I don’t agree.
If I am consolidating a mailserver for different external email addresses, getmail still be useful for retrieve old stuff and “wrong messages” from the old emailboxes.
Therefore, greylisting should be still be provided for hosted email boxes and addresses on the server.
The point is if the email is soft rejected and removed from the remote imap/pop account, then it cannot be retrieved again.
Good morning,
- checked emails at smarthost - the email from 31.01.2020 stay there !
- checked /var/log/mail.log and found only one line about this email (names are changed):
Jan 31 12:20:11 msrv rspamd[26880]: ; csession; rspamd_task_write_log: id: 0BD77A246CF70C44B8A90035533ADC4F020B2AF748@srvexchDB01.ikkclassic.local, ip: 127.0.0.1, from: emil.mueller@ikk-classic.de, (default: F (soft reject): [0.15/20.00] [SUBJ_ALL_CAPS(0.15){2;},MIME_GOOD(-0.10){multipart/mixed;multipart/alternative;text/plain;},RCVD_NO_TLS_LAST(0.10){},FROM_EQ_ENVFROM(0.00){},FROM_HAS_DN(0.00){},GENERIC_REPUTATION(0.00){-0.063842656585994;},HAS_ATTACHMENT(0.00){},HAS_XOIP(0.00){},MIME_TRACE(0.00){0:+;1:+;2:+;3:~;4:~;},PREVIOUSLY_DELIVERED(0.00){steffen.jacob@eds-systeme.de;},RCPT_COUNT_ONE(0.00){1;},RCVD_COUNT_THREE(0.00){4;},TO_DN_ALL(0.00){}]), len: 591623, time: 8023.068ms, dns req: 7, digest: <41f96f9674cbe608547867299d13c507>, mime_rcpts: muster.mann@firma.de, file: stdin, forced: soft reject “timeout processing message”; score=nan (set by task timeout)
Jan 31 12:20:11 msrv rspamd[26880]: ; csession; rspamd_protocol_http_reply: regexp statistics: 0 pcre regexps scanned, 2 regexps matched, 184 regexps total, 94 regexps cached, 0B scanned using pcre, 17.70KiB scanned total
Jan 31 12:20:11 msrv dovecot: lda(user01@eds.lan): sieve: msgid=0BD77A246CF70C44B8A90035533ADC4F020B2AF748@srvexchDB01.ikkclassic.local: marked message to be discarded if not explicitly delivered (discard action)
Jan 31 12:20:11 msrv getmail: msg 497/497 (599418 bytes) msgid 000093425134513e from emil.mueller@ikk-classic.de delivered to MDA_external command dovecot-lda ()
Jan 31 12:20:20 msrv clamd[2729]: Database correctly reloaded (6895964 signatures)
Yesterday I stopped greylist with enable = false in /etc/rspamd/override.d/greylist.conf (new file created)
Since 02.02.2020 at 6 o’clock there “thousands” of this lines:
Feb 2 06:54:24 msrv rspamd[11266]: ; map; http_map_error: error reading https://maps.rspamd.com/freemail/free.txt.zst(88.99.142.95:443): connection with http server terminated incorrectly: ssl connect error: ssl error: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed
Feb 2 06:54:25 msrv rspamd[11266]: ; map; http_map_error: error reading https://maps.rspamd.com/freemail/disposable.txt.zst(88.99.142.95:443): connection with http server terminated incorrectly: ssl connect error: ssl error: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed
I don’t think, that we are on the right trace …
it is not under our control, maps.rspamd.com is not on our resources, either you had a network issue, or rspamd from upstream got an undetermined issue
for what I read, your email has been well soft-rejected
it is officially a rspamd issue from a lets encrypt certificate
1 Like
I would like you try to increase the task_timeout = 8s; in /etc/rspamd/rspamd.conf
It is a template so any settings change in the filter panel will erase your change.
Lets say 15s
think to restart rspamd
cc @davidep
we have a timeout of 120s for getMail, in theory we should have the same
Which is why softreject should NEVER be applied against POP or IMAP access of mailboxes, only unsolicited mail received directlyat the server.
Cheers.
This is not related to greylist, but due to a task timeout
Exactly, how do I disable soft rejects, greylisting is disabled.
read my message please
Sorry, just confused. I will try the timeout suggested and respond in the other thread.
But, if this is not a ‘soft reject’, but why does it display as such in the rspamd web interface?
Well please stay in your thread…this is possibly another issue…your is at Rspamd soft reject email with getMail (wbilger)
we thought of this effect at beginning - we let stay the mails 14 days on the smarthost
Today we set task_timeout = 15s and now let’s wait
1 Like
8 seconds…
This is the reject reason. However the rspamc-getmail wrapper is invoked with 120s timeout: where do the 8s come from? Our new clamav error handling?
This is our before.sieve filter talking. IIUC it wants to discard the message.
This is likely to be the timeout origin. During clamav db reloads rspamd waits a while.
Hypotesis: the timeout handling with getmail has got a regression bug and discards instead of retrying? Let’s try to reproduce @stephdl:
kill -STOP <pidofclamd>
Possible workaround: disable clamav official signatures to speed up db reloads.
not sure @davidep
in /etc/rspamd/rspamd.conf
# Timeout for messages processing (must be larger than any internal timeout used)
task_timeout = 8s;
When rspamd2.0 has been tested we have considered to increase it to 120s since it is our higher timeout we have, but it is LONG
1 Like
If the rspamc-getmail timeout argument is not honored, we can remove it.
Increasing the timeout is not a complete solution.
The temporary scan failure condition must be handled correctly, then we can discuss if 8s has to be increased.
I often see imap bandwithd around 200kB, I do not know why but imap is not so often fast.
For a text email I think it is enough, but for an email with an attachment it is of course longer
If I shoot in the night
10MB / 0,2MB/s = 50 seconds
Clearly the task_timeout is down
@rowihei does the email gets an attachment !