Hi Eric:
One other thing. What does it mean when we see 'simscan: no envelope
information, deferred exit'? As in the following:
2017-05-06 09:45:11.691723500 simscan: checking attachment image003.png
against .bat
2017-05-06 09:45:11.691723500 simscan: checking attachment image003.png
against .pif
2017-05-06 09:45:11.691724500 simscan: cdb looking up version attach
2017-05-06 09:45:11.691724500 simscan: runned_scanners is attach: 1.4.0
2017-05-06 09:45:11.691725500 simscan: found 1.4.0
2017-05-06 09:45:11.691725500 simscan: calling clamdscan
2017-05-06 09:45:11.728577500 simscan: clamdscan:
/var/qmail/simscan/1494081910.545549.2165: OK
2017-05-06 09:45:11.728632500 simscan: clamdscan:
2017-05-06 09:45:11.728633500 simscan: clamdscan: ----------- SCAN
SUMMARY -----------
2017-05-06 09:45:11.728672500 simscan: clamdscan: Infected files: 0
2017-05-06 09:45:11.728684500 simscan: clamdscan: Time: 0.034 sec (0 m 0 s)
2017-05-06 09:45:11.728961500 simscan: cdb looking up version clamav
2017-05-06 09:45:11.728975500 simscan: runned_scanners is attach: 1.4.0
clamav: 0.99.2/m:
2017-05-06 09:45:11.728976500 simscan: found 0.99.2/m:
2017-05-06 09:45:11.728977500 simscan: normal clamdscan return code: 0
2017-05-06 09:45:11.728998500 simscan: done, execing qmail-queue
2017-05-06 09:45:11.758794500 simscan: qmail-queue exited 0
2017-05-06 09:45:12.076061500 simscan: no envelope information, deferred
exit
2017-05-06 09:45:12.076219500 simscan: exit error code: 54
Jeff
On 5/6/2017 10:21 AM, Eric Broch wrote:
[root]#ls -ld /var/qmail/simscan
drwxr-x--- 4 clamav root 64 Apr 20 14:18 /var/qmail/simscan
[root]# ls -ld /var/qmail/simscan/*
drwxr-x--- 2 clamav root 39 Dec 23 01:26
/var/qmail/simscan/1482481568.945036.3336
drwxr-x--- 2 clamav root 73 Dec 23 01:34
/var/qmail/simscan/1482482077.257292.3618
yum reinstall simscan
On 5/5/2017 12:16 PM, Jeff Koch wrote:
Hi Eric:
What do your permissions look like for /var/qmail/simscan and it's
subdirectories ?
Also, we installed everthing from the QMT install script. What's the
procedure for removing and reinstalling simscan?
Thanks for your help.
Jeff
On 5/5/2017 1:42 PM, Eric Broch wrote:
It does look like a permission's issue. Try these steps with restart
and reload of qmail between each step
1) Check permissions on your queue, visibly (mine below <queue perms>).
2) Check /var/qmail/bin permissions (mine below <qmail bin perms>).
3) Remove and reinstall simscan
4) Try running one of the good queue repair tools like qfixq,
qmail_repair.py. With these make absolutely sure qmail is OFF, and
that there are NO straggling send processes.
<queue perms>
[root]# ls -ld /var/qmail/queue
drwxr-x--- 11 qmailq qmail 109 Apr 20 09:49 /var/qmail/queue
[root]# ls -l /var/qmail/q*
total 16
drwx------ 2 qmails qmail 6 Apr 20 09:49 bounce
drwx------ 25 qmails qmail 4096 Apr 20 09:49 info
drwx------ 2 qmailq qmail 6 May 5 08:34 intd
