Rspamd: A replacement for Spamassassin & Postscreen

Discuss your pilot or production implementation with other Zimbra admins or our engineers.
User avatar
zimico
Advanced member
Advanced member
Posts: 108
Joined: Mon Nov 14, 2016 8:03 am
Location: Vietnam
ZCS/ZD Version: 8.8.12
Contact:

Re: Rspamd: A replacement for Spamassassin & Postscreen

Postby zimico » Sat Jun 15, 2019 9:57 am

Hi phoenix,
I have just started installing rspamd on my small lab zimbra server following the wiki and have some issues that need your help.
My zimbra version is 8.8.12 P3 on Centos 7. I enabled cbpoliyd. I also use dnsmasq.
In /var/log/zimbra.log I see a lot of:

Code: Select all

Jun 15 16:09:51 mail postfix/smtps/smtpd[28261]: warning: invalid transport name: smtpd_milters=inet in Milter service: smtpd_milters=inet:localhost:11332

and

Code: Select all

Jun 15 04:06:00 mail postfix/dkimmilter/smtpd[5656]: timeout after END-OF-MESSAGE from localhost[127.0.0.1]

and in /var/log/rspamd/rspamd.log:

Code: Select all

2019-06-15 16:28:01 #18891(controller) <3nxzfe>; monitored; rspamd_monitored_dns_cb: DNS query blocked on multi.uribl.com (127.0.0.1 returned), possibly due to high volume

It seems that my rspamd configuration is not good. Here is the output of:

Code: Select all

[zimbra@mail ~]$ zmprov gs $(zmhostname) | grep -i milter
zimbraMilterBindPort: 7026
zimbraMilterMaxConnections: 20000
zimbraMilterNumThreads: 100
zimbraMilterServerEnabled: TRUE
zimbraMtaMilterCommandTimeout: 30s
zimbraMtaMilterConnectTimeout: 30s
zimbraMtaMilterContentTimeout: 300s
zimbraMtaMilterDefaultAction: accept
zimbraMtaSmtpdMilters: smtpd_milters=inet:localhost:11332
[zimbra@mail ~]$ postconf | grep smtpd_milters
non_smtpd_milters =
smtpd_milters = smtpd_milters=inet:localhost:11332, inet:127.0.0.1:7026
[zimbra@mail ~]$ zmprov gs $(hostname) zimbraMtaSmtpdMilters
# name mail.zimilab.com
zimbraMtaSmtpdMilters: smtpd_milters=inet:localhost:11332


Best regards,
Minh.


phoenix
Ambassador
Ambassador
Posts: 26208
Joined: Fri Sep 12, 2014 9:56 pm
Location: Liverpool, England

Re: Rspamd: A replacement for Spamassassin & Postscreen

Postby phoenix » Sat Jun 15, 2019 7:36 pm

As far as I can see there's nothing wrong with your configuration and I also see the "invalid transport name:" and have done for years, it doesn't appear to have any effect on rspamd. Does mail currently go through rspamd, do you see it rejecting mail etc.? If you set-up the rspamd web ui you can easily check there for mail that goes through your server.

As for the "multi.uribl.com" it could just be that it's because of the mentioned 'high volume' and that should disappear after a while. Are you using the inbuilt dnsmasq in ZCS? I use PDNS-Resolver for my caching nameserver and I don't know what the lifetime is for the cache dnsmasq, perhaps you could check that and increase it if necessary.

I do all my DKIM signing in rspamd so I don't currently use the dkimmilter, was that working before you installed rspamd? I did run the dkimmilter when I first stared with rspamd and signing worked fine for the overlap period while I configured rspamd to do the signing and once it worked I disabled the ZCS dkimmilter. Whatever services overlap between rspamd and ZCS I use the rspamd ones and disable the ZCS equivalent.
Regards

Bill

Rspamd: A high performance spamassassin replacement

If you'd like to see this implemented in a future version of ZCS then please vote on Bugzilla entries 97706 & 108168
User avatar
zimico
Advanced member
Advanced member
Posts: 108
Joined: Mon Nov 14, 2016 8:03 am
Location: Vietnam
ZCS/ZD Version: 8.8.12
Contact:

