[Rspamd-Users] Rspamd proxy connection issues

Wed Mar 30 14:24:36 UTC 2022

Hi,

we see connection errors from rspamd proxy like this:

---
Mar 30 16:09:55 mail rspamd[1074]: <c6c398>; proxy; proxy_accept_socket: 
accepted milter connection from 192.168.1.20 port 47934
Mar 30 16:09:55 mail rspamd[1074]: <c6c398>; milter; 
rspamd_milter_process_command: got connection from 192.168.1.19:58342
Mar 30 16:09:55 mail rspamd[1074]: <c6c398>; proxy; 
proxy_backend_master_error_handler: abnormally closing connection from 
backend: 127.0.0.1:11333, error: IO write error: Connection refused, 
retries left: 4
Mar 30 16:09:55 mail rspamd[1074]: <c6c398>; proxy; 
proxy_backend_master_error_handler: retry connection to: ::1 retries left: 4
Mar 30 16:09:55 mail rspamd[1074]: <c6c398>; proxy; 
proxy_backend_master_error_handler: abnormally closing connection from 
backend: [::1]:11333, error: IO write error: Connection refused, retries 
left: 3
Mar 30 16:09:55 mail rspamd[1074]: <c6c398>; proxy; 
proxy_backend_master_error_handler: retry connection to: 127.0.0.1 
retries left: 3
Mar 30 16:09:55 mail rspamd[1074]: <c6c398>; proxy; 
proxy_backend_master_error_handler: abnormally closing connection from 
backend: 127.0.0.1:11333, error: IO write error: Connection refused, 
retries left: 2
Mar 30 16:09:55 mail rspamd[1074]: <c6c398>; proxy; 
proxy_backend_master_error_handler: retry connection to: ::1 retries left: 2
Mar 30 16:09:55 mail rspamd[1074]: <c6c398>; proxy; 
proxy_backend_master_error_handler: abnormally closing connection from 
backend: [::1]:11333, error: IO write error: Connection refused, retries 
left: 1
Mar 30 16:09:55 mail rspamd[1074]: <c6c398>; proxy; 
proxy_backend_master_error_handler: retry connection to: 127.0.0.1 
retries left: 1
Mar 30 16:09:55 mail rspamd[1074]: <c6c398>; proxy; 
proxy_backend_master_error_handler: abnormally closing connection from 
backend: 127.0.0.1:11333, error: IO write error: Connection refused, 
retries left: 0
Mar 30 16:09:55 mail rspamd[1074]: <c6c398>; proxy; 
proxy_backend_master_error_handler: cannot connect to upstream, maximum 
retries has been reached: 5
Mar 30 16:09:55 mail postfix/cleanup[5877]: warning: milter 
inet:192.168.1.20:11332: can't read SMFIC_BODYEOB reply packet header: 
Success
---

In some cases this is working, sometimes not. For example, if we restart 
an in- or outbound MTA it is not working anymore. We are currently lost 
why this problem occurs randomly.

On our Inbound and Outbound MTA we are running rspamd in worker proxy 
only mode. These rspamd in proxy only mode proxies to 2 dedicated rspamd 
servers with scan workers. Between all these servers there is no 
firewall in between.

Example config from MTA with rspamd in proxy only mode:
---
worker {
     normal {
         enabled = false;
     }
}
worker {
     controller {
         enabled = false;
     }
}
worker {
     rspamd_proxy {
         bind_socket = "localhost:11332";
         reject_message = "Spam message rejected";
         milter = true;
         spam_header = "X-Spam";
         quarantine_on_reject = false;
         max_retries = 5;
         discard_on_reject = false;
         upstream {
             scan {
                 compression = true;
                 key = "...";
                 default = true;
                 hosts = "round-robin:rspamd1:11333:10,rspamd2:11333:10";
             }
             local {
                 disabled = true;
                 default = true;
                 hosts = "localhost";
             }
         }
         count = 4;
         timeout = 120;
     }
}
---

This worker in postfix integrated via "smtpd_milters = inet:localhost:11332"

Config on dedicated rspamd server with scan workers:
---
worker {
     normal {
         enabled = true;
         count = 8;
         keypair {
             pubkey = "...";
             privkey = "...";
         }
         bind_socket = "*:11333";
         mime = true;
     }
}
worker {
     controller {
         keypair {
             pubkey = "...";
             privkey = "...";
         }
         enable_password = "...";
         secure_ip = "127.0.0.1";
         secure_ip = "::1";
         count = 1;
         static_dir = "/usr/share/rspamd/www";
         bind_socket = "localhost:11334";
         password = "...";
     }
}
worker {
     rspamd_proxy {
         ...
         enabled = false;
         ...
     }
}
---

Does someone a hint for us whats going wrong or where to start debugging?

Thanks in advance
Tobias
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 2261 bytes
Desc: not available
URL: <https://lists.rspamd.com/pipermail/users/attachments/20220330/07334e1f/attachment.bin>