Rspamd not assigning a score

[cymug]

I followed this guide for installing Rspamd and can reach the UI, which shows no emails going through Rspamd. Received emails have a header that says

X-Spam-Status: No, spam_score was empty, meaning rspamd failed to scan the message

I tried reinstalling rspamd, but that didn't help. Does anyone have any ideas on how to fix this?

 

[toml]

What do your log files say? If an email wasn't scanned it should tell you why in the log file.

 

[cymug]

Which log file should I check?

Exim log file for the last received email says this:

2023-08-03 15:49:09 [ip removed] whitelisted in list.dnswl.org
2023-08-03 15:49:10 1qReJp-000Dj0-33 spam acl condition: spamd: failed to connect to any address for 127.0.0.1: Connection refused
2023-08-03 15:49:10 1qReJp-000Dj0-33 spam acl condition: all spamd servers failed
2023-08-03 15:49:10 1qReJp-000Dj0-33 H=[domain removed] [ip removed] Warning: ACL "warn" statement skipped: condition test deferred
2023-08-03 15:49:10 1qReJp-000Dj0-33 <= [address removed] H=[domain removed] [ip removed] P=esmtps X=TLS1.2:ECDHE-ECDSA-AES128-GCM-SHA256:128 CV=no S=81633 DKIM=[domain removed] id=[id removed] T="Subject Removed" from <address removed> for [address removed]
2023-08-03 15:49:10 cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 1qReJp-000Dj0-33
2023-08-03 15:49:10 1qReJp-000Dj0-33 => [addess removed] F=<address removed> R=localuser T=local_delivery S=81817
2023-08-03 15:49:10 1qReJp-000Dj0-33 Completed

The lines that say

2023-08-03 15:49:10 1qReJp-000Dj0-33 spam acl condition: spamd: failed to connect to any address for 127.0.0.1: Connection refused
2023-08-03 15:49:10 1qReJp-000Dj0-33 spam acl condition: all spamd servers failed

seem like they are the problem, but not sure how to debug this

 

[toml]

The two log files to look at would be:
/var/log/exim/mainlog and
/var/log/maillog

But your log files shows the issue, rspamd is either not running or your configurations between exim ( /etc/exim.spamd.load.conf) and your rspamd (/etc/rspamd/rspamd.conf) do not match.

Below are the locations I have that tell exim and rspamd how to communicate
/etc/exim/rspamd/variables.conf:spamd_address = 127.0.0.1 11333 variant=rspamd
/etc/rspamd/rspamd.conf: bind_socket = "localhost:11333";
/etc/rspamd/local.d/worker-normal.inc:bind_socket = "localhost:11333";
/etc/exim.spamd.load.conf:spamd_address = 127.0.0.1 11333 retry=20s variant=rspamd

 

[cymug]

For some reason the file /etc/exim.spamd.load.conf didn't exist, tried creating it and adding the line spamd_address = 127.0.0.1 11333 retry=20s variant=rspamd but that didn't seem to change anything

 

[toml]

That file was a backup I made before making a change. So it isn’t necessary. Did you ensure rspamd was running and listening on the specified port.

[root]# ps -eaf|grep rspamd
_rspamd    47603       1  0 Jul19 ?        00:27:25 /usr/local/bin/redis-server unixsocket:/var/lib/rspamd/.redis/redis.sock
_rspamd    47679       1  0 Jul19 ?        00:00:18 rspamd: main process; 0.3 msg/sec, 0.0 msg/sec spam, 0.3 msg/sec ham; 0.99s avg processing time
_rspamd    49146   47679  0 Jul19 ?        00:00:07 rspamd: rspamd_proxy process (/var/run/rspamd/rspamd_proxy.sock mode=0600 owner=_rspamd)
_rspamd    49147   47679  0 Jul19 ?        00:02:42 rspamd: controller process (/var/run/rspamd/rspamd_controller.sock mode=0600 owner=_rspamd)
_rspamd    49148   47679  0 Jul19 ?        00:47:57 rspamd: normal process (localhost:11333)
_rspamd    49149   47679  0 Jul19 ?        00:00:06 rspamd: hs_helper process
root     3264857 3264716  0 16:28 pts/0    00:00:00 grep --color=auto rspamd
[root]# netstat -an|grep 11333
tcp        0      0 127.0.0.1:11333         0.0.0.0:*               LISTEN     
tcp        0      0 127.0.0.1:11333         127.0.0.1:37780         TIME_WAIT 
tcp6       0      0 ::1:11333               :::*                    LISTEN

 

[cymug]

Seems to be running and listening correctly

# ps -eaf|grep rspamd
_rspamd 1296 1 0 Aug02 ? 00:03:01 /usr/local/bin/redis-server unixsocket:/var/lib/rspamd/.redis/redis.sock
_rspamd 365602 1 0 19:20 ? 00:00:00 rspamd: main process
_rspamd 365603 365602 0 19:20 ? 00:00:00 rspamd: rspamd_proxy process (/var/run/rspamd/rspamd_proxy.sock mode=0600 owner=_rspamd)
_rspamd 365604 365602 0 19:20 ? 00:00:03 rspamd: controller process (/var/run/rspamd/rspamd_controller.sock mode=0600 owner=_rspamd)
_rspamd 365605 365602 0 19:20 ? 00:00:00 rspamd: normal process (localhost:11333)
_rspamd 365606 365602 0 19:20 ? 00:00:00 rspamd: hs_helper process
root 366163 365458 0 19:33 pts/0 00:00:00 grep rspamd

# ss -an|grep 11333
tcp LISTEN 0 4096 127.0.1.1:11333 0.0.0.0:*
tcp LISTEN 0 4096 [::1]:11333 [::]:*

 

[toml]

What does your /etc/exim/rspamd/variables.conf file look like?
Or better yet, what do you see when you run this command:
exim -bP|grep spam

 

[cymug]

/etc/exim/rspamd/variables.conf

spamd_address = 127.0.0.1 11333 variant=rspamd

.include_if_exists /etc/exim/rspamd/variables.conf.custom

/etc/exim/rspamd/variables.conf.custom doesn't exist since I haven't tried changing anything there yet

# exim -bP|grep spam
spamd_address = 127.0.0.1 11333 variant=rspamd

 

[toml]

maybe a firewall rule is blocking the connection to that port (11333)

 

[cymug]

Tried disabling firewall which didn't help

Also I noticed that there are some spam-related headers being added to the email correctly, not sure if they are being added by rspamd or easy_spam_fighter

Forward-Confirmed-ReverseDNS: Reverse and forward lookup success on 209.85.160.171, -10 Spam score
SPFCheck: Server passes SPF test, -30 Spam score
X-DKIM: signer='gmail.com' status='pass' reason=''
DKIMCheck: Server passes DKIM test, -20 Spam score
X-Spam-Status: No, spam_score was empty, meaning rspamd failed to scan the message
SpamTally: Final spam score: -60

 

[Active8]

Ok , open door: did you enable spamassassin for that user ?

 

[cymug]

Yes every user has spamassassin enabled. Directadmin only lets me have either rap and or spamassassin installed at any given moment, so my understanding is that the spamassassin page also applies to enabling rspamd.

 

[cymug]

Is there any way that I can test how easy spam fighter and rspamd interact besides sending emails?

 

[zomebodi]

i have the same issue...