RSPAMD HELP!!!

Discuss your pilot or production implementation with other Zimbra admins or our engineers.
Post Reply
User avatar
rodrigo
Posts: 10
Joined: Mon Jan 01, 2018 2:04 pm

RSPAMD HELP!!!

Post by rodrigo »

Hello

I would like to ask for someone's help.

My RPSAMD is not working properly, I am receiving spam in the mail accounts. In the old mail server, everything worked fine (zimbra 8.6.0) I followed a guide that is in this same forum but I would like to know if any extra thing that should be done for rspamd to work properly. This is causing me a lot of problems, users are complaining about spam emails. Please, I hope someone can help me.

Rspamd logs:

Code: Select all

[root@tritan estadio]# tail -f /var/log/rspamd/rspamd.log
2018-01-23 10:31:06 #25454(rspamd_proxy) <32483d>; proxy; proxy_accept_socket: accepted milter connection from 127.0.0.1 port 36916
2018-01-23 10:31:06 #25454(rspamd_proxy) <32483d>; milter; rspamd_milter_process_command: got connection from 200.54.193.62:37032
2018-01-23 10:31:06 #25454(rspamd_proxy) <32483d>; proxy; rspamd_message_parse: loaded message; id: <602980412.662101.1516717866724.JavaMail.zimbra@tritan.municoquimbo.cl>; queue-id: <B1967100A2C7AC>; size: 597; checksum: <0e2ef92ee59c2b58d56ca116e023da48>
2018-01-23 10:31:06 #25454(rspamd_proxy) <32483d>; proxy; fuzzy_generate_commands: <602980412.662101.1516717866724.JavaMail.zimbra@tritan.municoquimbo.cl>, part is shorter than 1000 bytes: 332 (166 * 2.00 bytes), skip fuzzy check
2018-01-23 10:31:06 #25454(rspamd_proxy) <ed9702>; proxy; proxy_accept_socket: accepted milter connection from 127.0.0.1 port 36918
2018-01-23 10:31:07 #25454(rspamd_proxy) <32483d>; proxy; rspamd_task_write_log: << EOD
2018-01-23 10:31:07 #25454(rspamd_proxy) <32483d>; proxy; rspamd_protocol_http_reply: regexp statistics: 0 pcre regexps scanned, 2 regexps matched, 163 regexps total, 78 regexps cached, 0B bytes scanned using pcre, 1.01k bytes scanned total
2018-01-23 10:31:07 #25454(rspamd_proxy) <c95613>; proxy; proxy_milter_finish_handler: finished milter connection
2018-01-23 10:31:07 #25454(rspamd_proxy) <ed9702>; milter; rspamd_milter_process_command: got connection from 104.37.185.251:36622
2018-01-23 10:31:07 #25454(rspamd_proxy) <ed9702>; proxy; proxy_milter_finish_handler: finished milter connection
2018-01-23 10:31:08 #25454(rspamd_proxy) <d352b6>; proxy; proxy_accept_socket: accepted milter connection from 127.0.0.1 port 36934
2018-01-23 10:31:08 #25454(rspamd_proxy) <d352b6>; milter; rspamd_milter_process_command: got connection from 200.54.193.62:37050
2018-01-23 10:31:08 #25454(rspamd_proxy) <d352b6>; proxy; rspamd_message_parse: loaded message; id: <1458086488.662106.1516717868239.JavaMail.zimbra@tritan.municoquimbo.cl>; queue-id: <3B5D1100BED8E3>; size: 598; checksum: <0e2ef92ee59c2b58d56ca116e023da48>
2018-01-23 10:31:08 #25454(rspamd_proxy) <d352b6>; proxy; fuzzy_generate_commands: <1458086488.662106.1516717868239.JavaMail.zimbra@tritan.municoquimbo.cl>, part is shorter than 1000 bytes: 332 (166 * 2.00 bytes), skip fuzzy check
2018-01-23 10:31:08 #25454(rspamd_proxy) <d352b6>; proxy; rspamd_task_write_log: << EOD
2018-01-23 10:31:08 #25454(rspamd_proxy) <d352b6>; proxy; rspamd_protocol_http_reply: regexp statistics: 0 pcre regexps scanned, 2 regexps matched, 163 regexps total, 78 regexps cached, 0B bytes scanned using pcre, 1.01k bytes scanned total
2018-01-23 10:31:08 #25454(rspamd_proxy) <dcf08e>; proxy; proxy_milter_finish_handler: finished milter connection
2018-01-23 10:31:10 #25454(rspamd_proxy) <82befb>; proxy; proxy_accept_socket: accepted milter connection from 127.0.0.1 port 36950
2018-01-23 10:31:10 #25454(rspamd_proxy) <82befb>; milter; rspamd_milter_process_command: got connection from 200.54.193.62:37066
2018-01-23 10:31:10 #25454(rspamd_proxy) <82befb>; proxy; rspamd_message_parse: loaded message; id: <1206210808.662128.1516717870270.JavaMail.zimbra@tritan.municoquimbo.cl>; queue-id: <42FB3100BED8E3>; size: 598; checksum: <0e2ef92ee59c2b58d56ca116e023da48>
