error message cannot resolve maps.rspamd.com: query refused

[hqn34]

I installed spamassassin first. Then I installed rspamd. I get error message cannot resolve maps.rspamd.com: query refused in the web interface

 

[zEitEr]

Hello,

Where exactly in a web-interface you get the error? A screenshot would be nice.

 

[petersconsult]

i'm having the same issue..
i've tried opening the following outgoing ports, to no avail:
11335,10053,53,11332,11333,11334

i still get the same message (both in the rspamd log, and in the web controller):

cannot resolve maps.rspamd.com: query refused

 

[MisterM]

Firewal active ?

nslookup maps.rspamd.com

Add IP

Name: maps.rspamd.com
Address: 151.115.41.123
Name: maps.rspamd.com
Address: 88.198.198.21

Check this too:

ping maps.rspamd.com ---- Works fine
dig maps.rspamd.com ---- Works fine

 

[petersconsult]

Thank you for the help!
Those all work fine here too..

here's a sample from my error log (from the web interface)

11/29/2022, 2:28:02 PM    controller    898787    map    7n3qic    cannot resolve maps.rspamd.com: query refused
11/29/2022, 2:25:32 PM    controller    898787    map    dyatkr    cannot resolve maps.rspamd.com: query refused
11/29/2022, 2:25:03 PM    normal    898790    lua    1d7e68    error querying dns \"214.134.251.185.asn.rspamd.com\" on 127.0.0.1: query refused
11/29/2022, 1:42:28 PM    normal    898790    lua    2c2398    error looking up 204.67.148.104.in-addr.arpa: query refused
11/29/2022, 1:42:28 PM    normal    898790    lua    2c2398    error querying dns \"204.67.148.104.asn.rspamd.com\" on 127.0.0.1: query refused
11/29/2022, 1:33:09 PM    normal    898790    lua    254fa1    error querying dns \"106.126.40.78.asn.rspamd.com\" on 127.0.0.1: query refused
11/29/2022, 1:00:42 PM    normal    898790    lua    bcdd99    error looking up 58.69.162.69.in-addr.arpa: query refused
11/29/2022, 1:00:42 PM    normal    898790    lua    bcdd99    error querying dns \"58.69.162.69.asn.rspamd.com\" on 127.0.0.1: query refused
11/29/2022, 12:45:58 PM    normal    898789    lua    06499f    error looking up 209.120.109.193.in-addr.arpa: query refused
11/29/2022, 12:45:58 PM    normal    898789    lua    06499f    error querying dns \"209.120.109.193.asn.rspamd.com\" on 127.0.0.1: query refused

EDIT:
in /etc/named.conf, i see the following settings:
listen-on port 53 { any; };
listen-on-v6 port 53 { any; };
allow-query { any; };

in /etc/resolv.conf, i have the 2 following entries:
nameserver 127.0.0.1
nameserver 8.8.8.8

i just added this between the 2:
nameserver 1.0.0.1

 

[MisterM]

And when you add the 2 IPs I name it doesn't work either

Name: maps.rspamd.com
Address: 151.115.41.123
Name: maps.rspamd.com
Address: 88.198.198.21

Mz

 

[petersconsult]

i'm sorry, i'm not sure where i should add them..

i tried adding a line to /etc/hosts for maps.rspamd.com

but, clearly, there is a communication problem between rspamd and whatever dns service it's trying to use, because, as you see above, all of its queries keep failing..

 

[MisterM]

Are you sure you are using DA?
If so go to the admin area, extra feature, ConfigServer Security & Firewall, csf tab - Quick Actions - add in the field - Allow IP address , the address I put :

Name: maps.rspamd.com
Address: 151.115.41.123
Name: maps.rspamd.com
Address: 88.198.198.21

by clicking on Quick Allow to add the 2 IP

 

[petersconsult]

oh, ok, i thought you were talking about adding them to the named process, somehow..

So, the canonical address is just in the comment, right?

ok, i just added the addresses to CSF allow, restarted the rspamd process, no joy..