Re: Rspamd: A replacement for Spamassassin & Postscreen

Postby zimico » Sun Jun 16, 2019 3:43 pm

Dear phoenix,
This is a small lab server so I am managing to receiving more spam mail to check :). Currently mail still goes into inbox and I do not see any action log in rspamd.log. In zimbra.log I only see amavis activity.
I disabled zimbra's unbound dnscache and use dnsmasq. The strange thing is if I use dig, I see the response time is 0ms

Code: Select all

[root@mail ~]# dig yahoo.com | grep Query
;; Query time: 45 msec
[root@mail ~]# dig yahoo.com | grep Query
;; Query time: 0 msec

However when using host, I see it take some time to response:

Code: Select all

[root@mail ~]# host -a yahoo.com | grep ms
Received 789 bytes from 127.0.0.1#53 in 81 ms
[root@mail ~]# host -a yahoo.com | grep ms
Received 789 bytes from 127.0.0.1#53 in 91 ms

So I am not very sure about my dnsmasq cache...
Currently I set cache size in dnsmasq:

Code: Select all

# Increase the number of host lookups cached from the default 150
cache-size=9500

I haven't known about dkimmilter. Currently I do not enable dkim signing.
Here is what I see in the rspamd.log now:

Code: Select all

2019-06-16 22:24:40 #10025(controller) <3nxzfe>; monitored; rspamd_monitored_propagate_error: invalid return on resolving multi.uribl.com, disable object
2019-06-16 22:24:40 #10025(controller) <zqd379>; cfg; rspamd_worker_monitored_on_change: broadcast monitored update for 3nxzfegumbi67tq1kjtuupxnd493zxt: dead
2019-06-16 22:24:40 #10024(rspamd_proxy) <zqd379>; cfg; rspamd_worker_monitored_handler: updated monitored status for 3nxzfegumbi67tq1kjtuupxnd493zxt: dead
2019-06-16 22:24:40 #10028(normal) <zqd379>; cfg; rspamd_worker_monitored_handler: updated monitored status for 3nxzfegumbi67tq1kjtuupxnd493zxt: dead
2019-06-16 22:24:40 #10026(normal) <zqd379>; cfg; rspamd_worker_monitored_handler: updated monitored status for 3nxzfegumbi67tq1kjtuupxnd493zxt: dead
2019-06-16 22:25:55 #10025(controller) <3nxzfe>; monitored; rspamd_monitored_dns_cb: DNS query blocked on multi.uribl.com (127.0.0.1 returned), possibly due to high volume
2019-06-16 22:28:44 #10025(controller) <9zc4wc>; map; http_map_finish: data is not modified for server maps.rspamd.com, next check at Sun, 16 Jun 2019 19:28:43 GMT


Regards,
Minh.
User avatar
zimico
Advanced member
Advanced member
Posts: 108
Joined: Mon Nov 14, 2016 8:03 am
Location: Vietnam
ZCS/ZD Version: 8.8.12
Contact:

Re: Rspamd: A replacement for Spamassassin & Postscreen

Postby zimico » Wed Jun 26, 2019 9:06 am

Dear all,
I use testing point of uribl:

Code: Select all

[root@mail ~]# host -tTXT 2.0.0.127.multi.uribl.com
2.0.0.127.multi.uribl.com descriptive text "127.0.0.1 -> Query Refused. See ttp://uribl.com/refused.shtml for more information [Your DNS IP: 74.....]"

So I decide to change from google DNS 8.8.8.8 to Cloudflare DNS 1.1.1.1 and reboot the server and give it a try:

Code: Select all

[root@mail ~]# host -tTXT 2.0.0.127.multi.uribl.com
2.0.0.127.multi.uribl.com descriptive text "permanent testpoint"

Review the rspamd.log and every seems to be ok now.
Regards,
Minh.

Return to “Administrators”

Who is online

Users browsing this forum: Google [Bot] and 22 guests