List Info

Thread:

Search this list only Search all lists

	2007-11-09 15:43:55
I'm running a Postfix (ver 2.4.5)/Amavisd-new (ver 2.5.2)/ClamAV (ver 0.91.2) setup, with configuration files as follows: MTA: main.cf (postconf -n) ____________________________________________________ alias_database = hash:/etc/postfix/aliases alias_maps = hash:/etc/postfix/aliases bounce_queue_lifetime = 6h bounce_template_file = /etc/postfix/bounce.cf canonical_maps = hash:/etc/postfix/canonical command_directory = /usr/sbin config_directory = /etc/postfix content_filter = amavisfeed:[127.0.0.1]:10024 daemon_directory = /usr/libexec/postfix default_destination_concurrency_limit = 2 default_privs = nobody html_directory = no inet_interfaces = 192.168.0.123, 127.0.0.1 local_destination_concurrency_limit = 2 local_recipient_maps = $alias_maps unix:passwd.byname mail_owner = postfix mail_spool_directory = /var/spool/mail mailbox_size_limit = 20971520 mailq_path = /usr/bin/mailq.postfix manpage_directory = /usr/share/man maximal_queue_lifetime = 12h message_size_limit = 15728640 mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain mydomain = whatever.domain myhostname = mail.whatever.domain mynetworks = 192.168.0.0/24, 127.0.0.0/24 myorigin = $mydomain newaliases_path = /usr/bin/newaliases.postfix queue_directory = /var/spool/postfix readme_directory = /usr/share/doc/postfix-2.4.5/README_FILES relay_domains = $mydestination relayhost = $mydomain sendmail_path = /usr/sbin/sendmail.postfix setgid_group = postdrop smtpd_banner = $myhostname ESMTP $mail_name ($mail_version) strict_rfc821_envelopes = yes ____________________________________________________ master.cf ____________________________________________________ # # Postfix master process configuration file. For details on the format # of the file, see the master(5) manual page (command: "man 5 master"). # # ============================================================ ============== # service type private unpriv chroot wakeup maxproc command + args # (yes) (yes) (yes) (never) (100) # ============================================================ ============== smtp inet n - n - - smtpd #submission inet n - n - - smtpd # -o smtpd_enforce_tls=yes # -o smtpd_sasl_auth_enable=yes # -o smtpd_client_restrictions=permit_sasl_authenticated,reject #smtps inet n - n - - smtpd # -o smtpd_tls_wrappermode=yes # -o smtpd_sasl_auth_enable=yes # -o smtpd_client_restrictions=permit_sasl_authenticated,reject #628 inet n - n - - qmqpd pickup fifo n - n 60 1 pickup cleanup unix n - n - 0 cleanup qmgr fifo n - n 300 1 qmgr #qmgr fifo n - n 300 1 oqmgr tlsmgr unix - - n 1000? 1 tlsmgr rewrite unix - - n - - trivial-rewrite bounce unix - - n - 0 bounce defer unix - - n - 0 bounce trace unix - - n - 0 bounce verify unix - - n - 1 verify flush unix n - n 1000? 0 flush proxymap unix - - n - - proxymap smtp unix - - n - - smtp # When relaying mail as backup MX, disable fallback_relay to avoid MX loops relay unix - - n - - smtp -o fallback_relay= # -o smtp_helo_timeout=5 -o smtp_connect_timeout=5 showq unix n - n - - showq error unix - - n - - error retry unix - - n - - error discard unix - - n - - discard local unix - n n - - local virtual unix - n n - - virtual lmtp unix - - n - - lmtp anvil unix - - n - 1 anvil scache unix - - n - 1 scache # # ============================================================ ======== # Interfaces to non-Postfix software. Be sure to examine the manual # pages of the non-Postfix software to find out what options it wants. # # Many of the following services