2018-01-23 10:31:10 #25454(rspamd_proxy) <82befb>; proxy; fuzzy_generate_commands: <1206210808.662128.1516717870270.JavaMail.zimbra@tritan.municoquimbo.cl>, part is shorter than 1000 bytes: 332 (166 * 2.00 bytes), skip fuzzy check
2018-01-23 10:31:10 #25454(rspamd_proxy) <738d4f>; proxy; proxy_accept_socket: accepted milter connection from 127.0.0.1 port 36952
2018-01-23 10:31:10 #25454(rspamd_proxy) <82befb>; proxy; rspamd_task_write_log: << EOD
2018-01-23 10:31:10 #25454(rspamd_proxy) <82befb>; proxy; rspamd_protocol_http_reply: regexp statistics: 0 pcre regexps scanned, 2 regexps matched, 163 regexps total, 78 regexps cached, 0B bytes scanned using pcre, 1.01k bytes scanned total
2018-01-23 10:31:10 #25454(rspamd_proxy) <c23b4a>; proxy; proxy_milter_finish_handler: finished milter connection
2018-01-23 10:31:10 #25454(rspamd_proxy) <d54581>; proxy; proxy_accept_socket: accepted milter connection from 127.0.0.1 port 36964
2018-01-23 10:31:11 #25454(rspamd_proxy) <d54581>; milter; rspamd_milter_process_command: got connection from 206.72.193.12:50711
2018-01-23 10:31:11 #25454(rspamd_proxy) <d54581>; proxy; proxy_milter_finish_handler: finished milter connection
2018-01-23 10:31:11 #25454(rspamd_proxy) <bf566b>; proxy; proxy_accept_socket: accepted milter connection from 127.0.0.1 port 36970
2018-01-23 10:31:11 #25454(rspamd_proxy) <bf566b>; milter; rspamd_milter_process_command: got connection from 200.54.193.62:37086
2018-01-23 10:31:12 #25454(rspamd_proxy) <bf566b>; proxy; rspamd_message_parse: loaded message; id: <360613929.662141.1516717871957.JavaMail.zimbra@tritan.municoquimbo.cl>; queue-id: <EAA33100BED8E3>; size: 597; checksum: <0e2ef92ee59c2b58d56ca116e023da48>
2018-01-23 10:31:12 #25454(rspamd_proxy) <bf566b>; proxy; fuzzy_generate_commands: <360613929.662141.1516717871957.JavaMail.zimbra@tritan.municoquimbo.cl>, part is shorter than 1000 bytes: 332 (166 * 2.00 bytes), skip fuzzy check
2018-01-23 10:31:12 #25454(rspamd_proxy) <bf566b>; proxy; rspamd_task_write_log: << EOD
2018-01-23 10:31:12 #25454(rspamd_proxy) <bf566b>; proxy; rspamd_protocol_http_reply: regexp statistics: 0 pcre regexps scanned, 2 regexps matched, 163 regexps total, 78 regexps cached, 0B bytes scanned using pcre, 1.01k bytes scanned total
2018-01-23 10:31:12 #25454(rspamd_proxy) <bbeb56>; proxy; proxy_milter_finish_handler: finished milter connection
2018-01-23 10:31:13 #25454(rspamd_proxy) <3605ca>; proxy; proxy_accept_socket: accepted milter connection from 127.0.0.1 port 36982
2018-01-23 10:31:13 #25454(rspamd_proxy) <3605ca>; milter; rspamd_milter_process_command: got connection from 200.54.193.62:37098
2018-01-23 10:31:13 #25454(rspamd_proxy) <3605ca>; proxy; rspamd_message_parse: loaded message; id: <573825847.662174.1516717873737.JavaMail.zimbra@tritan.municoquimbo.cl>; queue-id: <B4FE6100BED8E3>; size: 597; checksum: <0e2ef92ee59c2b58d56ca116e023da48>
2018-01-23 10:31:13 #25454(rspamd_proxy) <3605ca>; proxy; fuzzy_generate_commands: <573825847.662174.1516717873737.JavaMail.zimbra@tritan.municoquimbo.cl>, part is shorter than 1000 bytes: 332 (166 * 2.00 bytes), skip fuzzy check
2018-01-23 10:31:14 #25454(rspamd_proxy) <3605ca>; proxy; rspamd_task_write_log: << EOD
2018-01-23 10:31:14 #25454(rspamd_proxy) <3605ca>; proxy; rspamd_protocol_http_reply: regexp statistics: 0 pcre regexps scanned, 2 regexps matched, 163 regexps total, 78 regexps cached, 0B bytes scanned using pcre, 1.01k bytes scanned total
2018-01-23 10:31:14 #25454(rspamd_proxy) <4f6f96>; proxy; proxy_milter_finish_handler: finished milter connection
2018-01-23 10:31:15 #25454(rspamd_proxy) <a03fdd>; proxy; proxy_accept_socket: accepted milter connection from 127.0.0.1 port 36990
2018-01-23 10:31:15 #25454(rspamd_proxy) <521812>; proxy; proxy_accept_socket: accepted milter connection from 127.0.0.1 port 36996
2018-01-23 10:31:15 #25454(rspamd_proxy) <521812>; milter; rspamd_milter_process_command: got connection from 200.54.193.62:37112
More information:

