[Rspamd-Users] Rspamd :: Redis-Sentinel :: Problem 'write against a read only slave'

Wed Nov 3 10:53:34 UTC 2021

   Hey rspammer

   i have serious trouble with my rspam-sentinel setup, i hope some of you
   have an idea how i can get run this project.

   My recent logging settings:

   local.d/logging.inc:
   level = "debug";
   debug_modules = ["stat_redis,history_redis,lua_redis,antivirus"];

   Errors in Log:

   2021-11-03 11:35:23 #7660(rspamd_proxy) <06cd4f>; lua; clamav.lua:132:
   clamav: message or mime_part is clean
   2021-11-03 11:35:23 #7660(rspamd_proxy) <06cd4f>; lua; clamav.lua:132:
   clamav: message or mime_part is clean
   2021-11-03 11:35:23 #7660(rspamd_proxy) <06cd4f>; lua; common.lua:183:
   failed to save virus cache for OK ->
   "rs_clamav_a504154b268032da4233f058d6863288c02802190caff688c11eb0e21325
   ebc44effebb5e48297bc6452346035a995c26fbd256ffe4ba3b8a281690624f86cbb":
   READONLY You can't write against a read only slave.
   2021-11-03 11:35:23 #7660(rspamd_proxy) <06cd4f>; lua; clamav.lua:132:
   clamav: message or mime_part is clean
   2021-11-03 11:35:23 #7660(rspamd_proxy) <06cd4f>; stat_redis;
   rspamd_redis_connected: connected to redis server, tokens learned for
   BAYES_HAM: 0
   2021-11-03 11:35:23 #7660(rspamd_proxy) <06cd4f>; stat_redis;
   rspamd_redis_processed: received tokens for BAYES_HAM: 352 processed, 0
   found
   2021-11-03 11:35:23 #7660(rspamd_proxy) <06cd4f>; stat_redis;
   rspamd_redis_connected: connected to redis server, tokens learned for
   BAYES_SPAM: 11
   2021-11-03 11:35:23 #7660(rspamd_proxy) <06cd4f>; stat_redis;
   rspamd_redis_processed: received tokens for BAYES_SPAM: 352 processed,
   4 found
   2021-11-03 11:35:23 #7660(rspamd_proxy) <06cd4f>; proxy;
   bayes_classify: skip classification as ham class has not enough learns:
   0, 200 required
   2021-11-03 11:35:23 #7660(rspamd_proxy) <06cd4f>; lua;
   greylist.lua:297: Score too low - skip greylisting
   2021-11-03 11:35:23 #7660(rspamd_proxy) <06cd4f>; lua; neural.lua:291:
   RFANN ann score: -0.996
   2021-11-03 11:35:23 #7660(rspamd_proxy) <06cd4f>; lua;
   history_redis.lua:96: got error READONLY You can't write against a read
   only slave. when writing history row: no value

   My local.d/redis.conf config:

   servers =
   "myserver1.com:6379,myserver2.com:6379,myserver3.com:6379,myserver4.com
   :6379";   # --> without this line i have same problems, i have read
   that this line is in sentinel mode nessesary too
   sentinels =
   "myserver1.com:26379,myserver2.com:26379,myserver3.com:26379,myserver4.
   com:26379";
   password = "<mySuperSafePassword>"
   sentinel_watch_time = 1min;
   sentinel_masters_pattern = "";

   local.d/statistics.conf

   classifier "bayes" {
   tokenizer {
   name = "osb";
   }
   cache {
   }
   new_schema = true; # Always use new schema
   store_tokens = false; # Redefine if storing of tokens is desired
   signatures = false; # Store learn signatures
   #per_user = true; # Enable per user classifier
   min_tokens = 11;
   backend = "redis";
   min_learns = 200;

   statfile {
   symbol = "BAYES_HAM";
   spam = false;
   }
   statfile {
   symbol = "BAYES_SPAM";
   spam = true;
   }
   learn_condition = 'return require("lua_bayes_learn").can_learn';

   # Autolearn sample
   # autolearn {
   # spam_threshold = 6.0; # When to learn spam (score >= threshold)
   # ham_threshold = -0.5; # When to learn ham (score <= threshold)
   # check_balance = true; # Check spam and ham balance
   # min_balance = 0.9; # Keep diff for spam/ham learns for at least this
   value
   #}

