[qmailtoaster] Update questions
Hi guys: 1 .- Is clamav-toaster-0.90-1.3.10 compatible with simscan-toaster-1.2-1.3.1 ? 2 .- Is documentation of implementing the new SRS on the toaster available somewhere? (an step by step guide will be cool) Thanks! *-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-* | David Sanchez Martin | [EMAIL PROTECTED] Administrador de Sistemas| http://www.e2000.es E2000 Nuevas Tecnologias | | E2000 Organizacion de Empresarios|Tel : +34 902 19 61 77 Mediadores de Seguros | | Agustin Bravo Esquina Calle C| 33120 Pravia Asturias Spain | | *-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-* BEGIN:VCARD VERSION:2.1 N:Sánchez Martín;David FN:[EMAIL PROTECTED] ([EMAIL PROTECTED]) ORG:E2000 Financial Investments, S.A.;Centro de Nuevas Tecnologías TITLE:Administrador de Sistemas TEL;WORK;VOICE:902196177 ADR;WORK;ENCODING=QUOTED-PRINTABLE:;;Agust=EDn Bravo 17 2=BA B=0D=0A33120 PRAVIA;Asturias;;;Espa=F1a LABEL;WORK;ENCODING=QUOTED-PRINTABLE:Agust=EDn Bravo 17 2=BA B=0D=0A33120 PRAVIA=0D=0AAsturias=0D=0AEspa=F1a URL;WORK:http://www.e2000.es EMAIL;PREF;INTERNET:[EMAIL PROTECTED] REV:20060705T152542Z END:VCARD smime.p7s Description: S/MIME cryptographic signature
Re: [qmailtoaster] Update questions
Hi David, 1 .- Is clamav-toaster-0.90-1.3.10 compatible with simscan-toaster-1.2-1.3.1 Not 100% sure. I'd recommend upgrading simscan 2 .- Is documentation of implementing the new SRS on the toaster available somewhere? (an step by step guide will be cool) http://opensource.mco2.net/qmail/srs/ - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] clamav upgrade problem with supervise/lock
This is what me and Eric found out yesterday: If we start my toaster with clamav scanning one domain and feed it a message with an attachment, we get a phantom clamd processes eating all of my p4 2,8GHz HT CPU. Example: Top shows: PID USER PRI NI SIZE RSS SHARE STAT %CPU %MEM TIME CPU COMMAND 24177 clamav25 0 25020 21M 1532 R47.9 2.1 11:03 1 clamd 22492 clamav25 0 25020 21M 1532 R45.3 2.1 20:54 1 clamd Why are those processes phantom?`Because ps does not see them! ps -ef says: root 20192 20172 0 Feb27 pts/200:00:00 supervise clamd qmaill 20215 20193 0 Feb27 pts/200:00:00 /usr/bin/multilog t s100 n100 /var/log/ clamav 21988 20192 99 Feb27 pts/200:47:07 /usr/sbin/clamd clamav 22491 22489 0 Feb27 pts/200:00:00 clamdscan --stdout clamav 24176 24174 0 Feb27 pts/200:00:00 clamdscan --stdout As you can see, no clamd processes with PIDs 24177 or 22492. Their PIDs are +1 to the clamdscan processes, which seem to be stuck. If we kill one of those clamdscan processes, then the phantom processes seem to disappear and the other clamdscan process disappears also. Messages get delivered. Are other people having this problem seeing this phantom process behaviour also? And what kind of systems are you using? Regards, Peter - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[qmailtoaster] Control Sending externally
Hi all, How can I control which user can send external mail, and some users stays internal only? Seems like eMPF policy cannot functions anymore. Thanks Looking for earth-friendly autos? Browse Top Cars by Green Rating at Yahoo! Autos' Green Center. http://autos.yahoo.com/green_center/
Re: [qmailtoaster] clamav upgrade problem with supervise/lock
Hi The pid of your clamd (user clamav) shouldnt change and be listed as 21988 (in your exemple) as long as you dont restart it of course, and nothign else I have fc5 and centos4.4 boxes on very busy machines. I dont have those problems at all Try launching a top -u clamav you should have 1 clamd, 1 freshclam, a few spamc and multiple simscan commands clamd and freshclam should have the same PID while you monitor with top Let us know Cheers -Philip Peter Peltonen wrote: This is what me and Eric found out yesterday: If we start my toaster with clamav scanning one domain and feed it a message with an attachment, we get a phantom clamd processes eating all of my p4 2,8GHz HT CPU. Example: Top shows: PID USER PRI NI SIZE RSS SHARE STAT %CPU %MEM TIME CPU COMMAND 24177 clamav25 0 25020 21M 1532 R47.9 2.1 11:03 1 clamd 22492 clamav25 0 25020 21M 1532 R45.3 2.1 20:54 1 clamd Why are those processes phantom?