Code: Select all

[zimbra@tritan ~]$  zmlocalconfig|grep nio_imap_enabled
nio_imap_enabled = true

Code: Select all

[zimbra@tritan ~]$ zmprov gs $(hostname) zimbraMtaSmtpdMilters
# name tritan.municoquimbo.cl
zimbraMtaSmtpdMilters: smtpd_milters=inet:localhost:11332

Code: Select all

[zimbra@tritan ~]$ zmprov gs $(zmhostname) | grep zimbraServiceEnabled
zimbraServiceEnabled: amavis
zimbraServiceEnabled: antivirus
zimbraServiceEnabled: opendkim
zimbraServiceEnabled: logger
zimbraServiceEnabled: service
zimbraServiceEnabled: zimbra
zimbraServiceEnabled: zimbraAdmin
zimbraServiceEnabled: zimlet
zimbraServiceEnabled: mailbox
zimbraServiceEnabled: memcached
zimbraServiceEnabled: mta
zimbraServiceEnabled: stats
zimbraServiceEnabled: proxy
zimbraServiceEnabled: snmp
zimbraServiceEnabled: ldap
zimbraServiceEnabled: spell
The ANTISPAM service is not enabled.

Thank you very much.

Rodrigo.
vstakhov
Posts: 7
Joined: Sat Sep 09, 2017 12:40 pm

Re: RSPAMD HELP!!!

Post by vstakhov »

2018-01-23 10:31:07 #25454(rspamd_proxy) <32483d>; proxy; rspamd_task_write_log: << EOD
Your log format seems to be broken. Check `rspamadm configdump logging` - there are likely some extra tabs or other garbage.
Post Reply