[Rspamd-Users] Lots(?) of MX_INVALID messages
Bernardo Reino
reinob at bbmk.org
Wed Nov 29 19:11:37 UTC 2023
On Wed, 29 Nov 2023, Ralf Hildebrandt via Users wrote:
> I was wondering about the MX_INVALID symbol, so I checked my logs:
>
> # xzegrep -c "rspamd_task_write_log.*MX_INVALID" /var/log/mail.log*
> /var/log/mail.log-20231122.xz:5010 of 154538 (3.2%) total lines containing rspamd_task_write_log
> /var/log/mail.log-20231123.xz:3792 of 127353 (2.1%)
> /var/log/mail.log-20231124.xz:3740 of 112135 (3.3%)
> /var/log/mail.log-20231125.xz:2559 of 56096 (4.5%)
> /var/log/mail.log-20231126.xz:2516 of 67011 (3.7%)
> /var/log/mail.log-20231127.xz:3437 of 132854 (2.5%)
> /var/log/mail.log-20231128: 4365 of 123822 (3.5%)
>
> I'm using a local recursing resolver on localhost (unbound) without
> any forwarders (querying the root NSs directly).
>
> Still, I see quite a lot of MX_INVALID entries in my log, for domains
> with no (at least to me) obvious DNS issues. Are you numbers similar?
>
> I already increased the timeout (a long time ago) om local.d/mx_check.conf
>
> enabled = true;
> timeout = 10.0;
>
> How would I debug this further? Is anybody making similar observations?
I have not enabled the MX_CHECK module, but from what I can see here:
https://rspamd.com/doc/modules/mx_check.html
as well as a cursory look at the associated LUA code, it seems that MX_INVALID
is set when rspamd fails to connect to port 25 of one (randomly chosen) of the
IPs associated with the MX of the connecting server (where the domain is either
from the HELO/EHLO or taken from the From header).
So even if your local unbound is resolving OK, maybe your server is failing to
establish the connection to port 25 of whatever MX has been determined.
I personally find that behaviour slightly "aggressive", so as I said, I didn't
enable those checks.
Hope that helps,
(and hope I'm corrected if I've written something which is not true :)
--
Bernardo
More information about the Users
mailing list