`Because ps does not see them! ps -ef says: root 20192 20172 0 Feb27 pts/200:00:00 supervise clamd qmaill 20215 20193 0 Feb27 pts/200:00:00 /usr/bin/multilog t s100 n100 /var/log/ clamav 21988 20192 99 Feb27 pts/200:47:07 /usr/sbin/clamd clamav 22491 22489 0 Feb27 pts/200:00:00 clamdscan --stdout clamav 24176 24174 0 Feb27 pts/200:00:00 clamdscan --stdout As you can see, no clamd processes with PIDs 24177 or 22492. Their PIDs are +1 to the clamdscan processes, which seem to be stuck. If we kill one of those clamdscan processes, then the phantom processes seem to disappear and the other clamdscan process disappears also. Messages get delivered. Are other people having this problem seeing this phantom process behaviour also? And what kind of systems are you using? Regards, Peter - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [qmailtoaster] virus logging
Hi Eric, In fact you (and others) have not received any replies from this tool... I've just checked that :( The problem is that if I deliver the mail directly to your mail servers (as I'd like to do) it get's rejected because this server is still in a dynamic IP range - I will change it for a fixed IP subnet but only in 2-3 weeks timeframe. I've tryed overcoming this problem by delivering these messages through my ISP's SMTP server but then it get's blocked on my ISP's anti-virus... Nevertheless I'm still adding (and correcting) a few features and it will be ready when I have the new IP subnet. I'll annouce it by then. Bets regards, Fernando De: Eric Shubes [mailto:[EMAIL PROTECTED] Enviada: qua 28-02-2007 6:23 Para: qmailtoaster-list@qmailtoaster.com Assunto: Re: [qmailtoaster] virus logging Fernando Azevedo wrote: Hi Eric, You should have something like 2007-02-27 22:18:04.077743500 /var/qmail/simscan/1172614683.760056.24955/eicar.com: Eicar-Test-Signature FOUND in your /var/log/qmail/clamd/current... Also, in /var/log/qmail/smtp/current there sould be something like 2007-02-27 22:18:04.078157500 simscan:[24953]:VIRUS:0.3182s:Eicar-Test-Signature:85.241.34.175:[EMAIL PROTECTED]:[EMAIL PROTECTED]... At least these 2 lines should be in your logs. Yeah, I know that's what I *should* have, and do get with clamav-toaster-0.88.7-1.3.7. Has anyone seen these messages with clamav-toaster-0.90-1.3.10? I'm kinda stumped. I get the rejection from the receiving toaster, but the receiving toaster's log not only shows nothing in the clamav log, it shows nothing in the smtp log too. I can't figure out how that could happen. If you want to test your server again please send an e-mail to [EMAIL PROTECTED] with --virus (without the quotes) anywhere in the body of the message. I tried this, and didn't receive anything back that I recognized in the logs. Tested this with clamav-toaster-0.88.7-1.3.7. By the way, e-mails sent to this address trigger a small script to test anti-virus and anti-spam configuration (among other things to come) in remote mail servers. If any of you guys care to test and use this please send an e-mail to [EMAIL PROTECTED] with --help (without the quotes) anywhere in the body of the message to receive the description and usage instructions. This script is still in beta (or better, alpha) stage therefore any feedback is most welcome. I tried this too, but didn't get a reply. What IP should reply be coming from? Sounds like a nice too, Fernando. I hope you get it working soon! ;) Best regards, Fernando -Original Message- From: Eric Shubes [mailto:[EMAIL PROTECTED] Sent: terça-feira, 27 de Fevereiro de 2007 19:22 To: qmailtoaster-list Subject: [qmailtoaster] virus logging I just sent a test virus to a new toaster w/ clamav-0.90 installed. The message rejected just fine, but I don't see any messages at all in the clamd or smtp logs pertaining to this email. I can't imagine why there wouldn't be at least some smtp log messages. Can someone test receiving the eicar virus from an external domain and verify this behavior? I'm kinda stumped. -- -Eric 'shubes' - QmailToaster hosted by: VR Hosted http://www.vr.org http://www.vr.org/ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] winmail.dat- QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [qmailtoaster] virus logging