drwx------ 25 qmails qmail 4096 Apr 20 09:49 local
drwxr-x--- 2 qmailq qmail 48 Apr 20 12:58 lock
drwxr-x--- 25 qmailq qmail 4096 Apr 20 09:49 mess
drwx------ 2 qmailq qmail 6 May 5 08:34 pid
drwx------ 25 qmails qmail 4096 Apr 20 09:49 remote
drwxr-x--- 2 qmailq qmail 6 May 5 08:34 todo
[root]# ls -l /var/qmail/q*/*
/var/qmail/queue/bounce:
total 0
/var/qmail/queue/info:
total 0
drwx------ 2 qmails qmail 6 May 3 03:21 0
drwx------ 2 qmails qmail 6 May 3 04:52 1
drwx------ 2 qmails qmail 6 Apr 20 09:49 10
drwx------ 2 qmails qmail 6 Apr 20 09:49 11
drwx------ 2 qmails qmail 6 Apr 21 06:06 12
drwx------ 2 qmails qmail 6 Apr 20 09:49 13
drwx------ 2 qmails qmail 6 May 5 03:31 14
drwx------ 2 qmails qmail 6 Apr 20 09:49 15
drwx------ 2 qmails qmail 6 Apr 20 09:49 16
drwx------ 2 qmails qmail 6 Apr 20 09:49 17
drwx------ 2 qmails qmail 6 May 3 04:52 18
drwx------ 2 qmails qmail 6 May 5 08:34 19
drwx------ 2 qmails qmail 6 May 1 03:42 2
drwx------ 2 qmails qmail 6 May 4 03:47 20
drwx------ 2 qmails qmail 6 Apr 20 09:49 21
drwx------ 2 qmails qmail 6 Apr 20 09:49 22
drwx------ 2 qmails qmail 6 May 4 03:47 3
drwx------ 2 qmails qmail 6 May 5 08:34 4
drwx------ 2 qmails qmail 6 May 2 04:49 5
drwx------ 2 qmails qmail 6 May 1 07:21 6
drwx------ 2 qmails qmail 6 Apr 23 03:23 7
drwx------ 2 qmails qmail 6 May 2 04:49 8
drwx------ 2 qmails qmail 6 Apr 20 13:02 9
/var/qmail/queue/intd:
total 0
/var/qmail/queue/local:
total 0
drwx------ 2 qmails qmail 6 May 3 03:21 0
drwx------ 2 qmails qmail 6 May 3 04:52 1
drwx------ 2 qmails qmail 6 Apr 20 09:49 10
drwx------ 2 qmails qmail 6 Apr 20 09:49 11
drwx------ 2 qmails qmail 6 Apr 21 06:06 12
drwx------ 2 qmails qmail 6 Apr 20 09:49 13
drwx------ 2 qmails qmail 6 May 5 03:31 14
drwx------ 2 qmails qmail 6 Apr 20 09:49 15
drwx------ 2 qmails qmail 6 Apr 20 09:49 16
drwx------ 2 qmails qmail 6 Apr 20 09:49 17
drwx------ 2 qmails qmail 6 May 3 04:52 18
drwx------ 2 qmails qmail 6 May 5 08:34 19
drwx------ 2 qmails qmail 6 May 1 03:42 2
drwx------ 2 qmails qmail 6 May 4 03:47 20
drwx------ 2 qmails qmail 6 Apr 20 09:49 21
drwx------ 2 qmails qmail 6 Apr 20 09:49 22
drwx------ 2 qmails qmail 6 May 4 03:47 3
drwx------ 2 qmails qmail 6 May 5 08:34 4
drwx------ 2 qmails qmail 6 May 2 04:49 5
drwx------ 2 qmails qmail 6 May 1 07:21 6
drwx------ 2 qmails qmail 6 Apr 23 03:23 7
drwx------ 2 qmails qmail 6 May 2 04:49 8
drwx------ 2 qmails qmail 6 Apr 20 09:49 9
/var/qmail/queue/lock:
total 4
-rw------- 1 qmails qmail 0 Apr 20 09:49 sendmutex
-rw-r--r-- 1 qmailr qmail 1024 Apr 27 06:08 tcpto
prw--w--w- 1 qmails qmail 0 May 5 08:34 trigger
/var/qmail/queue/mess:
total 0
drwxr-x--- 2 qmailq qmail 6 May 3 03:21 0
drwxr-x--- 2 qmailq qmail 6 May 3 04:52 1
drwxr-x--- 2 qmailq qmail 6 Apr 20 09:49 10
drwxr-x--- 2 qmailq qmail 6 Apr 20 09:49 11
drwxr-x--- 2 qmailq qmail 6 Apr 21 06:06 12
drwxr-x--- 2 qmailq qmail 6 Apr 20 09:49 13
