List Info

Thread: Certain messages cause segfault in amavisd?
Certain messages cause segfault in amavisd?
country flaguser name
United States		 2007-07-18 03:40:01 
Certain messages cause segfault in amavisd? Or one of the
processes?

I have gathered several messages that will constantly cause
segfault
(signal 11) on amavisd (on perl) on process running amavisd
child.

Postfix continues to attempt to reque these messages, so
every time it
restart it, segv.
(I have this on SEVERAL freebsd systems, amavisd-new 2.5.1
and 2.5.2.
every one that has problems is spam!)

I can't see anything that links these messages together,
other then they
are spam, and rqeueing them don't help (ie: same message
will segv on
same system, over and over till manually held or deleted)

ways to tell if you have this problem:

If in syslog you get lots of these:

> pid 1126 (perl5.8.8), uid 110: exited on signal 11
> pid 2281 (perl5.8.8), uid 110: exited on signal 11
> pid 3471 (perl5.8.8), uid 110: exited on signal 11
> pid 4658 (perl5.8.8), uid 110: exited on signal 11
> pid 5708 (perl5.8.8), uid 110: exited on signal 11
> pid 6886 (perl5.8.8), uid 110: exited on signal 11
> pid 7892 (perl5.8.8), uid 110: exited on signal 11
> pid 8735 (perl5.8.8), uid 110: exited on signal 11
> pid 10117 (perl5.8.8), uid 110: exited on signal 11
> pid 10698 (perl5.8.8), uid 110: exited on signal 11
> pid 11497 (perl5.8.8), uid 110: exited on signal 11

(uid 110 is the user id for the amavisd process)

And, in mailq:

60AFD8FC19    4905 Mon Jul 16 12:26:31 
mailcenter409330615armailer.com
(lost connection with 127.0.0.1[127.0.0.1] while sending end
of data --
message may be sent more than once)
                                         jessie.cuetodomain.com

Even with log_level 9 I can't see anything:


Jul 18 04:36:56 GSNJSPT01 postfix/postsuper[49006]:
0B35B524E65:
released from hold
Jul 18 04:36:56 GSNJSPT01 postfix/postsuper[49006]: Released
from hold:
1 message
Jul 18 04:37:11 GSNJSPT01 postfix/qmgr[63371]: 0B35B524E65:
from=<xacwotutryahoo.com>, size=25997, nrcpt=3 (queue
active)
Jul 18 04:37:11 GSNJSPT01 amavis[47103]: (47103-02)
LMTP::10024
/var/amavis/tmp/amavis-20070718T043548-47103:
<xacwotutryahoo.com> ->
<mdas1domain.com>,<mdasdomain.com>,<mdasikadomain.com> SIZE=25997
Received: from GSNJSPT01.domain.lan ([127.0.0.1]) by
localhost
(GSNJSPT01.domain.lan [127.0.0.1]) (amavisd-new, port 10024)
with LMTP;
Wed, 18 Jul 2007 04:37:11 -0400 (EDT)
Jul 18 04:37:11 GSNJSPT01 amavis[47103]: (47103-02)
Checking:
QSe4ND77vppo [116.217.231.222] <xacwotutryahoo.com> ->
<mdas1domain.com>,<mdasdomain.com>,<mdasikadomain.com>
Jul 18 04:37:12 GSNJSPT01 postfix/lmtp[47077]: 0B35B524E65:
to=<mdas1domain.com>, relay=127.0.0.1[127.0.0.1]:10024,
delay=311625,
delays=311624/0/0.01/0.56, dsn=4.4.2, status=deferred (lost
connection
with 127.0.0.1[127.0.0.1] while sending end of data --
message may be
sent more than once)
Jul 18 04:37:12 GSNJSPT01 postfix/lmtp[47077]: 0B35B524E65:
to=<mdasdomain.com>, relay=127.0.0.1[127.0.0.1]:10024,
delay=311625,
delays=311624/0/0.01/0.56, dsn=4.4.2, status=deferred (lost
connection
with 127.0.0.1[127.0.0.1] while sending end of data --
message may be
sent more than once)
Jul 18 04:37:12 GSNJSPT01 postfix/lmtp[47077]: 0B35B524E65:
to=<mdasikadomain.com>,
relay=127.0.0.1[127.0.0.1]:10024, delay=311625,
delays=311624/0/0.01/0.56, dsn=4.4.2, status=deferred (lost
connection
with 127.0.0.1[127.0.0.1] while sending end of data --
message may be
sent more than once)


(and you must check to see that ONLY a couple of messages
are doing
this, ie; make sure amavisd is running fine for other
messages)

I don't see anything strange in the message (but have
collected several,
and can fwd them under separate cover for interested
parties.