Eric, The log messages that I have copied and pasted in my previous e-mail were collected from my test server running clamav-toaster-0.90-1-3-10. Regards, Fernando De: Eric Shubes [mailto:[EMAIL PROTECTED] Enviada: qua 28-02-2007 6:23 Para: qmailtoaster-list@qmailtoaster.com Assunto: Re: [qmailtoaster] virus logging Yeah, I know that's what I *should* have, and do get with clamav-toaster-0.88.7-1.3.7. Has anyone seen these messages with clamav-toaster-0.90-1.3.10? I'm kinda stumped. I get the rejection from the receiving toaster, but the receiving toaster's log not only shows nothing in the clamav log, it shows nothing in the smtp log too. I can't figure out how that could happen. winmail.dat- QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] virus logging
Eric Shubes wrote: Fernando Azevedo wrote: Hi Eric, You should have something like 2007-02-27 22:18:04.077743500 /var/qmail/simscan/1172614683.760056.24955/eicar.com: Eicar-Test-Signature FOUND in your /var/log/qmail/clamd/current... Also, in /var/log/qmail/smtp/current there sould be something like 2007-02-27 22:18:04.078157500 simscan:[24953]:VIRUS:0.3182s:Eicar-Test-Signature:85.241.34.175:[EMAIL PROTECTED]:[EMAIL PROTECTED]... At least these 2 lines should be in your logs. Yeah, I know that's what I *should* have, and do get with clamav-toaster-0.88.7-1.3.7. Has anyone seen these messages with clamav-toaster-0.90-1.3.10? I'm kinda stumped. I get the rejection from the receiving toaster, but the receiving toaster's log not only shows nothing in the clamav log, it shows nothing in the smtp log too. I can't figure out how that could happen. If you want to test your server again please send an e-mail to [EMAIL PROTECTED] with --virus (without the quotes) anywhere in the body of the message. I tried this, and didn't receive anything back that I recognized in the logs. Tested this with clamav-toaster-0.88.7-1.3.7. I'm still running 0.88 on all my machines. I haven't really been paying a lot of attention to the thread, but have you tried to see if it logs the virus when the double logging is enabled? smime.p7s Description: S/MIME Cryptographic Signature
Re: [qmailtoaster] Update questions
Erik A. Espinoza wrote: 2 .- Is documentation of implementing the new SRS on the toaster available somewhere? (an step by step guide will be cool) http://opensource.mco2.net/qmail/srs/ It's now in the wiki under Configuration. smime.p7s Description: S/MIME Cryptographic Signature
RE: [qmailtoaster] RE: ezmlm warning
-Original Message- From: Jake Vickers [mailto:[EMAIL PROTECTED] Sent: Tuesday, February 27, 2007 6:45 PM To: qmailtoaster-list@qmailtoaster.com Subject: Re: [qmailtoaster] RE: ezmlm warning Steve Ingraham wrote: Below is a message I have been receiving from the qmailtoaster-list-help email for some time now. Can someone explain what exactly is going on and what I can look at to see why messages would be bouncing when sent to [EMAIL PROTECTED] I am receiving emails from the qmailtoaster list on a daily basis so I don't understand why I would be continually receiving messages that tell me that messages are bouncing. Any help is appreciated. I get those messages from time to time (or used to). It's nothing to worry about, unless you start to see dozens of emails being bounced. You can follow the request directions in the email and request a copy of the email in question, but I think you'll see it's a spam message spoof. Ok, thanks. I didn't know if I should worry about them or not as I am getting at least one a day. - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] Update questions
Jake Vickers wrote: Erik A. Espinoza wrote: 2 .- Is documentation of implementing the new SRS on the toaster available somewhere? (an step by step guide will be cool) http://opensource.mco2.net/qmail/srs/ It's now in the wiki under Configuration. Thanks, Jake. FWIW, I moved the link from the main page to the Configuration page so that it shows up in the Configuration TOC. ;) -- -Eric 'shubes' - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] virus logging