drwxr-x--- 2 qmailq qmail 6 May 5 03:31 14
drwxr-x--- 2 qmailq qmail 6 Apr 20 09:49 15
drwxr-x--- 2 qmailq qmail 6 Apr 20 09:49 16
drwxr-x--- 2 qmailq qmail 6 Apr 20 09:49 17
drwxr-x--- 2 qmailq qmail 6 May 3 04:52 18
drwxr-x--- 2 qmailq qmail 6 May 5 08:34 19
drwxr-x--- 2 qmailq qmail 6 May 1 03:42 2
drwxr-x--- 2 qmailq qmail 6 May 4 03:47 20
drwxr-x--- 2 qmailq qmail 6 Apr 20 09:49 21
drwxr-x--- 2 qmailq qmail 6 Apr 20 09:49 22
drwxr-x--- 2 qmailq qmail 6 May 4 03:47 3
drwxr-x--- 2 qmailq qmail 6 May 5 08:34 4
drwxr-x--- 2 qmailq qmail 6 May 2 04:49 5
drwxr-x--- 2 qmailq qmail 6 May 1 07:21 6
drwxr-x--- 2 qmailq qmail 6 Apr 23 03:23 7
drwxr-x--- 2 qmailq qmail 6 May 2 04:49 8
drwxr-x--- 2 qmailq qmail 6 Apr 20 13:02 9
/var/qmail/queue/pid:
total 0
/var/qmail/queue/remote:
total 0
drwx------ 2 qmails qmail 6 Apr 20 09:49 0
drwx------ 2 qmails qmail 6 Apr 20 09:49 1
drwx------ 2 qmails qmail 6 Apr 20 09:49 10
drwx------ 2 qmails qmail 6 Apr 20 09:49 11
drwx------ 2 qmails qmail 6 Apr 20 09:49 12
drwx------ 2 qmails qmail 6 Apr 20 09:49 13
drwx------ 2 qmails qmail 6 Apr 20 09:49 14
drwx------ 2 qmails qmail 6 Apr 20 09:49 15
drwx------ 2 qmails qmail 6 Apr 20 09:49 16
drwx------ 2 qmails qmail 6 Apr 20 09:49 17
drwx------ 2 qmails qmail 6 Apr 20 09:49 18
drwx------ 2 qmails qmail 6 Apr 20 13:10 19
drwx------ 2 qmails qmail 6 Apr 20 09:49 2
drwx------ 2 qmails qmail 6 Apr 20 09:49 20
drwx------ 2 qmails qmail 6 Apr 20 09:49 21
drwx------ 2 qmails qmail 6 Apr 20 09:49 22
drwx------ 2 qmails qmail 6 Apr 20 09:49 3
drwx------ 2 qmails qmail 6 Apr 20 09:49 4
drwx------ 2 qmails qmail 6 Apr 20 09:49 5
drwx------ 2 qmails qmail 6 Apr 20 09:49 6
drwx------ 2 qmails qmail 6 Apr 20 09:49 7
drwx------ 2 qmails qmail 6 Apr 20 09:49 8
drwx------ 2 qmails qmail 6 Apr 20 13:02 9
/var/qmail/queue/todo:
total 0
</queue perms>
<qmail bin perms>
[root]# ls -l /var/qmail/bin
total 1444
-rwxr-xr-x 1 root qmail 14480 Apr 20 09:49 bouncesaying
-rwxr-xr-x 1 root qmail 31184 Apr 20 09:49 condredirect
-rwxr-xr-x 1 root qmail 1087 Apr 20 09:49 config-fast
-rwxr-xr-x 1 root qmail 126 Apr 20 09:49 datemail
-rwxr-xr-x 1 root qmail 928 Apr 20 09:49 dh_key
-rwxr-xr-x 1 root qmail 114 Apr 20 09:49 elq
-rwxr-xr-x 1 root qmail 14480 Apr 20 09:49 except
-rwxr-xr-x 1 root qmail 31152 Apr 20 09:49 forward
-rwxr-xr-x 1 root qmail 26824 Apr 20 09:49 instcheck
-rwxr-xr-x 1 root qmail 26920 Apr 20 09:49 maildir2mbox
-rwxr-xr-x 1 root qmail 14504 Apr 20 09:49 maildirmake
-rwxr-xr-x 1 root qmail 22856 Apr 20 09:49 maildirwatch
-rwxr-xr-x 1 root qmail 179 Apr 20 09:49 mailsubj
-rwxr-xr-x 1 root qmail 8259 Apr 20 09:49 makecert.sh
-rwxr-xr-x 1 root qmail 115 Apr 20 09:49 pinq
-rwxr-xr-x 1 root qmail 18824 Apr 20 09:49 predate
-rwxr-xr-x 1 root qmail 18760 Apr 20 09:49 preline
-rwxr-xr-x 1 root qmail 115 Apr 20 09:49 qail
-rwxr-xr-x 1 root qmail 18728 Apr 20 09:49 qbiff
