Interoperating Exim with Rspamd

Recently I have been implementing Rspamd for providing some automatic filtering for the emails hosted on my server, which are presently delivered by Exim to the Dovecot LDA.

For integrating Exim with Rspamd, I followed the Rspamd manual, but thing weren’t exactly working as expected.

I was frequently getting error messages such as:

Feb  7 11:10:44 stanke rspamd[2939]: (normal) <3a1c27>; task; accept_socket: accepted connection from 127.0.0.1 port 51289
Feb  7 11:10:44 stanke rspamd[2939]: (normal) <3a1c27>; task; rspamd_worker_error_handler: abnormally closing connection from: 127.0.0.1, error: IO timeout

with Exim at the same time reporting

2016-02-07 11:10:44 1aSMIm-0005QH-3P spam acl condition: Broken pipe on spamd socket
2016-02-07 11:10:44 1aSMIm-0005QH-3P H=mail1.mcsignup.com [205.201.139.33]:49767 Warning: ACL "warn" statement skipped: condition test deferred

In the majority of cases however the scan succeeded, so that a general misconfiguration could be ruled out. For some reason the socket connection between Exim and Rspamd seemed to break in some cases. I tried playing with the spamd_address options of exim, in particular with tmo and retry (see the Exim documentation on content scanning at ACL time), but to no avail.

What seems to have fixed the problem however was to define two entries for spam servers that Exim can connect to, despite the fact that they both refer to the same Rspamd instance. Exim seems to simply switch to the next (in fact same) server when seeing a „broken pipe“ and the reconnect seems to suffice to iron things out. Here is the relevant snippet to be inserted in /etc/exim4/conf.d/main/02_exim4-config_options:

spamd_address = 127.0.0.1 11333 tmo=1m retry=10s variant=rspamd : \
                127.0.0.1 11333 tmo=1m retry=10s variant=rspamd