use the Postfix pipe(8) delivery # agent. See the pipe(8) man page for information about $ # and other message envelope options. # ============================================================ ======== # # maildrop. See the Postfix MAILDROP_README file for details. # Also specify in main.cf: maildrop_destination_recipient_limit=1 # #maildrop unix - n n - - pipe # flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d $ # # ============================================================ ======== # # The Cyrus deliver program has changed incompatibly, multiple times. # #old-cyrus unix - n n - - pipe # flags=R user=cyrus argv=/cyrus/bin/deliver -e -m $ $ # # ============================================================ ======== # # Cyrus 2.1.5 (Amos Gouaux) # Also specify in main.cf: cyrus_destination_recipient_limit=1 # #cyrus unix - n n - - pipe # user=cyrus argv=/cyrus/bin/deliver -e -r $ -m $ $ # # ============================================================ ======== # # See the Postfix UUCP_README file for configuration details. # #uucp unix - n n - - pipe # flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient) # # ============================================================ ======== # # Other external delivery methods. # #ifmail unix - n n - - pipe # flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient) # #bsmtp unix - n n - - pipe # flags=Fq. user=bsmtp argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient # #scalemail-backend unix - n n - 2 pipe # flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store # $ $ $ # #mailman unix - n n - - pipe # flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py # $ $ # ============================================================ ======== #Settings for amavisd-new->SpamAssassin->ClamAV amavisfeed unix - - n - 2 lmtp -o lmtp_data_done_timeout=2400 -o lmtp_send_xforward_command=yes -o disable_dns_lookups=yes -o max_use=20 127.0.0.1:10025 inet n - n - - smtpd -o content_filter= -o smtpd_delay_reject=no -o smtpd_client_restrictions=permit_mynetworks,reject -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o smtpd_data_restrictions=reject_unauth_pipelining -o smtpd_end_of_data_restrictions= -o smtpd_restriction_classes= -o mynetworks=127.0.0.0/8 -o smtpd_error_sleep_time=0 -o smtpd_soft_error_limit=1001 -o smtpd_hard_error_limit=1000 -o smtpd_client_connection_count_limit=0 -o smtpd_client_connection_rate_limit=0 -o receive_override_options=no_header_body_checks,no_unknown_re cipient_checks,no_milters -o local_header_rewrite_clients= ____________________________________________________ Relevant parts of amvisd.conf ____________________________________________________ use strict; $max_servers = 2; # num of pre-forked children (2..15 is common), -m $child_timeout=2200; # abort child if it does not complete its processing in # approximately n seconds (default: 860 seconds) $daemon_user = 'amavis'; # (no default; customary: vscan or amavis), -u $daemon_group = 'amavis'; # (no default; customary: vscan or amavis), -g $mydomain = 'whatever.domain'; # a convenient default for other settings $MYHOME = '/usr/local/amavis'; # a convenient default for other settings, -H $TEMPBASE = "$MYHOME/tmp"; # working directory, needs to exist, -T $ENV = $TEMPBASE; # environment variable TMPDIR, used by SA, etc. $QUARANTINEDIR = '/usr/local/amavis/var/virusmails'; # -Q $quarantine_subdir_levels = 1; # add level of subdirs to disperse quarantine $db_home = "$MYHOME/db"; # dir for bdb nanny/cache/snmp databases, -D $helpers_home = "$MYHOME/var"; # working