-rwxr-xr-x 1 root qmail 18672 Apr 20 09:49 qmail-badloadertypes
-rwxr-xr-x 1 root qmail 18672 Apr 20 09:49 qmail-badmimetypes
-rwx--x--x 1 root qmail 14680 Apr 20 09:49 qmail-clean
-rws--x--x 1 qmailq qmail 52096 Apr 20 09:49 qmail-dk
-rwx--x--x 1 root qmail 10416 Apr 20 09:49 qmail-getpw
-rwxr-xr-x 1 root qmail 51728 Apr 20 09:49 qmail-inject
-rwx--x--x 1 root qmail 64120 Apr 20 09:49 qmail-local
-rwx------ 1 root qmail 22848 Apr 20 09:49 qmail-lspawn
-rwx------ 1 root qmail 18672 Apr 20 09:49 qmail-newmrh
-rwx------ 1 root qmail 14576 Apr 20 09:49 qmail-newu
-rwx--x--x 1 root qmail 22904 Apr 20 09:49 qmail-pw2u
-rwxr-xr-x 1 root qmail 18744 Apr 20 09:49 qmail-qmqpc
-rwxr-xr-x 1 root qmail 22832 Apr 20 09:49 qmail-qmqpd
-rwxr-xr-x 1 root qmail 31032 Apr 20 09:49 qmail-qmtpd
-rwxr-xr-x 1 root qmail 22776 Apr 20 09:49 qmail-qread
-rwxr-xr-x 1 root qmail 371 Apr 20 09:49 qmail-qstat
lrwxrwxrwx 1 root root 23 Apr 20 12:58 qmail-queue ->
/var/qmail/bin/qmail-dk
-rws--x--x 1 qmailq qmail 27040 Apr 20 09:49 qmail-queue.orig
-rwx--x--x 1 root qmail 56080 Apr 20 09:49 qmail-remote
-rwx--x--x 1 root qmail 56080 Feb 6 2015 qmail-remote.orig
-rwx--x--x 1 root qmail 18704 Apr 20 09:49 qmail-rspawn
-rwx--x--x 1 root qmail 59936 Apr 20 09:49 qmail-send
-rwxr-xr-x 1 root qmail 22816 Apr 20 09:49 qmail-showctl
-rwxr-xr-x 1 root qmail 205680 Apr 20 09:49 qmail-smtpd
-rwx------ 1 root qmail 10424 Apr 20 09:49 qmail-start
-rwxr-xr-x 1 root qmail 14512 Apr 20 09:49 qmail-tcpok
-rwxr-xr-x 1 root qmail 14544 Apr 20 09:49 qmail-tcpto
-rwxr-xr-x 1 root qmail 31152 Apr 20 09:49 qreceipt
-rwxr-xr-x 1 root qmail 14568 Apr 20 09:49 qsmhook
-rwxr-xr-x 1 root qmail 14576 Apr 20 09:49 sendmail
-rws--x--x 1 clamav root 34774 Apr 6 2016 simscan
-rwsr-xr-x 1 root root 24461 Apr 6 2016 simscanmk
-rwxr-xr-x 1 root qmail 35528 Apr 20 09:49 spfquery
-rwx--x--x 1 root qmail 10504 Apr 20 09:49 splogger
-rwxr-xr-x 1 root qmail 31152 Apr 20 09:49 srsfilter
-rwxr-xr-x 1 root qmail 26864 Apr 20 09:49 tcp-env
-rwxr-xr-x 1 root root 618 Dec 24 2013 update-simscan
</qmail bin perms>
On 5/5/2017 10:29 AM, Jeff Koch wrote:
Hi Eric:
simscan debugging log seems to be showing the problem but I'll need
your help figuring out what to do about it. Here's a copy of
simscan log entries showing the 451 'qq soft reject' errors. I have
clamav disabled in simscan but you can see that simscan is still
taking apart the attachments.
Keep in mind that not all emails with attachments are having the
soft reject issue. Here are two examples where attachments
generated a soft reject and one example where it didn't.
I googled 'exit error code: 71' and found some references going
back to 2006-7 discussing group permissions on /var/qmail/simscan
and umask issues and the simscan-1.4.0-umask.patch that was
supposed to correct this problem.
Any idea what I should do to fix this problem on my server?