11/29/2022, 5:01:21 PM controller 954942 map qamb1r cannot resolve maps.rspamd.com: query refused
11/29/2022, 5:01:20 PM controller 954942 map k8f914 cannot resolve maps.rspamd.com: query refused
11/29/2022, 5:01:20 PM controller 954942 map 7n3qic cannot resolve maps.rspamd.com: query refused
11/29/2022, 5:01:20 PM controller 954942 map dyatkr cannot resolve maps.rspamd.com: query refused
11/29/2022, 5:01:20 PM controller 954942 map fdp86m cannot resolve maps.rspamd.com: query refused
11/29/2022, 5:01:19 PM controller 954942 map yhcyzt cannot resolve maps.rspamd.com: query refused
11/29/2022, 5:01:19 PM controller 954942 map 1u5hdp cannot resolve maps.rspamd.com: query refused
11/29/2022, 5:01:19 PM controller 954942 map qbq3yk cannot resolve maps.rspamd.com: query refused
11/29/2022, 5:01:19 PM controller 954942 map o33omj cannot resolve maps.rspamd.com: query refused

 

[MisterM]

IPV6 Active ?

 

[petersconsult]

i got it!!

i just added this line to the file /etc/rspamd/options.inc
nameserver = ["1.0.0.1:10", "8.8.8.8:53:1"];

under:

dns {
    timeout = 1s;
    sockets = 16;
    retransmits = 5;
    nameserver = ["1.0.0.1:10", "8.8.8.8:53:1"];
}

 

[petersconsult]

i guess rspamd doesn't like it that i'm using 127.0.0.1 in my resolve.conf..

EDIT: i thought that was supposed to be a good thing..

EDIT: just changed that line to: nameserver = ["1.0.0.1:5", "8.8.8.8:53:5"];

 

[MisterM]

the ISP router was blocking dns queries.
Is that a question?

 

[MisterM]

dns { timeout = 1s; sockets = 16; retransmits = 5; nameserver = ["127.0.0.1:53:1"]; }

Is this the configuration, have you tested it?

 

[petersconsult]

Is this the configuration, have you tested it?

oh snap!!

Thank You!
You know, i could've sworn i tested it before.. maybe i forgot to add the port number..

I'm gonna settle on this, and be done with it:
nameserver = ["127.0.0.1:53:8", "1.0.0.1:53:1", "8.8.8.8:53:1"];

Thank You again for all your help!!!
i really, really, really appreciate it!!

if you have any suggestions on optimal scoring setup, or any other optimisations, for rspamd, i'm all ears!
Thank you again so much!

PS: just to be 100% clear, there was no nameserver variable in the original config; that's one of the first things i tested, but, obviously, i did something wrong that first time around..

 

[MisterM]

oh snap!!

Thank You!
You know, i could've sworn i tested it before.. maybe i forgot to add the port number..

I'm gonna settle on this, and be done with it:
nameserver = ["127.0.0.1:53:8", "1.0.0.1:53:1", "8.8.8.8:53:1"];

Thank You again for all your help!!!
i really, really, really appreciate it!!

if you have any suggestions on optimal scoring setup, or any other optimisations, for rspamd, i'm all ears!
Thank you again so much!

PS: just to be 100% clear, there was no nameserver variable in the original config; that's one of the first things i tested, but, obviously, i did something wrong that first time around..

Thanks to you especially

 

[petersconsult]

Darn it!
i started getting errors again on 127.0.0.1!

took it out from /etc/rspamd/options.inc

so now it's just:
nameserver = ["1.0.0.1:53:5", "8.8.8.8:53:5"];

i hope my server doesn't get blocked from these nameservers..

 

[zEitEr]

If you want to use 127.0.0.1:53 you should first configure your named to serve as a caching or forwarding DNS. These roles are disabled by default.

 

[MisterM]

@zEitEr, I have another error, probably nothing to do with the topic, but with Redis in the rpamd logs:

2022-++-++ 08:++:++ #2769176(rspamd_proxy) <e81mhc>; lua; lua_redis.lua:1200: cannot upload script to 127.0.0.1:6379: Connection refused; registered from: /usr/share/rspamd/lualib/plugins/neural.lua:201

 

[zEitEr]

@zEitEr, I have another error, probably nothing to do with the topic, but with Redis in the rpamd logs:

And is Redis for Rspamd running?