directory for SpamAssassin, -S $lock_file = "$MYHOME/var/amavisd.lock"; # -L $pid_file = "$MYHOME/var/amavisd.pid"; # -P $log_level = 1; # verbosity 0..5, -d $DO_SYSLOG = 1; # log via syslogd (preferred) $syslog_facility = 'mail'; # Syslog facility as a string $syslog_priority = 'alert'; # Syslog base (minimal) priority as a string, $enable_db = 1; # enable use of BerkeleyDB/libdb (SNMP and nanny) $enable_global_cache = 1; # enable use of libdb-based cache if $enable_db=1 $nanny_details_level = 1; # nanny verbosity: 1: traditional, 2: detailed local_domains_maps = ( [".$mydomain"] ); # list of all local domains mynetworks = qw( 127.0.0.0/24 192.168.0.0/24 ); $unix_socketname = "$MYHOME/amavisd.sock"; # amavisd-release or amavis-milter $inet_socket_port = 10024; # listen on this local TCP port(s) $policy_bank{'MYNETS'} = { # mail originating from mynetworks originating => 1, # is true in MYNETS by default, but let's make it explicit os_fingerprint_method => undef, # don't query p0f for internal clients }; $interface_policy{'10025'} = 'ORIGINATING'; $policy_bank{'ORIGINATING'} = { # mail supposedly originating from our users originating => 1, # declare that mail was submitted by our smtp client allow_disclaimers => 1, # enables disclaimer insertion if available virus_admin_maps => ["quarantine_virus$mydomain"], spam_admin_maps => ["quarantine_spam$mydomain"], warnbadhsender => 1, smtpd_discard_ehlo_keywords => ['8BITMIME'], bypass_banned_checks_maps => [1], # allow sending any file names and types terminate_dsn_on_notify_success => 0, # don't remove NOTIFY=SUCCESS option }; $interface_policy{'SOCK'} = 'AM.PDP-SOCK'; # only applies with $unix_socketname $policy_bank{'AM.PDP-SOCK'} = { protocol => 'AM.PDP', auth_required_release => 0, # do not require secret_id for amavisd-release }; $sa_tag_level_deflt = 2.0; # add spam info headers if at, or above that level $sa_tag2_level_deflt = 6.2; # add 'spam detected' headers at that level $sa_kill_level_deflt = 6.9; # triggers spam evasive actions (e.g. blocks mail) $sa_dsn_cutoff_level = 10; # spam level beyond which a DSN is not sent $sa_quarantine_cutoff_level = 25; # spam level beyond which quarantine is off $penpals_bonus_score = 8; # (no effect without a storage_sql_dsn database) $penpals_threshold_high = $sa_kill_level_deflt; # don't waste time on hi spam $sa_mail_body_size_limit = 4001024; # don't waste time on SA if mail is larger $sa_local_tests_only = 0; # only tests which do not require internet access? $virus_admin = "whatever$mydomain"; # notifications recip. $mailfrom_notify_admin = "whatever$mydomain"; # notifications sender $mailfrom_notify_recip = "whatever$mydomain"; # notifications sender $mailfrom_notify_spamadmin = "whatever$mydomain"; # notifications sender $mailfrom_to_quarantine = undef; # null return path; uses original sender if undef addr_extension_virus_maps = ('virus'); addr_extension_banned_maps = ('banned'); addr_extension_spam_maps = ('spam'); addr_extension_bad_header_maps = ('badh'); $path = '/usr/local/sbin:/usr/local/bin:/usr/sbin:/sbin:/usr/bin:/bi n'; $MAXLEVELS = 14; $MAXFILES = 1500; $MIN_EXPANSION_QUOTA = 1001024; # bytes (default undef, not enforced) $MAX_EXPANSION_QUOTA = 30010241024; # bytes (default undef, not enforced) $sa_spam_subject_tag = 'SPAM* '; $defang_virus = 1; # MIME-wrap passed infected mail $defang_banned = 1; # MIME-wrap passed mail containing banned name $defang_by_ccat{+CC_BADH.",3"} = 1; # NUL or CR character in header $defang_by_ccat{+CC_BADH.",5"} = 1; # header line longer than 