search

tiredofit / docker-rspamd

Dockerized Anti Spam Filter
MIT License
18 stars 8 forks source link

Milter integration with Postfix fails "can't read SMFIC_OPTNEG reply packet header:" #6

Open Flunkyball opened 2 years ago

Flunkyball commented 2 years ago

Summary

After integration of docker-rspamd into Postfix every mail fails to be checked with the following logging in mail.log:

Sep 30 18:26:31 carbon postfix/smtpd[19770]: warning: milter inet:[127.0.0.1]:11333: can't read SMFIC_OPTNEG reply packet header: Success Sep 30 18:26:31 carbon postfix/smtpd[19770]: warning: milter inet:[127.0.0.1]:11333: read error in initial handshake Rspamed does not log anything, even does not show the mail in the statistics. Port 11333 is available from the host system as postfix is installed locally.

Steps to reproduce

Fresh setup according to the docker-compose.yml below.

What is the expected correct behavior?

Working filtering

Relevant logs and/or screenshots


version: '2.4'
services:

  rspamd-app:
    image: tiredofit/rspamd
    container_name: rspamd-app
    ports:
      - 11333:11333
      - 11334:11334
    volumes:
      - ./logs/rspamd:/logs/rspamd
      - ./data/rspamd:/data/rspamd
    environment:
      - TIMEZONE=Europe/Berlin
      - CONTAINER_NAME=rspamd-app
      - ENABLE_ZABBIX=false
      - CONTROLLER_PASS=password
      - WORKER_LISTEN_PORT=11333
      - REDIS_HOST=rspamd-redis
      - CLAMAV_HOST=clamav
      - CLAMAV_PORT=3310
      - OLETOOLS_HOST=olefy-app
      - OLETOOLS_PORT=1005
    networks:
      - internal
      - services
    restart: always

  rspamd-redis:
    container_name: rspamd-redis
    image: tiredofit/redis:7-latest
    volumes:
      - ./db/rspamd-redis:/var/lib/redis:Z
    environment:
      - TIMEZONE=Europe/Berlin
      - CONTAINER_NAME=rspamd-redis
      - ENABLE_ZABBIX=false
    networks:
      - internal
      - services
    restart: always

  clamav:
    image: tiredofit/clamav:latest
    container_name: clamav
    ports:
      - 3310:3310
    volumes:
      - ./data/clamav:/data
      - ./logs/clamav:/logs
    environment:
      - CONTAINER_NAME=clamav
      - DEFINITIONS_UPDATE_FREQUENCY=60
      - ENABLE_ZABBIX=false
    networks:
          - internal
      - services

    restart: always

  olefy-app:
    image: tiredofit/olefy
    container_name: olefy-app
    ports:
      - 1005:1005
    environment:
      - CONTAINER_NAME=olefy-app
      - ENABLE_ZABBIX=false

      - DELETE_TEMP_FILES=TRUE
      - DELETE_TEMP_FILES_FAILED=TRUE
      - LISTEN_PORT=1005
      - LOG_LEVEL=INFO
      - MINIMUM_CHARACTER_LENGTH=500
    networks:
      - services
    restart: always

networks:
  internal:
    external: false
    ipam:
      config:
        - subnet: 172.21.0.0/16

  services:
    external: true
    ipam:
      config:
        - subnet: 172.20.0.0/16
Flunkyball commented 2 years ago

If port 11332 is exposed where the rspamd proxy is listening and if it is used in the milter config of postfix it works.... Any idea why the rspamd worker directly does not work ?