Rspamd WebUI wrong password

[carslen]

Hey community,
since a couple of days, I receive a high amount of spam from a specific IP address range with random domains but all with .my as TDL. To get rid of this Spammer, I've implemented the following multi map rule for Rspamd:

BLACKLIST_IP {
	type = "ip";
	map = "/tmp/docker-mailserver/rspamd/override.d/blacklist_ip.map";
	prefilter = true;
	action = "reject";
	score = 10;
	description = "Blacklist IPs of known spammers";
}

The content of map blacklist_ip.map is a IP/CIDR (23.94.237.0/24).

Since I have this in place, I've determined issues with logging in to the Rspamd WebUI:

The wrong password doesn't appear after restarting Rspamd but after random hours after Rspamd has been started.

Of course, the password has not been changed and after restarting DMS I'm able to log in again. The Rspamd WebUI isn't internet facing, I'm accessing it using a SSH tunnel.

The rspam.log isn't reporting anything related to a failed log in attempt (maybe due to log level). Using a different browser shows the same behavior.

Anyone experienced a behavior like this?

Cheers Carsten

[georglauterbach]

This should not happen, but maybe Rspamd is restarted and the password is lost? Did you already find a solution?

[polarathene]

If the system is under memory pressure any process in the container may be terminated to prevent OOM. Docker by default only allocates to memory, it will not use any SWAP space available unless explicitly configured via opt-in. It might be the Docker OOM managed prevention triggers killing a process solely based on memory usage 🤷‍♂️

A good way to verify is to shell into the container and kill the rspamd process, supervisord should restart it and then try the web interface again? I lack resources atm to check.