998 characters $defang_by_ccat{+CC_BADH.",6"} = 1; # header field syntax error $myhostname = 'mail.whatever.domain'; # must be a fully-qualified domain name! # $notify_method = 'smtp:[127.0.0.1]:10025'; # $forward_method = 'smtp:[127.0.0.1]:10025'; # set to undef with milter! $final_virus_destiny = D_DISCARD; $virus_quarantine_to = "quarantine_virus$mydomain"; $final_banned_destiny = D_BOUNCE; $banned_quarantine_to = "quarantine_banned$mydomain"; $final_spam_destiny = D_BOUNCE; $spam_quarantine_to = "quarantine_spam$mydomain"; $final_bad_header_destiny = D_PASS; $os_fingerprint_method = 'p0f:127.0.0.1:2345'; # to query p0f-analyzer.pl ____________________________________________________ The version of Perl I'm using is 5.8.0,and relevant perl modules: Net::Server v0.97; Mail::SpamAssassin v3.002003. At start up, amavisd-new reports "Unicode aware, LANG=en_US.UTF-8". So far, so good. The postfix installation was already up and running without trouble. When added amavisd-new (with SpamAssassin + ClamAV as external scanner), all tests went by the numbers, except for an annoying event. An example log file follows: Oct 24 13:05:38 HOSTNAME postfix/qmgr[2213]: 6712176401D: from=<user1whatever.domain>, size=2147, nrcpt=1 (queue active) Oct 24 13:05:39 HOSTNAME amavis[6732]: process_request: fileno sock=12, STDIN=0, STDOUT=1 Oct 24 13:05:39 HOSTNAME amavis[6732]: (06732-01) loaded policy bank "MYNETS" Oct 24 13:05:39 HOSTNAME amavis[6732]: (06732-01) LMTP::10024 /usr/local/amavis/tmp/amavis-20071024T130539-06732: <user1whatever.domain> -> <user1whatever.domain> SIZE=2147 Received: from mail.whatever.domain ([127.0.0.1]) by localhost (mail.whatever.domain [127.0.0.1]) (amavisd-new, port 10024) with LMTP for <user1whatever.domain>; Wed, 24 Oct 2007 13:05:39 -0300 (ART) Oct 24 13:05:39 HOSTNAME amavis[6732]: (06732-01) body hash: ad5d1ddbe0c620005c88aef33c5f4af6 Oct 24 13:05:39 HOSTNAME amavis[6732]: (06732-01) Checking: Y1hjJOo0QwB7 MYNETS [192.168.0.125] <user1whatever.domain> -> <user1whatever.domain> Oct 24 13:05:39 HOSTNAME amavis[6732]: (06732-01) 2822.From: <USER.1whatever.domain>, 2821.Mail_From: <user1whatever.domain> Oct 24 13:05:39 HOSTNAME amavis[6732]: (06732-01) Cached virus check expired, TTL = 1800 s Oct 24 13:05:39 HOSTNAME amavis[6732]: (06732-01) cached ad5d1ddbe0c620005c88aef33c5f4af6 from <user1whatever.domain> (0,0) Oct 24 13:05:39 HOSTNAME amavis[6732]: (06732-01) p004 1 Content-Type: multipart/mixed Oct 24 13:05:39 HOSTNAME amavis[6732]: (06732-01) p005 1/1 Content-Type: multipart/alternative Oct 24 13:05:39 HOSTNAME amavis[6732]: (06732-01) p001 1/1/1 Content-Type: text/plain, size: 24 B, name: Oct 24 13:05:39 HOSTNAME amavis[6732]: (06732-01) p002 1/1/2 Content-Type: text/html, size: 334 B, name: Oct 24 13:05:39 HOSTNAME amavis[6732]: (06732-01) p003 1/2 Content-Type: text/plain, size: 68 B, name: eicar.txt Oct 24 13:05:39 HOSTNAME amavis[6732]: (06732-01) Checking for banned types and filenames Oct 24 13:05:39 HOSTNAME amavis[6732]: (06732-01) collect banned table[0]: user1whatever.domain, tables: DEFAULT=>Amavis::Lookup::RE=ARRAY(0x8e89718) Oct 24 13:05:39 HOSTNAME amavis[6732]: (06732-01) p.path user1whatever.domain: "P=p004,L=1,M=multipart/mixed \| P=p003,L=1/2,M=text/plain,T=asc,N=eicar.txt" Oct 24 13:05:39 HOSTNAME amavis[6732]: (06732-01) p.path user1whatever.domain: "P=p004,L=1,M=multipart/mixed \| P=p005,L=1/1,M=multipart/alternative \| P=p001,L=1/1/1,M=text/plain,T=txt" Oct 24 13:05:39 HOSTNAME amavis[6732]: (06732-01) p.path user1whatever.domain: "P=p004,L=1,M=multipart/mixed \| P=p005,L=1/1,M=multipart/alternative \| P=p002,L=1/1/2,M=text/html,T=html" Oct 24 13:05:39 HOSTNAME amavis[6732]: (06732-01) Using ClamAV-clamd: (built-in interface) Oct 24 13:05:39 HOSTNAME amavis[6732]: (06732-01) Using (ClamAV-clamd) on dir: CONTSCAN /usr/local/amavis/tmp/amavis-20071024T130539-06732/partsn Oct 24 13:05:39 HOSTNAME amavis[6732]: (06732-01) ClamAV-clamd: Connecting to socket /var/tmp/clamd.socket Oct 24 13:05:39 HOSTNAME amavis[6732]: (06732-01) ClamAV-clamd: Sending CONTSCAN /usr/local/amavis/tmp/amavis-20071024T130539-06732/partsn to UNIX socket /var/tmp/clamd.socket Oct 24 13:05:39 HOSTNAME amavis[6732]: (06732-01) ask_av (ClamAV-clamd): /usr/local/amavis/tmp/amavis-20071024T130539-06732/parts INFECTED: Eicar-Test-Signature Oct 24 13:05:39 HOSTNAME amavis[6732]: (06732-01) virus_scan: (Eicar-Test-Signature), detected by 1 scanners: ClamAV-clamd Oct 24 13:05:39 HOSTNAME amavis[6732]: (06732-01) Virus Eicar-Test-Signature matches (constant:1), sender addr ignored Oct 24 13:05:44 HOSTNAME amavis[6732]: (06732-01) ip_addr_to_name: returning: [192.168.0.125] Oct 24 13:05:44 HOSTNAME amavis[6732]: (06732-01) blocking contents category is (9) for user1whatever.domain Oct 24 13:05:44 HOSTNAME amavis[6732]: (06732-01) do_notify_and_quar: ccat=Virus (9,0) ("9":Virus, "1":Clean, "0":CatchAll) ccat_block=(9), q_mth=local:virus-%m, qar_mth= Oct 24 13:05:44 HOSTNAME amavis[6732]: (06732-01) smtp creating socket by IO::Socket::INET: 127.0.0.1 Oct 24 13:05:44 HOSTNAME postfix/smtpd[6885]: connect from HOSTNAME[127.0.0.1] Oct 24 13:05:44 HOSTNAME amavis[6732]: (06732-01) smtp resp to greeting: 220 mail.whatever.domain ESMTP Postfix (2.4.5) Oct 24 13:05:44 HOSTNAME amavis[6732]: (06732-01) smtp cmd> EHLO localhost Oct 24 13:05:44 HOSTNAME amavis[6732]: (06732-01) smtp resp to EHLO: 250 mail.whatever.domainnPIPELININGnSIZE 15728640nVRFYnETRNnENHANCEDSTATUSCODESn8BITMIMEnDSN Oct 24 13:05:44 HOSTNAME amavis[6732]: (06732-01) AUTH not needed, user='', MTA offers '' Oct 24 13:05:44 HOSTNAME amavis[6732]: (06732-01) smtp cmd> MAIL FROM:<user1whatever.domain> ENVID=AM.Y1hjJOo0QwB7.20071024T160544Zmail.whatever.domain BODY=7BIT Oct 24 13:05:44 HOSTNAME amavis[6732]: (06732-01) smtp cmd> RCPT TO:<quarantine_viruswhatever.domain> Oct 24 13:05:44 HOSTNAME amavis[6732]: (06732-01) smtp cmd> DATA Oct 24 13:05:44 HOSTNAME postfix/smtpd[6885]: 8CF8976401F: client=HOSTNAME[127.0.0.1] Oct 24 13:05:44 HOSTNAME amavis[6732]: (06732-01) smtp resp to MAIL (pip): 250 2.1.0 Ok Oct 24 13:05:44 HOSTNAME amavis[6732]: (06732-01) smtp resp to RCPT (pip) (<quarantine_viruswhatever.domain>): 250 2.1.5 Ok, id=06732-01, from MTA([127.0.0.1]:10025): 250 2.1.5 Ok Oct 24 13:05:44 HOSTNAME amavis[6732]: (06732-01) smtp resp to DATA: 354 End data with <CR><LF>.<CR><LF> Oct 24 13:05:44 HOSTNAME amavis[6732]: (06732-01) smtp cmd> QUIT Oct 24 13:05:44 HOSTNAME postfix/cleanup[6887]: 8CF8976401F: message-id=<!~!UENERkVCMDkAAQACAAAAAAAAAAAAAAAAABgAAAAAAA AA3lFf53Mq7UCp9Eqa+b43c8KAAAAQAAAAPc7b/FnR/EW8RL7BwAo8LAEAAA AAwhatever.domain> Oct 24 13:05:44 HOSTNAME postfix/qmgr[2213]: 8CF8976401F: from=<user1whatever.domain>, size=2752, nrcpt=1 (queue active) Oct 24 13:05:44 HOSTNAME amavis[6732]: (06732-01) smtp resp to data-dot (<quarantine_viruswhatever.domain>): 250 2.0.0 Ok: queued as 8CF8976401F Oct 24 13:05:44 HOSTNAME amavis[6732]: (06732-01) smtp resp to QUIT: 221 2.0.0 Bye Oct 24 13:05:44 HOSTNAME amavis[6732]: (06732-01) SEND via SMTP: <user1whatever.domain> -> <quarantine_viruswhatever.domain>,ENVID=AM.Y1hjJOo0QwB7.20071024T16 