How can I get maddy and rspamd to work together properly?

[darthdubu]

Hi I'm trying to get rspamd set up with maddy. I'm using docker for both.

My configuration is as follows

version: '3.3'
services:
    maddy:
        container_name: maddy
        environment:
            - MADDY_HOSTNAME=redacted
            - MADDY_DOMAIN=redacted
        volumes:
            - './maddydata:/data'
            - ./maddy.log:/var/log/maddy/maddy.log
            - ./logrotate.d/maddy:/etc/logrotate.d/maddy
            - ./aliases:/data/aliases
        network_mode: host
        expose:
            - '25'
#            - '143:143'
            - '587'
            - '465'
            - '993'
        image: 'foxcpp/maddy:latest'
        restart: always

version: '3.7'
services:
  
  rspamd-app:
    image: mailcow/rspamd
    container_name: rspamd-app
    ports: 
    - 11333:11333
    - 11334:11334
    volumes:
    - ./logs/rspamd:/logs/rspamd
    - ./data/rspamd:/data/rspamd
#    environment:
#    - ZABBIX_HOSTNAME=rspamd-app

#    - CONTROLLER_PASS=6v4384jcmL2643U4

    - REDIS_HOST=rspamd-redis
   # - CLAMAV_HOST=clamd
   # - CLAMAV_PORT=3310
    networks:
    - internal
    - services
    restart: always

  rspamd-redis:
    container_name: rspamd-redis
    image: redis:5.0
    volumes:
    - ./db/rspamd-redis:/var/lib/redis:Z
#    environment:
 #   - ZABBIX_HOSTNAME=rspamd-redis
    networks:
    - internal
    - services
    restart: always


networks:
  internal:
    external: false
  services:
    external: true

## Maddy Mail Server - default configuration file (2021-03-07)
# Suitable for small-scale deployments. Uses its own format for local users DB,
# should be managed via maddyctl utility.
#
# See tutorials at https://maddy.email for guidance on typical
# configuration changes.
#
# See manual pages (also available at https://maddy.email) for reference
# documentation.

# ----------------------------------------------------------------------------
# Base variables

$(hostname) = redacted
$(primary_domain) = redacted
$(local_domains) = $(primary_domain) 

log stderr /var/log/maddy/maddy.log

tls file /data/tls_cert.pem /data/tls_key.pem
state_dir /data

# ----------------------------------------------------------------------------
# Local storage & authentication

# pass_table provides local hashed passwords storage for authentication of
# users. It can be configured to use any "table" module, in default
# configuration a table in SQLite DB is used.
# Table can be replaced to use e.g. a file for passwords. Or pass_table module
# can be replaced altogether to use some external source of credentials (e.g.
# PAM, /etc/shadow file).
#
# If table module supports it (sql_table does) - credentials can be managed
# using 'maddyctl creds' command.

auth.pass_table local_authdb {
    table sql_table {
        driver sqlite3
        dsn credentials.db
        table_name passwords
    }
}

# imapsql module stores all indexes and metadata necessary for IMAP using a
# relational database. It is used by IMAP endpoint for mailbox access and
# also by SMTP & Submission endpoints for delivery of local messages.
#
# IMAP accounts, mailboxes and all message metadata can be inspected using
# imap-* subcommands of maddyctl utility.

storage.imapsql local_mailboxes {
    driver sqlite3
    dsn imapsql.db
}

# ----------------------------------------------------------------------------
# SMTP endpoints + message routing

hostname $(hostname)

table.chain local_rewrites {
    optional_step regexp "(.+)\+(.+)@(.+)" "$1@$3"
    optional_step file /data/aliases
}

msgpipeline local_routing {
    # Insert handling for special-purpose local domains here.
    # e.g.
    # destination lists.example.org {
    #     deliver_to lmtp tcp://127.0.0.1:8024
    # }

    destination postmaster $(local_domains) {
        modify {
            replace_rcpt &local_rewrites
        }

        deliver_to &local_mailboxes
    }

    default_destination {
        reject 550 5.1.1 "User doesn't exist"
    }

	check {
		rspamd {
		tag maddy
		io_error_action ignore
    	error_resp_action ignore
    	add_header_action quarantine
    	rewrite_subj_action quarantine
    	flags pass_all
    	}
  	}
}

smtp tcp://0.0.0.0:25 {
    limits {
        # Up to 20 msgs/sec across max. 10 SMTP connections.
        all rate 20 1s
        all concurrency 10
    }

    dmarc yes
    check {
        require_mx_record
        dkim
        spf
    }

    source $(local_domains) {
        reject 501 5.1.8 "Use Submission for outgoing SMTP"
    }
    default_source {
        destination postmaster $(local_domains) {
            deliver_to &local_routing
        }
        default_destination {
            reject 550 5.1.1 "User doesn't exist"
        }
    }
}

submission tls://0.0.0.0:465 tcp://0.0.0.0:587 {
    limits {
        # Up to 50 msgs/sec across any amount of SMTP connections.
        all rate 50 1s
    }

