Problem with rspamd

[JohnyByk]

Hi.
My rspamd don't scan message. Nothing apperas in mail headers. Nothing apperas in mail headers about spam scanning.

Ma rspamd.log:

2022-09-02 13:23:33 #68158(controller) <imhkkk>; monitored; rspamd_monitored_dns_cb: DNS query blocked on multi.uribl.com (127.0.0.1 returned), possibly due to high volume
2022-09-02 13:23:42 #68158(controller) <e511c1>; csession; rspamd_controller_check_password: allow unauthorized connection from a unix socket
2022-09-02 13:23:42 #70758(controller) <74a980>; csession; rspamd_controller_check_password: allow unauthorized connection from a unix socket
2022-09-02 13:23:43 #68158(controller) <1ccygw>; monitored; rspamd_monitored_dns_cb: DNS reply returned 'no error' for dwl.dnswl.org while 'no records with this name' was expected when querying for 'r0NlmfwwBtG5JnCnT94lld2nFach2.dwl.dnswl.org'(likely DNS spoofing or BL internal issues)
2022-09-02 13:23:43 #68158(controller) <1ccygw>; monitored; rspamd_monitored_propagate_error: invalid return on resolving dwl.dnswl.org, disable object
2022-09-02 13:23:43 #68158(controller) <9ecge4>; cfg; rspamd_worker_monitored_on_change: broadcast monitored update for 1ccygwo8byjjy64p53ed6j3sxizfgnr: dead
2022-09-02 13:23:44 #68158(controller) <imhkkk>; monitored; rspamd_monitored_dns_cb: DNS query blocked on multi.uribl.com (127.0.0.1 returned), possibly due to high volume
2022-09-02 13:23:44 #68158(controller) <imhkkk>; monitored; rspamd_monitored_propagate_error: invalid return on resolving multi.uribl.com, disable object
2022-09-02 13:23:44 #68158(controller) <9ecge4>; cfg; rspamd_worker_monitored_on_change: broadcast monitored update for imhkkkzu76dtxr3ajyrpn947zwx9kfa: dead
2022-09-02 13:23:57 #70758(controller) <imhkkk>; monitored; rspamd_monitored_dns_cb: DNS query blocked on multi.uribl.com (127.0.0.1 returned), possibly due to high volume
2022-09-02 13:24:25 #70758(controller) <imhkkk>; monitored; rspamd_monitored_dns_cb: DNS query blocked on multi.uribl.com (127.0.0.1 returned), possibly due to high volume
2022-09-02 13:24:31 #70758(controller) <1ccygw>; monitored; rspamd_monitored_dns_cb: DNS reply returned 'no error' for dwl.dnswl.org while 'no records with this name' was expected when querying for 'FPO2PHhA4SvcYnc.dwl.dnswl.org'(likely DNS spoofing or BL internal issues)

I'm using newest versiosn of CB, redis (installed from CB) and rspamd.
How diagnose what causes the problem?

 

[Richard G]

Seems this is causing the issue:

DNS query blocked on multi.uribl.com (127.0.0.1 returned), possibly due to high volume

It's 127.0.0.1 which is running into limits. Are you using 8.8.8.8 by any chance in the /etc/resolv.conf file?

It's better to use your datacenters dns in there. With Google servers you will run into these kind of limits.
Try using cloudflare and opendns like this in the /etc/resolv.conf file:
nameserver 1.1.1.1 nameserver 208.67. 222.222
restart the named service after the change just to be sure and see if that fixes your issue.

 

[mxroute]

Make sure you have ESF on. These may be a little dated but these are the steps I used to deploy rspamd:

cd /usr/local/directadmin/custombuild
./build update
./build set eximconf yes
./build set eximconf_release 4.5
./build set blockcracking no
./build set easy_spam_fighter yes
./build set spamd rspamd
./build set exim yes
./build exim
./build rspamd
./build exim_conf

 

[JohnyByk]

Make sure you have ESF on. These may be a little dated but these are the steps I used to deploy rspamd:

That's it. After install ESF all works OK.
I have one more problem. I can't use spamc from shell. I see:

root@naruto:/etc# rspamc -h 127.0.0.1:11334 stat
Results for command: stat (0.000 seconds)
IO write error: connection refused

I can learn rspamd from Web interface but not from shell. Any idea what can causes the problem?

Thanks