0544Zmail.whatever.domain BODY=7BIT 250 2.6.0 Ok, id=06732-01, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as 8CF8976401F Oct 24 13:05:44 HOSTNAME amavis[6732]: (06732-01) smtp creating socket by IO::Socket::INET: 127.0.0.1 Oct 24 13:05:44 HOSTNAME postfix/smtpd[6889]: connect from HOSTNAME[127.0.0.1] Oct 24 13:05:44 HOSTNAME amavis[6732]: (06732-01) smtp resp to greeting: 220 mail.whatever.domain ESMTP Postfix (2.4.5) Oct 24 13:05:44 HOSTNAME amavis[6732]: (06732-01) smtp cmd> EHLO localhost Oct 24 13:05:44 HOSTNAME amavis[6732]: (06732-01) smtp resp to EHLO: 250 mail.whatever.domainnPIPELININGnSIZE 15728640nVRFYnETRNnENHANCEDSTATUSCODESn8BITMIMEnDSN Oct 24 13:05:44 HOSTNAME amavis[6732]: (06732-01) AUTH not needed, user='', MTA offers '' Oct 24 13:05:44 HOSTNAME amavis[6732]: (06732-01) smtp cmd> MAIL FROM:<quarantine_viruswhatever.domain> ENVID=AM..20071024T160544Zmail.whatever.domain Oct 24 13:05:44 HOSTNAME amavis[6732]: (06732-01) smtp cmd> RCPT TO:<quarantine_viruswhatever.domain> Oct 24 13:05:44 HOSTNAME amavis[6732]: (06732-01) smtp cmd> DATA Oct 24 13:05:44 HOSTNAME postfix/smtpd[6885]: disconnect from HOSTNAME[127.0.0.1] Oct 24 13:05:44 HOSTNAME postfix/smtpd[6889]: 9E5EB764020: client=HOSTNAME[127.0.0.1] Oct 24 13:05:44 HOSTNAME amavis[6732]: (06732-01) smtp resp to MAIL (pip): 250 2.1.0 Ok Oct 24 13:05:44 HOSTNAME amavis[6732]: (06732-01) smtp resp to RCPT (pip) (<quarantine_viruswhatever.domain>): 250 2.1.5 Ok, id=06732-01, from MTA([127.0.0.1]:10025): 250 2.1.5 Ok **** Relevant entries ******************************************************** ******************************************************* Oct 24 13:05:44 HOSTNAME amavis[6732]: (06732-01) smtp resp to DATA: 354 End data with <CR><LF>.<CR><LF> Oct 24 13:05:44 HOSTNAME amavis[6890]: TIMING [total 8 ms] - bdb-open: 8 (100%)100, rundown: 0 (0%)100 Oct 24 13:05:44 HOSTNAME postfix/smtpd[6889]: lost connection after DATA from HOSTNAME[127.0.0.1] ******************************************************** ******************************************************** *********************** Oct 24 13:05:44 HOSTNAME postfix/smtpd[6889]: disconnect from HOSTNAME[127.0.0.1] Oct 24 13:05:44 HOSTNAME postfix/local[6888]: 8CF8976401F: to=<user2whatever.domain>, orig_to=<quarantine_viruswhatever.domain>, relay=local, delay=0.12, delays=0.02/0/0/0.1, dsn=2.0.0, status=sent (delivered to mailbox) Oct 24 13:05:44 HOSTNAME postfix/qmgr[2213]: 8CF8976401F: removed Oct 24 13:05:44 HOSTNAME postfix/lmtp[6882]: 6712176401D: to=<user1whatever.domain>, orig_to=<USER.1whatever.domain>, relay=127.0.0.1[127.0.0.1]:10024, delay=2379, delays=2374/0/0.01/5.6, dsn=4.4.2, status=deferred (lost connection with 127.0.0.1[127.0.0.1] while sending end of data -- message may be sent more than once) As can be seen, process amavis[6732] dies suddenly without sending the proper end of data sequence, so process postfix[6889] reports the lose of connection, which in turn leads to mail being deferred, and amavisd leaving uncleaned temporary directories. In this case, the behavior shown follows the detection of a "virus" (the EICAR test file), but a similar response can be obtained if, as a result of content filtering, the e-mail is banned. I'd really appreciate any comment on where the mistake in configuration might lay. Thanks in advance. ------------------------------------------------------------ ------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ _______________________________________________ AMaViS-user mailing list AMaViS-userlists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amav is.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/ho wto/

