Rspamd redis permission denied after latest update.sh run

IeyasuSawada

Dear community,

TL;DR
After running update.sh yesterday rspamd logs started throwing the redis permission denied logs (see below).
The rspamd history fails to update 1 out of 2 times when refreshing. When it doesn’t throw an error in the GUI, it still doesn’t refresh the logs though.

The mailcow.conf is pretty much vanilla apart from having the required reverse proxy configuration for traefik v2 setup.

`
2021-02-15 12:08:11 #114(controller) <jaghor>; lua; lua_redis.lua:1200: cannot upload script to [fd4d:6169:6c63:6f77::6]:6379: Permission denied; registered from: /usr/share/rspamd/lualib/plugins/neural.lua:192

2021-02-15 12:08:12 #114(controller) <jaghor>; lua; lua_redis.lua:1200: cannot upload script to 172.22.1.249:6379: Permission denied; registered from: /usr/share/rspamd/plugins/ratelimit.lua:206

2021-02-15 12:08:12 #114(controller) <jaghor>; lua; lua_redis.lua:1200: cannot upload script to 172.22.1.249:6379: Permission denied; registered from: /usr/share/rspamd/lualib/plugins/neural.lua:192

2021-02-15 12:08:12 #114(controller) <jaghor>; lua; lua_redis.lua:1200: cannot upload script to [fd4d:6169:6c63:6f77::6]:6379: Permission denied; registered from: /usr/share/rspamd/lualib/plugins/neural.lua:192

2021-02-15 12:08:12 #114(controller) <jaghor>; lua; lua_redis.lua:1200: cannot upload script to 172.22.1.249:6379: Permission denied; registered from: /usr/share/rspamd/lualib/plugins/neural.lua:188

2021-02-15 12:08:12 #114(controller) <jaghor>; lua; neural.lua:724: cannot get ANNs list from redis: Permission denied

2021-02-15 12:08:12 #114(controller) <jaghor>; lua; neural.lua:724: cannot get ANNs list from redis: Permission denied
`

E-mails are still coming in and going out fine, however I’m anxious about what else might have gone wrong now seeing that rspamd cannot connect to redis anymore.
From inside the rspamd container connecting to redis on port 6379 (as stated in the default docker-compose.yml) works fine from a network connect perspective.

I’m pretty much at loss currently on what to do.

I’d really appreciate any help in this regard.

Am I not seeing something? I’m also happy to post any server configuration information if required.

Thank you.

PS: Continuing the discussion in German would also work for me if this would be more comfortable. Thanks!

IeyasuSawada

Nginx log shows:

2021/02/15 13:11:03 [alert] 28#28: *8 connect() failed (13: Permission denied) while connecting to upstream, client: 172.22.1.15, server: _, request: "GET /settings.php HTTP/1.1", upstream: "fastcgi://[fd4d:6169:6c63:6f77::e]:9001", host: "nginx"

IeyasuSawada

Disabling IPV6 according to https://mailcow.github.io/mailcow-dockerized-docs/firststeps-disable_ipv6/ seems to have resolved the errors I’ve been seeing.

I’m not sure if I’m happy about that.. 😮