   }

   The history config is default:

   modules.d/history_redis.conf

   history_redis {
   #servers = 127.0.0.1:6379; # Redis server to store history
   key_prefix = "rs_history"; # Default key name
   nrows = 200; # Default rows limit
   compress = true; # Use zstd compression when storing data in redis
   subject_privacy = false; # subject privacy is off

   .include(try=true,priority=5) "${DBDIR}/dynamic/history_redis.conf"
   .include(try=true,priority=1,duplicate=merge)
   "$LOCAL_CONFDIR/local.d/history_redis.conf"
   .include(try=true,priority=10)
   "$LOCAL_CONFDIR/override.d/history_redis.conf"
   }

   local.d/antivirus.conf
   # multiple scanners could be checked, for each we create a
   configuration block with an arbitrary name
   clamav {
   # If set force this action if any virus is found (default unset: no
   action is forced)
   # action = "reject";
   action = "add header";
   message = '${SCANNER}: virus found: "${VIRUS}"';
   # Scan mime_parts seperately - otherwise the complete mail will be
   transfered to AV Scanner
   #attachments_only = true; # Before 1.8.1
   scan_mime_parts = true; # After 1.8.1
   # Scanning Text is suitable for some av scanner databases (e.g.
   Sanesecurity)
   scan_text_mime = true; # 1.8.1 +
   scan_image_mime = true; # 1.8.1 +
   # If `max_size` is set, messages > n bytes in size are not scanned
   max_size = 20000000;
   # symbol to add (add it to metric if you want non-zero weight)
   symbol = "CLAM_VIRUS";
   # type of scanner: "clamav", "fprot", "sophos" or "savapi"
   type = "clamav";
   # If set true, log message is emitted for clean messages
   log_clean = true;
   # Prefix used for caching in Redis: scanner-specific defaults are used.
   If Redis is enabled and
   # multiple scanners of the same type are present, it is important to
   set prefix to something unique.
   #prefix = "rs_cl_";
   # For "savapi" you must also specify the following variable
   #product_id = 12345;
   # servers to query (if port is unspecified, scanner-specific default is
   used)
   # can be specified multiple times to pool servers
   # can be set to a path to a unix socket
   servers = "127.0.0.1:3310";
   # if `patterns` is specified virus name will be matched against
   provided regexes and the related
   # symbol will be yielded if a match is found. If no match is found,
   default symbol is yielded.
   patterns {
   symbol_name = "pattern";
   JUST_EICAR = '^Eicar-Test-Signature$';
   }
   # In version 1.7.0+ patterns could be extended
   #patterns = {SANE_MAL = 'Sanesecurity\.Malware\.*', CLAM_UNOFFICIAL =
   'UNOFFICIAL$'};
   # `whitelist` points to a map of IP addresses. Mail from these
   addresses is not scanned.
   whitelist = "/etc/rspamd/antivirus.wl";
   }

   My sentinel:

   redis-cli -h myserver1.com -p 26379
    1) "name"
    2) "redis-primary"
    3) "ip"
    4) "<IP FROM myserver4.com>"
    5) "port"
    6) "6379"
    7) "runid"
    8) "d699307aa09342b47e3c2da8d65c3da0daacaf4b"
    9) "flags"
   10) "master"
   11) "link-pending-commands"
   12) "0"
   13) "link-refcount"
   14) "1"
   15) "last-ping-sent"
   16) "0"
   17) "last-ok-ping-reply"
   18) "300"
   19) "last-ping-reply"
   20) "300"
   21) "down-after-milliseconds"
   22) "2000"
   23) "info-refresh"
   24) "9344"
   25) "role-reported"
   26) "master"
   27) "role-reported-time"
   28) "1912423118"
   29) "config-epoch"
   30) "3"
   31) "num-slaves"
   32) "3"
   33) "num-other-sentinels"
   34) "3"
   35) "quorum"
   36) "2"
   37) "failover-timeout"
   38) "5000"
   39) "parallel-syncs"
   40) "1"

   It seems rspam does not try to reach the sentinel to ask for the
   writable master but tries write against one random server of the given
   list? Does anybody have an idea how i can check to which server rspam
   connect and tries to write and how i setup sentinel correctly?