Thanks, Jeff Koch
Example One - showing 451 qq soft reject
2017-05-05 11:08:35.407367500 simscan: checking attachment
textfile1 against .pif
2017-05-05 11:08:35.407368500 simscan: checking attachment
textfile2 against .mp3
2017-05-05 11:08:35.407374500 simscan: checking attachment
textfile2 against .src
2017-05-05 11:08:35.407375500 simscan: checking attachment
textfile2 against .bat
2017-05-05 11:08:35.407375500 simscan: checking attachment
textfile2 against .pif
2017-05-05 11:08:35.407376500 simscan: cdb looking up version attach
2017-05-05 11:08:35.407376500 simscan: runned_scanners is attach: 1.4.0
2017-05-05 11:08:35.407377500 simscan: found 1.4.0
2017-05-05 11:08:35.407377500 simscan: clamdscan disabled
2017-05-05 11:08:35.407378500 simscan: done, execing qmail-queue
2017-05-05 11:08:35.408635500 simscan: error writing msg to
qmail-queue error: 32
2017-05-05 11:08:35.408812500 simscan: exit error code: 71
2017-05-05 11:08:35.408991500 qmail-smtpd: qq soft reject (mail
server temporarily rejected message (#4.3.0)):
MAILFROM:<v-bafkamb_ejjnbacald_dmmpeeia_dmmpeei...@bounce.em.whatxxx.com>
RCPTTO:jere...@stxxxxinternational.com
Example Two - showing 451 qq soft reject
2017-05-05 11:08:45.623775500 simscan: checking attachment ficha de
inscripcion logistica de .xlsx against .bat
2017-05-05 11:08:45.623776500 simscan: checking attachment ficha de
inscripcion logistica de .xlsx against .pif
2017-05-05 11:08:45.623778500 simscan: checking attachment FICHA DE
.xlsx against .mp3
2017-05-05 11:08:45.623779500 simscan: checking attachment ficha de
i.xlsx against .src
2017-05-05 11:08:45.623779500 simscan: checking attachment ficha de
.xlsx against .bat
2017-05-05 11:08:45.623780500 simscan: checking attachment ficha de
.xlsx against .pif
2017-05-05 11:08:45.623780500 simscan: cdb looking up version attach
2017-05-05 11:08:45.623785500 simscan: runned_scanners is attach: 1.4.0
2017-05-05 11:08:45.623785500 simscan: found 1.4.0
2017-05-05 11:08:45.623786500 simscan: clamdscan disabled
2017-05-05 11:08:45.623807500 simscan: done, execing qmail-queue
2017-05-05 11:08:45.625205500 simscan: error writing msg to
qmail-queue error: 32
2017-05-05 11:08:45.625526500 simscan: exit error code: 71
2017-05-05 11:08:45.625718500 qmail-smtpd: qq soft reject (mail
server temporarily rejected message (#4.3.0)):
MAILFROM:<77-return-9-mantenimiento=crsf.com...@seminarioxxx.com>
RCPTTO:mant...@xxxx.com.ec
Example Three - attachments but no error
2017-05-05 11:08:53.901311500 simscan: checking attachment
textfile2 against .bat
2017-05-05 11:08:53.901312500 simscan: checking attachment
textfile2 against .pif
2017-05-05 11:08:53.901312500 simscan: checking attachment
textfile3 against .mp3
2017-05-05 11:08:53.901313500 simscan: checking attachment
textfile3 against .src
2017-05-05 11:08:53.901313500 simscan: checking attachment
textfile3 against .bat
2017-05-05 11:08:53.901314500 simscan: checking attachment
textfile3 against .pif
2017-05-05 11:08:53.901316500 simscan: cdb looking up version attach
2017-05-05 11:08:53.901317500 simscan: runned_scanners is attach: 1.4.0
2017-05-05 11:08:53.901317500 simscan: found 1.4.0
2017-05-05 11:08:53.901318500 simscan: clamdscan disabled
2017-05-05 11:08:53.901339500 simscan: done, execing qmail-queue
2017-05-05 11:08:53.918481500 simscan: qmail-queue exited 0
On 5/4/2017 1:35 AM, Eric Broch wrote:
Spamdyke was not interfering with my logging when I tested, but
then again I wasn't getting any errors.
It's interesting that you see a spamd connection and spamc
(spam=no) is turned off with simcontrol.
Also, did you check /var/log/qmail/smtp/current? This is where you
should see simscan logging.
On 5/3/2017 9:38 PM, Jeff Koch wrote:
HI Eric:
Here's what I have in tcp.smtp:
:allow,BADMIMETYPE="",BADLOADERTYPE="M",CHKUSER_RCPTLIMIT="100",CHKUSER_WRONGRCPTLIMIT="10",NOP0FCHECK="1",QMAILQUEUE="/var/qmail/bin/simscan",DKQUEUE="/var/qmail/bin/qmail-queue.orig",DKVERIFY="DEGIJKfh",DKSIGN="/var/qmail/control/domainkeys/%/private"
and here's what I have in /var/qmai/control/simcontrol
:clam=yes,spam=no,spam_hits=12,attach=.mp3:.src:.bat:.pif
and I know simscan is working because I see the clamav entries in
/var/log/maillog. Note: we need to have clamav running because
the email is going to real people. But when clamav was turned off
there no simscan logging either.