Headers look like:

#1: sample headers
Received: from armailer.com (unknown [216.21.216.36])
        by mail2.domain.com (Postfix) with SMTP id
60AFD8FC19
        for <jessie.cuetodomain.com>; Mon, 16 Jul
2007 12:26:31 -0400
(EDT)
DomainKey-Status: good
X-DomainKeys: Ecelerity dk_sign implementing
draft-delany-domainkeys-base-01
DomainKey-Signature: q=dns; a=rsa-sha1; c=nofws;
        s=s768; d=armailer.com;
 
h=Date:Message-ID:X-ClientHost:X-MailingID:From:To:Errors-To
:Reply-To:Su
bject:Mime-Version:Content-Type:Content-Transfer-Encoding;
 
b=u4cu+gPlEoH+d8q12wfseWeuAA9dnICraiukpFoeyd3BIh2AJutfsbzSlT
b8velS
       
qvzElUWKRUB18mHRjO6IzM4HHZvA/eX1Psws1xAer5NzB4hJaL1U0ezKK9bT
dU+8
Date: Sun, 15 Jul 2007 21:26:30 -0500
Message-ID: <AB.9C.03090.657DA964pkc-ec01>
X-ClientHost:
106101115115105101046099117101116111064116105098111109046099
111109
X-MailingID: 409330615
From: Airline Tickets <AirlineTicketsNowarmailer.com>
To:    <jessie.cuetodomain.com>
Errors-To:  errorsarmailer.com
Reply-To: return-1-1armailer.com
Subject: Get airline tickets now!
Mime-Version: 1.0
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: 8bit


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01
Transitional//EN">

[snip]

#2:

Received: from fjvdy (unknown [88.234.8.87])
        by GSNJSPT01.domain.lan (Postfix) with SMTP id
06056524C73
        for <jbreesedomain.com>; Wed, 18 Jul 2007 03:14:53
-0400 (EDT)
Received: from [178.45.138.219] (helo=qsep)
        by fjvdy with smtp (Exim 4.66 (FreeBSD))
        id 1IB4/k-0005i4-F2; Wed, 18 Jul 2007 10:15:18
+0300
Message-ID: <469DBDE9.1070004tele2.at>
Date: Wed, 18 Jul 2007 10:14:49 +0300
From: Persy Kirby <shzaotele2.at>
User-Agent: Thunderbird 1.5.0.12 (Windows/20070509)
MIME-Version: 1.0
To: jbreesedomain.com
Subject:
Content-Type: multipart/mixed;
 boundary="------------080106050505050303020702"


--------------080106050505050303020702
Content-Type: text/plain; charset=windows-1250;
format=flowed
Content-Transfer-Encoding: 7bit



--------------080106050505050303020702
Content-Type: application/pdf;
 name="Message.pdf"
Content-Transfer-Encoding: base64
Content-Disposition: inline;
 filename="Message.pdf"
-- 
Michael Scheidell, CTO
http://www.secnap.com/ev
ents for free and discounted seminar tickets 
____________________________________________________________
_____________
This email has been scanned and certified safe by
SpammerTrap(tm). 
For Information please see http://www.spammertrap.com

____________________________________________________________
_____________

------------------------------------------------------------
-------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and
take
control of your XML. No limits. Just data. Click to get it
now.
http://sourcefor
ge.net/powerbar/db2/
_______________________________________________
AMaViS-user mailing list
AMaViS-userlists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user

AMaViS-FAQ:http://www.amav
is.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/ho
wto/
Re: Certain messages cause segfault in amavisd?
country flaguser name
Slovenia		 2007-07-23 13:07:45 
Michael,

> Certain messages cause segfault in amavisd? Or one of
the processes?
>
> I have gathered several messages that will constantly
cause segfault
> (signal 11) on amavisd (on perl) on process running
amavisd child.

Feed a sample to a command-line spamassassin, and see if it
causes
it to fail too, e.g.:
  # su vscan -c 'spamassassin -t -D <test.msg'

If it does crash, a likely culprit is some complex regexp in
one
of its rules, more likely than not from a RulesEmporium
sets.
Or perhaps a broken image is crashing a Plugin::ImageCheck.

An amavisd workaround for a crashing spamassassin is to run
SA
in a forked process ($sa_spawned=1), at least temporarily
until
the queue clears.

amavisd-new-2.4.5 release notes:

- ... make it possible to run SA in a spawned process,
  requested by setting a new config variable $sa_spawned to
true
  (it is off by default); benefits are that a mainstream
child process
  can not be brought down by potential processing problems
in SA or its
  external modules, and timeouts are handled cleanly by a
calling process;
  downside is an increase of process count (worst case:
doubled), with
  corresponding increase in memory footprint, plus about 20
.. 30 ms
  of additional processing time for each call to SA;

> If in syslog you get lots of these:
> > pid 1126 (perl5.8.8), uid 110: exited on signal
11
> > pid 2281 (perl5.8.8), uid 110: exited on signal
11

> 60AFD8FC19    4905 Mon Jul 16 12:26:31 
mailcenter409330615armailer.com
> (lost connection with 127.0.0.1[127.0.0.1] while
sending end of data --
> message may be sent more than once)

> Even with log_level 9 I can't see anything:

> Jul 18 04:37:11 GSNJSPT01 amavis[47103]: (47103-02)
Checking:
> QSe4ND77vppo [116.217.231.222] <xacwotutryahoo.com> ->
> <mdas1domain.com>,<mdasdomain.com>,<mdasikadomain.com>

Lots of detailed logging from amavisd is missing.
Perhaps your syslog entry is filtering amavisd log
entries with a syslog priority LOG_DEBUG.

  Mark

------------------------------------------------------------
-------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems?  Stop.
Now Search log events and configuration files using AJAX and
a browser.
Download your FREE copy of Splunk now >>  http://get.splunk.com/
_______________________________________________
AMaViS-user mailing list
AMaViS-userlists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user

AMaViS-FAQ:http://www.amav
is.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/ho
wto/
[1-2]

about | contact  Other archives ( Real Estate discussion Medical topics )