Re:
Slovenia	2007-11-09 19:35:51
Javier, > Amavisd-new (ver 2.5.2) > The version of Perl I'm using is 5.8.0,and relevant perl modules: > Net::Server v0.97; Mail::SpamAssassin v3.002003. > At start up, amavisd-new reports "Unicode aware, LANG=en_US.UTF-8". A brave man, running Perl 5.8.0 in an UTF-8 environment - either of the two is worrying by itself, the combination could be deadly. > Oct 24 13:05:44 HOSTNAME amavis[6732]: (06732-01) smtp resp to MAIL > (pip): 250 2.1.0 Ok > Oct 24 13:05:44 HOSTNAME amavis[6732]: (06732-01) smtp resp to RCPT > (pip) (<quarantine_viruswhatever.domain>): 250 2.1.5 Ok, id=06732-01, > from MTA([127.0.0.1]:10025): 250 2.1.5 Ok > Oct 24 13:05:44 HOSTNAME > amavis[6732]: (06732-01) smtp resp to DATA: 354 End data with > <CR><LF>.<CR><LF> > Oct 24 13:05:44 HOSTNAME amavis[6890]: TIMING [total 8 ms] - bdb-open: > 8 (100%)100, rundown: 0 (0%)100 > Oct 24 13:05:44 HOSTNAME postfix/smtpd[6889]: lost connection after > DATA from HOSTNAME[127.0.0.1] > As can be seen, process amavis[6732] dies suddenly without sending the > proper end of data sequence, so process postfix[6889] reports the lose > of connection, ... > In this case, the behavior shown > follows the detection of a "virus" (the EICAR test file), but > a similar response can be obtained if, as a result of content > filtering, the e-mail is banned. Are you saying that a clean mail does pass through normally? It seems the above log was captured at log level 4 (not 5), or that syslogd trimmed the lowest level log entries. Was the above log obtained from syslog, or was a process running nondetached (# amavisd debug ) ? What OS is this? It would be interesting to see strace or truss output before the crash point. Do not forget the -f option, which extends strace/truss to forked processes, e.g.: # su vscan $ truss -f amavisd debug Before spending too much on low-level debugging, it could save time to first upgrade perl to 5.8.8 (or at least 5.8.2). Mark ------------------------------------------------------------ ------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ _______________________________________________ AMaViS-user mailing list AMaViS-userlists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amav is.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/ho wto/

Re:
	2007-11-12 06:08:45
Mark: >Are you saying that a clean mail does pass through normally? Yes, clean mail (or for that matter, with bad headers) does pass through normally. >It seems the above log was captured at log level 4 (not 5), >or that syslogd trimmed the lowest level log entries. >Was the above log obtained from syslog, or was a process >running nondetached (# amavisd debug ) ? What OS is this? You're right, the log was captured in level four, via syslog, amavisd running as daemon. OS is Linux, kernel version 2.4.20-8 (Red Hat 9.0). Thanks for the guidelines. I'll do that and report back later. Javier -- "Lo difícil puede hacerse de inmediato. Lo imposible, toma algún tiempo más" Poul Anderson ------------------------------------------------------------ ------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ _______________________________________________ AMaViS-user mailing list AMaViS-userlists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amav is.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/ho wto/

[1-3]

about | contact Other archives ( Real Estate discussion Medical topics )