Here's what I have in /var/qmail/supervise/smtp/run
#!/bin/sh
SIMSCAN_DEBUG=5
export SIMSCAN_DEBUG
QMAILDUID=`id -u vpopmail`
NOFILESGID=`id -g vpopmail`
MAXSMTPD=`cat /var/qmail/control/concurrencyincoming`
SPAMDYKE="/usr/bin/spamdyke"
SPAMDYKE_CONF="/etc/spamdyke/spamdyke.conf"
SMTPD="/var/qmail/bin/qmail-smtpd"
TCP_CDB="/etc/tcprules.d/tcp.smtp.cdb"
HOSTNAME=`hostname`
VCHKPW="/home/vpopmail/bin/vchkpw"
REQUIRE_AUTH=0
exec /usr/bin/softlimit -m 128000000 \
/usr/bin/tcpserver -v -R -H -l $HOSTNAME -x $TCP_CDB -c
"$MAXSMTPD" \
-u "$QMAILDUID" -g "$NOFILESGID" 0 smtp \
$SPAMDYKE --config-file $SPAMDYKE_CONF \
$SMTPD $VCHKPW /bin/true 2>&1
and I ran qmailctl - stop - cdb - start (Note: The HOSTNAME
entry is exactly as shown 'hostname' - we did not change it to
the actual hostname
In the /var/log/maillog we see no entries that reference
'simscan' - is that the log that the debug logging should appear in?
In this log we see entries referencing 'spamdyke', spamd, clamd,
vpopmail (vchkpw-smtp) but none that says 'simscan' ** remember
we have clamav running:
May 3 22:28:47 server spamdyke[26952]: ALLOWED
from:...................
May 3 22:31:40 server spamd[2772]: spamd: connection..............
May 3 22:31:52 server clamd[661]:
/var/qmail.............................
May 3 22:25:55 server vpopmail[26673]: vchkpw-smtp: vpopmail
user.........................
and were are still seeing DENIED_OTHER 451 rejects like this:
May 3 22:32:20 server spamdyke[27401]: DENIED_OTHER from:
3294909110062131b4b02-b17122-5f62f91568cf4aa2ad5adb71f8f94...@mg.expediaxxx.com
to: jsux...@sinpxxx.com origin_ip: 135.84.xxx.10 origin_rdns:
gears217-10.expediaxxx.com auth: (unknown) encryption: TLS
reason: 451_mail_server_temporarily_rejected_message_(#4.3.0)
As you can see we do have spamdyke running. Could that be
interfering with the logging?
Jeff
On 5/3/2017 10:09 AM, Eric Broch wrote:
Did you turn simscan on in tcp.smtp:
QMAILQUEUE=/var/qmail/bin/simscan
and stop/cdb/start qmail?
On 5/2/2017 9:08 PM, Jeff Koch wrote:
HI Eric:
I turned on simscan debugging but I don't see any 'simscan'
logging in /var/log/maillog or /var/log/qmail/smtp
Jeff
On 5/2/2017 12:27 AM, Eric Broch wrote:
I wonder if you have a permissions issue somewhere?
You could now change /var/qmail/supervise/smtp/run script to
debug simscan by adding the following settings
SIMSCAN_DEBUG=5
export SIMSCAN_DEBUG
and in tcp.smtp change
QMAILQUEUE=/var/qmail/bin/simscan
and in simcontrol change to
:clam=no, spam=no
and qmailctl stop/cdb/start
and see what the log produces.
You should (hopefully) see the reason for the failure.
On 5/1/2017 8:59 PM, Jeff Koch wrote:
Hi Eric:
Here are the results of this tests. See below:
On 4/30/2017 1:08 AM, Eric Broch wrote:
Also,
My plan was that you would change things a step at a time
(and check between steps whether qq soft rejects persisted)
in this order:
Step 1) Increase softlimit in smtp run file (stop/start/cdb
qmail) to 128000000
No effect - still seeing spamdyke DENIED_OTHER -
451_mail_server_temporarily_rejected_message_(#4.3.0)
Step 2) Change /var/qmail/control/simcontrol settings from
:clam=yes,spam=yes,spam_hits=12,attach=.mp3:.src:.bat:.pif
to
:clam=no,spam=no
this stops clamd, spamc, and ripmime.
stop/start/cdb qmail.
No effect - 451_mail_server_temporarily_rejected_message_(#4.3.0)
Step 3) Revert /var/qmail/control/simcontrol settings and
change /etc/tcprules.d/tcp.smtp
QMAILQUEUE="/var/qmail/bin/simscan"
to
QMAILQUEUE="/var/qmail/bin/qmail-queue.orig"
stop/start/cdb qmail.
So far it looks good. I've let the server run for 20 minutes
and I don't see any 'DENIED_OTHER' or 451's nor do we see any
qq soft rejects in /var/qmail/log/smtp/current.
It is interesting that spamd seems to be running. That is
probably because we use 'spamc' in a maildrop filter that
also develops a spamassassin score prior to dropping the
message into the user's mailbox. If the score is over the
threshold the filter diverts the message to the domain's spam
user's mailbox. I'm also now getting detailed spam analysis
information in the /var/log/maillog. I wasn't seeing that before.
