[Rspamd-Users] dns and redis, two issues

[David Mehler]

Hello,

I'm having some issues with a new rspamd 1.9.x setup. It's connecting
to postfix, both are in a freebsd jail. I'm getting two errors the
first wondering if it's a temp on google's part or something up with
my setup, the second a definite rspamd/redis communication issue i'd
appreciate some help on.

The below are rspamd-added headers of a message that was tagged as
spam and shouldn't have been. In my resolv.conf I've got a nameserver
of 1.1.1.1 and can successfully resolve names such as google.com etc
Any ideas?

X-Spamd-Bar: ++
X-Spam-Level: **
X-Rspamd-Server: mail
Authentication-Results: mail.example.com;
	dkim=temperror (DNS error when getting key) header.d=gmail.com
header.s=20161025 header.b=C7E0E03h;
	dmarc=temperror reason="query timed out" header.from=gmail.com
(policy=temperror);
	spf=temperror (mail.example.com: error in processing during lookup of
example at gmail.com: DNS error) smtp.mailfrom=example at gmail.com
X-Rspamd-Queue-Id: 1AD5B12A4F1
X-Spamd-Result: default: False [2.70 / 150.00];
	 ARC_NA(0.00)[];
	 HFILTER_FROMHOST_NORES_A_OR_MX(1.50)[gmail.com];
	 R_SPF_DNSFAIL(0.00)[];
	 FROM_HAS_DN(0.00)[];
	 FREEMAIL_FROM(0.00)[gmail.com];
	 TO_MATCH_ENVRCPT_ALL(0.00)[];
	 MIME_GOOD(-0.10)[text/plain];
	 PREVIOUSLY_DELIVERED(0.00)[user at example.com];
	 HFILTER_HELO_IP_A(1.00)[mail-wr1-f50.google.com];
	 RCPT_COUNT_ONE(0.00)[1];
	 MAILSPIKE_FAIL(0.00)[50.221.85.209.rep.mailspike.net:query timed out];
	 MIME_TRACE(0.00)[0:+];
	 TO_DN_ALL(0.00)[];
	 DKIM_TRACE(0.00)[gmail.com:?];
	 DMARC_DNSFAIL(0.00)[gmail.com : query timed out];
	 HFILTER_HELO_NORES_A_OR_MX(0.30)[mail-wr1-f50.google.com];
	 RBL_BLOCKLISTDE_FAIL(0.00)[50.221.85.209.bl.blocklist.de:query timed out];
	 R_DKIM_TEMPFAIL(0.00)[gmail.com:s=20161025];
	 FROM_EQ_ENVFROM(0.00)[];
	 FREEMAIL_ENVFROM(0.00)[gmail.com];
	 RCVD_COUNT_TWO(0.00)[2];
	 TAGGED_FROM(0.00)[];
	 RCVD_TLS_ALL(0.00)[];
	 RCVD_IN_DNSWL_FAIL(0.00)[50.221.85.209.list.dnswl.org:query timed out]

And my redis issue, this is recurring:

2019-07-14 00:00:46 #39341(rspamd_proxy)
rspamd_redis_pool_new_connection: cannot connect to redis: Permission
denied
2019-07-14 00:00:46 #39341(rspamd_proxy)
rspamd_lua_redis_prepare_connection: cannot connect to redis: unknown
error
2019-07-14 00:00:46 #39341(rspamd_proxy) lua; lua_redis.lua:1019:
cannot execute redis request

I'm using unix domain sockets, in my redis.conf I have:

#cat /usr/local/etc/redis.conf
protected-mode yes
port 0
tcp-backlog 511
 unixsocket /var/run/redis/redis_rspamd.sock
 unixsocketperm 700
timeout 0
tcp-keepalive 300
daemonize yes
supervised no
pidfile /var/run/redis/redis.pid
loglevel notice
logfile /var/log/redis/redis.log
databases 16
always-show-logo no
save 900 1
save 300 10
save 60 10000
stop-writes-on-bgsave-error yes
rdbcompression yes
rdbchecksum yes
dbfilename dump.rdb
dir /var/db/redis/
slave-serve-stale-data yes
slave-read-only yes
repl-diskless-sync no
repl-diskless-sync-delay 5
repl-disable-tcp-nodelay no
slave-priority 100
maxmemory 128mb
maxmemory-policy volatile-lru
lazyfree-lazy-eviction no
lazyfree-lazy-expire no
lazyfree-lazy-server-del no
slave-lazy-flush no
appendonly no
appendfilename "appendonly.aof"
appendfsync everysec
no-appendfsync-on-rewrite no
auto-aof-rewrite-percentage 100
auto-aof-rewrite-min-size 64mb
aof-load-truncated yes
aof-use-rdb-preamble no
lua-time-limit 5000
slowlog-log-slower-than 10000
slowlog-max-len 128
latency-monitor-threshold 0
notify-keyspace-events ""
hash-max-ziplist-entries 512
hash-max-ziplist-value 64
list-max-ziplist-size -2
list-compress-depth 0
set-max-intset-entries 512
zset-max-ziplist-entries 128
zset-max-ziplist-value 64
hll-sparse-max-bytes 3000
activerehashing yes
client-output-buffer-limit normal 0 0 0
client-output-buffer-limit slave 256mb 64mb 60
client-output-buffer-limit pubsub 32mb 8mb 60
hz 10
aof-rewrite-incremental-fsync yes

and in local.d/redis.conf:

servers = "/var/run/redis/redis_rspamd.sock";

Suggestions welcome.

Thanks.
Dave.