SpamAssassin to external cPanel SA servers not working.

[rezman]

I have several Cpanel servers. Out of those 2 are rather idle and one has an account with a lot of email traffic. I'm trying to set it up so that server can send some of it's SA checking to the two idle Cpanel SA servers. Here is my setup.

Server 1 = high email load server. (127.0.0.1 or 10.0.0.1 in this posting)
Server 2 = idle Cpanel w/SA running. (10.0.0.2 in this posting)

Server 1:
- I added in the exim conf for SA to use both 127.0.0.1 783 : 10.0.0.2 783
- I've opened up TCP ports 783 (in/out) in my CSF config and also added all IPs to the CSF Allow list.

Server 2:
- I've set 127.0.0.1,10.0.0.1 in Cpanel (Email > Spamd Startup Configuration > Allowed IPs)
- I've opened up TCP ports 783 (in/out) in my CSF config and also added all IPs to the CSF Allow list.

Everything going good so far. I check the spamd process on server 2.

# ps aux | grep spamd
root     11892  0.0  0.1 167588 52880 ?        Ss   11:47   0:01 /usr/local/cpanel/3rdparty/perl/514/bin/spamd -d --timeout-child=10 --timeout-tcp=20 --allowed-ips=127.0.0.1,10.0.0.1 --max-conn-per-child=5 --pidfile=/var/run/spamd.pid --max-children=15

Connections from server 1 to server 2 fail. I can't even telnet 10.0.0.2 783. I check IP tables on server 2 and it's getting traffic from server 1 on port 783. It's as if SA just isn't accepting the connections.

2014-02-05 11:29:40 1WB5LV-0001gp-Os spam acl condition: warning - spamd connection to 10.0.0.2, port 783 failed: Connection refused

Is there something I'm missing here? Spamd runs perfect when connecting to localhost. In the past I have had my Cpanel connect to a standalone SA server I had and it worked fine. I would rather use the Cpanel SA servers that auto update.

 

[cPanelMichael]

Connections from server 1 to server 2 fail. I can't even telnet 10.0.0.2 783. I check IP tables on server 2 and it's getting traffic from server 1 on port 783. It's as if SA just isn't accepting the connections.

2014-02-05 11:29:40 1WB5LV-0001gp-Os spam acl condition: warning - spamd connection to 10.0.0.2, port 783 failed: Connection refused

Are you able to telnet to other ports on the 10.0.0.2 address? Have you tried temporarily disabling your firewall on both servers temporarily to rule that out as the cause?

Thank you.

 

[rezman]

Thanks for a quick response.

No change after turning off all firewalls.

On Server 2 I'll do a tcpdump. This is the output.

In this case:
- cpanel1 = server 1 (sender)
- cpsetup = server 2 (receiving to do the scanning)

15:10:07.079903 IP cpanel1.domain.com.32969 > cpsetup.domain.com.783: Flags [S], seq 847809201, win 14600, options [mss 1460,sackOK,TS val 2400965261 ecr 0,nop,wscale 7], length 0
15:10:07.079931 IP cpsetup.domain.com.783 > cpanel1.domain.com.32969: Flags [R.], seq 0, ack 847809202, win 0, length 0
15:10:07.255029 ARP, Request who-has cpsetup.domain.com tell cpanel1.domain.com, length 46
15:10:07.255040 ARP, Reply cpsetup.domain.com is-at 00:25:90:e0:16:d0 (oui Unknown), length 28

I think I might have found the problem but I don't know where to change the settings. It looks like spamd is only listening on 127.0.0.1:783

# netstat -l -vp | grep 783
tcp        0      0 localhost.localdomain:783   *:*                         LISTEN      12978/spamd.pid --m

Where might I change this at? I don't see anything in the files located in /etc/mail/spamassassin/

 

[cPanelMichael]

You can modify the allowed IP addresses for spamd via:

"WHM Home » Email » Spamd Startup Configuration"

This will populate the /etc/cpspamd.conf file.

Thank you.

 

[rezman]

You can modify the allowed IP addresses for spamd via:

"WHM Home » Email » Spamd Startup Configuration"

This will populate the /etc/cpspamd.conf file.

Thank you.

I've already done that part and it's showing up when I check "ps aux | grep spamd". The problem is that spamd is only listening on localhost (127.0.0.1:783) so it's not accepting connections from my other Cpanel servers. I'm trying to do some spamd load balancing between Cpanel servers.