Rspamd soft reject email with getMail (wbilger)

Hi @wbilger

Could it be possible to get the full maillog by email

Stephdl at de-labrusse.fr

For sure, just sent.

Got it really appreciated, I think I found why

@wbilger could you update more the timeout

clamav reload needs 20 seconds to reload its DB, I can see that your timeout occurred between the

Feb  3 11:40:03 lrtserv-data clamd[3067]: Reading databases from /var/lib/clamav
....
Feb  3 11:40:22 lrtserv-data clamd[3067]: Database correctly reloaded (6905865 signatures)

in my idea for your server, we need a timeout around 20 seconds, but your server seems fast…what about a tiny one

You asked about whitelist, I see in your log that the IP 127.0.0.1 has matched the map Matched map: FROM_SUBDOMAINS_WHITELIST so it should work and has been accepted

could you show us what definition of clamav do you use, does the legacy signatures are off or on

So, do I changed timeout to 20s, or a tiny one. I did change to 20s and will report back tomorrow, as I am still have timeouts on some emails (most without even any attachments) with task_timeout = 15s

I have made no changes to the default install.
In the ClamAV settings, “ClamAV official signatures” is checked, and “Third-party signatrues rating” is set to Low.

cc @giacomo could you advice on clamav settings

Just uncheck it, the reload will be much much faster (it’s the new default).

Ok, thanks. So this could be why I have timeouts on some messages? Would I maybe not need to change task_timeout from 8s to higher then?
Also, should Third-party signatures rating be set to Low?

This is one of the causes.

It shouldn’t be, but I let answer @stephdl and @davidep on this.

Low is fine :wink:

I asked to upstream, need to wait after, the quick fix now is to increase the timeout to 25s.

In fact when rspamd cannot contact clamd, it fails with a symbol but never by a timeout, however with rspamc it is different, if clamav is not able to be reachable, then the task_timout ends the transaction.

I have maybe a better idea, we introduced with rspamd2 a value which is not from upstream

in /etc/rspamd/rspamd.conf

# Emit soft reject when timeout takes place
soft_reject_on_timeout = true;

the default is false

could you go back to the default timeout 8s and set to false the soft_reject_on_timeout

think to restart the rspamd

validated on my server, rspamc wait that the end of clamav reloading

I just made this change, thanks, this sounds good.
I will report that I have been at task_timeout = 8s most of the day today, since the suggested unchecking of “ClamAV official signatures” as suggested, and received no timeouts. So, I think that had something to do with it I believe. Not sure if for debugging purposes I shoud re-check that box, but if that is the new default I would not want it checked anyway.

hey @wbilger

what is the results with

task_timout = 8s;
soft_reject_on_timeout = false;

Was going to update at the end of the day, but it’s only an hour away now.

No timeouts, I have had ZERO soft rejects since I made the change.

Please note that I also unchecked “ClamAV official signatures” from ClamAV settings as suggested yesterday morning and never received any after that before changing soft_reject_on_timeout, so not sure what had the most affect. If you would like me to run a day with ClamAV official signatures back on I can do that if you want, if it gives yo more info.
Either way, it’s working great now.

1 Like

Yes please try to enable them again!

I bet you’ll get back the soft rejects and the discarded messages

1 Like

Ok, I’ll update tomorrow.

1 Like

Do you have any news?


Meanwhile, there is a bug fix to test.

Ensure there are no local modification to the rspamd configuration. Then you could install it with

yum --enablerepo=nethserver-testing update nethserver-mail\*

More information here:

https://github.com/NethServer/dev/issues/6052