Rspamd cannot upload script and segfaults

croxis

I’m new to mailcow and email hosting so I have a lot of gaps in my knowledge still.
rpsamd is not functioning/crashing a lot. Here is the 200 tail of rspamd-mailcow: https://pastebin.com/hvih057d
My email isn’t being signed with DKIM, does rspamd handle that?
My firewall is nftables with iptables-ntf.
Thank you for the help and I am more than happy to provide any additional information!

croxis

OK a little update. The server it can’t connect to is the redis container. The redis container has no errors in the log. I can ping from the rspamd container to the redis container, so I am not sure what is wrong.

diekuh

Can you post information about your system? Firewall, OS etc. 🙂 Docker version…

croxis

OS: Arch linux (5.11.5 kernel) running on a linode vps
Firewall: Plain NFtables with iptables-ntf.
Docker 20.10.5

Here is the redis log from startup
redis-mailcow_1 | 1:C 12 Mar 2021 15:51:53.447 # oO0OoO0OoO0Oo Redis is starting oO0OoO0OoO0Oo redis-mailcow_1 | 1:C 12 Mar 2021 15:51:53.447 # Redis version=5.0.12, bits=64, commit=00000000, modified=0, pid=1, just started redis-mailcow_1 | 1:C 12 Mar 2021 15:51:53.447 # Warning: no config file specified, using the default config. In order to specify a config file use redis-server /path/to/redis.conf redis-mailcow_1 | 1:M 12 Mar 2021 15:51:53.451 * Running mode=standalone, port=6379. redis-mailcow_1 | 1:M 12 Mar 2021 15:51:53.451 # Server initialized redis-mailcow_1 | 1:M 12 Mar 2021 15:51:53.451 # WARNING you have Transparent Huge Pages (THP) support enabled in your kernel. This will create latency and memory usage issues with Redis. To fix this issue run the command 'echo never > /sys/kernel/mm/transparent_hugepage/enabled' as root, and add it to your /etc/rc.local in order to retain the setting after a reboot. Redis must be restarted after THP is disabled. redis-mailcow_1 | 1:M 12 Mar 2021 15:51:53.471 * DB loaded from disk: 0.020 seconds redis-mailcow_1 | 1:M 12 Mar 2021 15:51:53.471 * Ready to accept connections

croxis

And my nftable.conf
`
define docker_v4 = 172.17.0.0/16
define docker_v6 = fe80::/48

table inet filter {
chain input {
type filter hook input priority 0;

ct state {established, related} accept

# early drop of invalid connections
ct state invalid drop

# allow from loopback
iifname lo accept

# allow icmp
ip protocol icmp accept
ip6 nexthdr icmpv6 accept

# allow ssh
tcp dport ssh accept
# avoid brute force on ssh:
tcp dport ssh ct state new limit rate 15/minute accept

# allow http(s)
tcp dport { http, https } accept

# allow matrix
tcp dport 8448 accept

# allow smtps
udp dport 3000 accept
tcp dport 465 accept
tcp dport 587 accept
tcp dport 993 accept
tcp dport 4190 accept

# allow iperf3
tcp dport 5201 accept
udp dport 5201 accept

# Bedrock
tcp dport 19132 accept
tcp dport 19133 accept
udp dport 19132 accept
udp dport 19133 accept

# Eco
tcp dport 3000 accept
udp dport 3000 accept
tcp dport 3001 accept
udp dport 3001 accept

# TURN
tcp dport 3478 accept
udp dport 3478 accept
tcp dport 5349 accept
udp dport 5349 accept
udp dport 49152-65535 accept

# everything else
reject with icmpx type port-unreachable

}
chain forward {
type filter hook forward priority security; policy drop;
mark 1 accept
}
chain output {
type filter hook output priority 0;
}

}

table ip nat {
chain prerouting {
type nat hook prerouting priority 0
}
chain postrouting {
type nat hook postrouting priority 0
oif eth0 counter masquerade
}
}

table ip filter {
chain DOCKER-USER {
mark set 1
}
}
`