    auth &local_authdb

    source $(local_domains) {
        check {
            authorize_sender {
                prepare_email &local_rewrites
                user_to_email identity
            }
        }

        destination postmaster $(local_domains) {
            deliver_to &local_routing
        }
        default_destination {
            modify {
                dkim $(primary_domain) $(local_domains) default
            }
            deliver_to &remote_queue
        }
    }
    default_source {
        reject 501 5.1.8 "Non-local sender domain"
    }
}

target.remote outbound_delivery {
    limits {
        # Up to 20 msgs/sec across max. 10 SMTP connections
        # for each recipient domain.
        destination rate 20 1s
        destination concurrency 10
    }
    mx_auth {
        dane
        mtasts {
            cache fs
            fs_dir mtasts_cache/
        }
        local_policy {
            min_tls_level encrypted
            min_mx_level none
        }
    }
}

target.queue remote_queue {
    target &outbound_delivery

    autogenerated_msg_domain $(primary_domain)
    bounce {
        destination postmaster $(local_domains) {
            deliver_to &local_routing
        }
        default_destination {
            reject 550 5.0.0 "Refusing to send DSNs to non-local addresses"
        }
    }
}

# ----------------------------------------------------------------------------
# IMAP endpoints

imap tls://0.0.0.0:993 { 
#tcp://0.0.0.0:143 
    auth &local_authdb
    storage &local_mailboxes
}

I'm receiving errors on maddy and rspamd's logs.

smtp: RCPT ok	{"msg_id":"cbe30b00","rcpt":"[email protected]"}
msgpipeline: no check action	{"check":"check.rspamd","msg_id":"cbe30b00","reason":"HTTP 500","smtp_code":451,"smtp_enchcode":"4.7.0","smtp_msg":"Internal error during policy check"}
smtp: accepted	{"msg_id":"cbe30b00"}

(hs_helper) <79fe80>; re_cache; rspamd_re_cache_compile_hyperscan: compiled class header(X-Forefront-Antispam-Report) to cache cbfa9c, 1 regexps
(hs_helper) <79fe80>; re_cache; rspamd_re_cache_compile_hyperscan: compiled class raw header(List-Unsubscribe) to cache d240ee, 1 regexps
(hs_helper) <79fe80>; re_cache; rspamd_re_cache_compile_hyperscan: compiled class raw header(Return-path) to cache b67743, 3 regexps
(hs_helper) <79fe80>; re_cache; rspamd_re_cache_compile_hyperscan: compiled class header(Sender) to cache b55ea8, 1 regexps
(hs_helper) <79fe80>; re_cache; rspamd_re_cache_compile_hyperscan: compiled class part to cache 250cec, 1 regexps
(hs_helper) rspamd_rs_compile: compiled 166 regular expressions to the hyperscan tree
(normal) rspamd_worker_hyperscan_ready: loading hyperscan expressions after receiving compilation notice: new db
(normal) <79fe80>; re_cache; rspamd_re_cache_load_hyperscan: hyperscan database of 166 regexps has been loaded
(normal) <5b61b1>; task; accept_socket: accepted connection from 172.19.0.1 port 49364, task ptr: 00007F555E11A070
(normal) <5b61b1>; task; rspamd_worker_body_handler: cannot handle request: invalid command:        
(controller) <qwxppg>; map; http_map_finish: cannot load map https://rspamd.com/freemail/free.txt.zst from rspamd.com: HTTP error 502
(controller) <xa6qqy>; map; http_map_finish: cannot load map https://rspamd.com/freemail/disposable.txt.zst from rspamd.com: HTTP error 502
(controller) <qwxppg>; map; http_map_finish: cannot load map https://rspamd.com/freemail/free.txt.zst from rspamd.com: HTTP error 502
(controller) <qwxppg>; map; http_map_finish: cannot load map https://rspamd.com/freemail/free.txt.zst from rspamd.com: HTTP error 502
(controller) <xa6qqy>; map; http_map_finish: cannot load map https://rspamd.com/freemail/disposable.txt.zst from rspamd.com: HTTP error 502
(controller) <xa6qqy>; map; http_map_finish: cannot load map https://rspamd.com/freemail/disposable.txt.zst from rspamd.com: HTTP error 502
(controller) <qwxppg>; map; http_map_finish: cannot load map https://rspamd.com/freemail/free.txt.zst from rspamd.com: HTTP error 502
(normal) <q5zzqk>; monitored; rspamd_monitored_propagate_error: servfail on resolving public.sarbl.org, disable object
(normal) <1172d1>; task; accept_socket: accepted connection from 172.19.0.1 port 49368, task ptr: 00007F555E11A2F0
(normal) <1172d1>; task; rspamd_worker_body_handler: cannot handle request: invalid command:        
(normal) <0163e7>; task; accept_socket: accepted connection from 172.19.0.1 port 49372, task ptr: 00007F555E11A570
(normal) <0163e7>; task; rspamd_worker_body_handler: cannot handle request: invalid command:   

Any insight into whats wrong would be appreciated. I'm totally lost otherwise. I attempted to send some intentional spam to myself with the GTUBE test but it does not get flagged as spam and just pops up in the inbox.