I should point out that this is the same procedure and setup
we've used successfully for almost ten years with Bill's
Toaster. With the Bill's Toaster setup the spamassassin logs
were logged separately at /var/log/spamd/. Is it possible
that two instances of spamassassin are conflicting with each
other
The issue does seem to be related to simscan - even with spam
and clam disabled in simscan we were getting 451 rejects /
DENIED_OTHER
Please let me know what you think.
Jeff
Once we get this stop we can start adding things in one at a
time with simscan in debug mode to find out where the
problem is.
Eric
On 4/29/2017 10:26 PM, Eric Broch wrote:
Sorry, Jeff,
change
QMAILQUEUE="/var/qmail/bin/qmail-queue
QMAILQUEUE="/var/qmail/bin/qmail-queue.orig
qmail-queue is a link to qmail-dk so use qmail-queue.orig
Eric
On 4/29/2017 10:01 PM, Jeff Koch wrote:
Hi Eric:
no indication of segfaults in /var/log/messages or dmesg
softlimit is set at 100000000 (100MB)
changed clam and spam to 'no' and did qmailctl stop, cdb,
start
changed
This was the contents of tcp.smtp:
:allow,BADMIMETYPE="",BADLOADERTYPE="M",CHKUSER_RCPTLIMIT="100",CHKUSER_WRONGRCPTLIMIT="10",NOP0FCHECK="1",QMAILQUEUE="/var/qmail/bin/simscan",DKQUEUE="/var/qmail/bin/qmail-queue.orig",DKVERIFY="DEGIJKfh",DKSIGN="/var/qmail/control/domainkeys/%/private"
changed to:
:allow,BADMIMETYPE="",BADLOADERTYPE="M",CHKUSER_RCPTLIMIT="100",CHKUSER_WRONGRCPTLIMIT="10",NOP0FCHECK="1",QMAILQUEUE="/var/qmail/bin/qmail-queue",DKQUEUE="/var/qmail/bin/qmail-queue.orig",DKVERIFY="DEGIJKfh",DKSIGN="/var/qmail/control/domainkeys/%/private"
and then did qmailctl stop, cdb, start
Now the /var/log/maillog is showing many:
DENIED_OTHER from:
cap21-return-27-contabilidad=idfimportadora....@capexxxx.info
to: contabxx...@idfimpoxxxx.com origin_ip: 98.130.1.xx8
origin_rdns: mail1103.opentransfer.com auth: (unknown)
encryption: (none) reason:
554_qmail-dk:_Cannot_sign_message_due_to_invalid_message_syntax._(#5.3.0)
and /var/log/qmail/smtp
qmail-smtpd: qq hard reject (qmail-dk: Cannot sign message
due to invalid message syntax. (#5.3.0)):
MAILFROM:<323792861003aa0d40b02-b17119-1eec421bc9e947029e3ec865f716e...@mg.mailer.cxxxxtickets.com>
RCPTTO:rodx...@brxxx.com.ec
This seems weird. Not sure why the server would be trying
to sign a message that is coming to a local recipient. I
could see it signing a message being sent or relayed but
not received for a local recipient
Jeff
On 4/29/2017 2:02 PM, Eric Broch wrote:
Jeff,
In summary...
DENIED_OTHER: The connection was rejected by qmail (or
another downstream filter), not spamdyke.|REASON| will
contain the rejection message given by qmail (or other
downstream filter).
REASON:
451_mail_server_temporarily_rejected_message_(#4.3.0).
Check /var/log/messages for segfault
Check /var/qmail/supervise/smtp/run softlimit
Try this:
Edit /var/qmail/control/simcontrol and set the following
to 'no'
:clam=no,spam=no
# qmailctl stop
# qmailctl cdb
# qmailctl start
Let me know.
If that doesn't work edit /etc/tcprules.d/tcp.smtp
change
QMAILQUEUE="/var/qmail/bin/simscan"
to
QMAILQUEUE="/var/qmail/bin/qmail-queue"
Eric
On 4/29/2017 11:23 AM, Jeff Koch wrote:
Hi Erin:
Thanks, we found the tcp.smtp file at /etc/trcrules.d
and pointed spamdyke there. So that's fixed.
We also pointed the certificate file to
/var/qmail/control/servercert.pem and cleared those errors.
However, we are still seeing qq soft rejects in
/var/log/qmail/smtp/current. They seem to be related to
the matching spamdyke log entries in /var/log/maillog.
