task timeout of rspamd, your email has needed more than 8s to be fetched by getMail, then rspamd issued a try again later it is a safe protocol and the good approach

Then that’s the issue, it never ‘tries again later’.

1 Like

I have made this change and will report back.

1 Like

Hi @wbilger

Could it be possible to get the full maillog by email

Stephdl at de-labrusse.fr

For sure, just sent.

Got it really appreciated, I think I found why

@wbilger could you update more the timeout

clamav reload needs 20 seconds to reload its DB, I can see that your timeout occurred between the

Feb  3 11:40:03 lrtserv-data clamd[3067]: Reading databases from /var/lib/clamav
....
Feb  3 11:40:22 lrtserv-data clamd[3067]: Database correctly reloaded (6905865 signatures)

in my idea for your server, we need a timeout around 20 seconds, but your server seems fast…what about a tiny one

You asked about whitelist, I see in your log that the IP 127.0.0.1 has matched the map Matched map: FROM_SUBDOMAINS_WHITELIST so it should work and has been accepted

could you show us what definition of clamav do you use, does the legacy signatures are off or on

So, do I changed timeout to 20s, or a tiny one. I did change to 20s and will report back tomorrow, as I am still have timeouts on some emails (most without even any attachments) with task_timeout = 15s

I have made no changes to the default install.
In the ClamAV settings, “ClamAV official signatures” is checked, and “Third-party signatrues rating” is set to Low.

cc @giacomo could you advice on clamav settings

Just uncheck it, the reload will be much much faster (it’s the new default).

Ok, thanks. So this could be why I have timeouts on some messages? Would I maybe not need to change task_timeout from 8s to higher then?
Also, should Third-party signatures rating be set to Low?

This is one of the causes.

It shouldn’t be, but I let answer @stephdl and @davidep on this.

Low is fine :wink:

I asked to upstream, need to wait after, the quick fix now is to increase the timeout to 25s.

In fact when rspamd cannot contact clamd, it fails with a symbol but never by a timeout, however with rspamc it is different, if clamav is not able to be reachable, then the task_timout ends the transaction.