Example:
Apr 29 11:05:46 server clamd[661]:
/var/qmail/simscan/1493481946.217350.3912/msg.1493481946.217350.3912:
OK
Apr 29 11:05:46 server clamd[661]:
/var/qmail/simscan/1493481946.217350.3912/addr.1493481946.217350.3912:
OK
Apr 29 11:05:46 server clamd[661]:
/var/qmail/simscan/1493481946.217350.3912/textfile1: OK
Apr 29 11:05:46 server clamd[661]:
/var/qmail/simscan/1493481946.217350.3912/2c7fdfebf8050265e8b51bd3c2ea
58f0: OK
Apr 29 11:05:46 server spamdyke[3905]: DENIED_OTHER
from: xxxx....@pokemailing.com to: yyyy.yyy@idfim
portadora.com origin_ip: 67.211.215.94 origin_rdns:
km61.pokemailing.com auth: (unknown) encryption: (no
ne) reason:
451_mail_server_temporarily_rejected_message_(#4.3.0)
I put the clamd log entries above so you could that
clamd passed the message OK. However does anybody know
what 'DENIED OTHER" means or figure out from the message
why spamdyke rejected the message?
Jeff Koch
On 4/29/2017 1:18 AM, Eric Broch wrote:
Hi Jeff,
Do you know why spamdyke would be looking in
/home/vpopmail/etc for anything ? I've never heard of
this before.
Spamdyke's configuration directory is a link in /etc:
/etc/spamdyke -> ../opt/spamdyke/etc.
Here's my spamdyke configuration: 'cat
/etc/spamdyke/spamdyke.conf'
<spamdyke.conf>
#dns-blacklist-entry=zombie.dnsbl.sorbs.net
#dns-blacklist-entry=dul.dnsbl.sorbs.net
#dns-blacklist-entry=bogons.cymru.com
dns-blacklist-entry=zen.spamhaus.org
dns-blacklist-entry=bl.spamcop.net
graylist-dir=/var/spamdyke/graylist
graylist-level=none
graylist-max-secs=2678400
graylist-min-secs=180
greeting-delay-secs=2
header-blacklist-entry=From:*>,*<*
idle-timeout-secs=60
ip-blacklist-file=/etc/spamdyke/blacklist_ip
ip-in-rdns-keyword-blacklist-file=/etc/spamdyke/blacklist_keywords
ip-in-rdns-keyword-whitelist-file=/etc/spamdyke/whitelist_keywords
ip-whitelist-file=/etc/spamdyke/whitelist_ip
qmail-rcpthosts-file=/var/qmail/control/rcpthosts
#qmail-rcpthosts-file=/var/qmail/control/qmail-morercpthosts-cdb
log-level=info
max-recipients=50
#policy-url=http://my.policy.explanation.url/
rdns-blacklist-file=/etc/spamdyke/blacklist_rdns
rdns-whitelist-file=/etc/spamdyke/whitelist_rdns
recipient-blacklist-file=/etc/spamdyke/blacklist_recipients
recipient-whitelist-file=/etc/spamdyke/whitelist_recipients
reject-empty-rdns
#reject-ip-in-cc-rdns
reject-sender=no-mx
reject-unresolvable-rdns
sender-blacklist-file=/etc/spamdyke/blacklist_senders
sender-whitelist-file=/etc/spamdyke/whitelist_senders
tls-certificate-file=/var/qmail/control/servercert.pem
tls-level=smtp
</spamdyke.conf>
And, how did you make your certificate and where did
you put it?
Let me know if that helps.
Eric
On 4/28/2017 6:26 PM, Jeff Koch wrote:
Apr 28 09:52:29 server spamdyke[20476]: ERROR: unable
to open file for searching
/home/vpopmail/etc/open-smtp: No such file or directory
Apr 28 09:52:32 server spamdyke[20476]: ERROR: unable
to load or decrypt SSL/TLS private key from file:
/home/vpopmail/spamdyke/server_domain_net.key : A
protocol or library failure occurred,
error:0B080074:lib(11):func(128):reason(116)
Apr 28 09:52:32 server spamdyke[20476]: ERROR:
incorrect SSL/TLS private key password or SSL/TLS
certificate/privatekey
mismatch/home/vpopmail/spamdyke/server_domain_net.key
: A protocol or library failure occurred,
error:140A80B1:lib(20):func(168):reason(177)
--
Eric Broch
White Horse Technical Consulting (WHTC)
--
Eric Broch
White Horse Technical Consulting (WHTC)
--
Eric Broch
White Horse Technical Consulting (WHTC)
--
Eric Broch
White Horse Technical Consulting (WHTC)
--
Eric Broch
White Horse Technical Consulting (WHTC)
--
Eric Broch
White Horse Technical Consulting (WHTC)
--
Eric Broch
White Horse Technical Consulting (WHTC)