Hey Fernando, Yeah, my server is on a pseudo-static address. I finally got a delivery failure message from my server. It took a while because the rejection is a 4xx (temporary) failure: Remote host said: 451 Dynamic/Residential IP range listed by NJABL dynablock - http://njabl.org/dynablock.html Giving up on 85.241.34.175. Fernando Azevedo wrote: Hi Eric, In fact you (and others) have not received any replies from this tool... I've just checked that :( The problem is that if I deliver the mail directly to your mail servers (as I'd like to do) it get's rejected because this server is still in a dynamic IP range - I will change it for a fixed IP subnet but only in 2-3 weeks timeframe. I get around that by using dyndns.org's mailhop service (on selected domains via smtproutes). A static IP is definitely preferable though. I've added the reflector's domain to my smtproutes and tested help again (so you'll get my message now), but I won't get your reply until you fix your end. :( I've tryed overcoming this problem by delivering these messages through my ISP's SMTP server but then it get's blocked on my ISP's anti-virus... Nevertheless I'm still adding (and correcting) a few features and it will be ready when I have the new IP subnet. I'll annouce it by then. Sounds great, FA. Bets regards, Fernando -- -Eric 'shubes' - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] virus logging
Jake Vickers wrote: Eric Shubes wrote: Fernando Azevedo wrote: Hi Eric, You should have something like 2007-02-27 22:18:04.077743500 /var/qmail/simscan/1172614683.760056.24955/eicar.com: Eicar-Test-Signature FOUND in your /var/log/qmail/clamd/current... Also, in /var/log/qmail/smtp/current there sould be something like 2007-02-27 22:18:04.078157500 simscan:[24953]:VIRUS:0.3182s:Eicar-Test-Signature:85.241.34.175:[EMAIL PROTECTED]:[EMAIL PROTECTED]... At least these 2 lines should be in your logs. Yeah, I know that's what I *should* have, and do get with clamav-toaster-0.88.7-1.3.7. Has anyone seen these messages with clamav-toaster-0.90-1.3.10? I'm kinda stumped. I get the rejection from the receiving toaster, but the receiving toaster's log not only shows nothing in the clamav log, it shows nothing in the smtp log too. I can't figure out how that could happen. If you want to test your server again please send an e-mail to [EMAIL PROTECTED] with --virus (without the quotes) anywhere in the body of the message. I tried this, and didn't receive anything back that I recognized in the logs. Tested this with clamav-toaster-0.88.7-1.3.7. I'm still running 0.88 on all my machines. I haven't really been paying a lot of attention to the thread, but have you tried to see if it logs the virus when the double logging is enabled? Yeah, I just tried that last night. No go. -- -Eric 'shubes' - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] virus logging
Hey FA, What do you know? I just got back the --help request from your reflector! This is the one I sent after I changed my smtproutes for your domain. FWIW, the time is off. You need to look into that. Fernando Azevedo wrote: Hi Eric, In fact you (and others) have not received any replies from this tool... I've just checked that :( The problem is that if I deliver the mail directly to your mail servers (as I'd like to do) it get's rejected because this server is still in a dynamic IP range - I will change it for a fixed IP subnet but only in 2-3 weeks timeframe. I've tryed overcoming this problem by delivering these messages through my ISP's SMTP server but then it get's blocked on my ISP's anti-virus... Nevertheless I'm still adding (and correcting) a few features and it will be ready when I have the new IP subnet. I'll annouce it by then. Bets regards, Fernando -- -Eric 'shubes' - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] clamav upgrade problem with supervise/lock
Hi, On 2/28/07, Philip [EMAIL PROTECTED] wrote: Try launching a top -u clamav you should have 1 clamd, 1 freshclam, a few spamc and multiple simscan commands clamd and freshclam should have the same PID while you monitor with top This is what I get. I follow user clamav's processes in top and this is what I see before I have enabled any domains to be scanned with clamav: PID USER PRI NI SIZE RSS SHARE STAT %CPU %MEM TIME CPU COMMAND 20466 clamav15 0 1624 1624 1256 S 0.0 0.1 0:00 1 freshclam 32645 clamav25 0 23936 18M 844 S 0.0 1.8 0:02 0 clamd After enabling clamav for one domain and sending an email with attachment to it I see: PID USER PRI NI SIZE RSS SHARE STAT %CPU %MEM TIME CPU COMMAND 17742 clamav25 0 47588 42M 1444 R50.1 4.2 1:00 1 clamd 20466 clamav15 0 1624 1624 1256 S 0.0 0.1 0:00 1 freshclam 32645 clamav19 0 47588 42M 1444 S 0.0 4.2 0:06 1 clamd 17739 clamav20 0 572 572 356 S 0.0 0.0 0:00 1 simscan 17741 clamav24 0 1152 1152 920 S 0.0 0.1 0:00 1 clamdscan the first clamd process seen by top is new and cannot been seen with ps: # ps -ef |grep clam clamav 20466 1 0 Feb27 ?00:00:00 /usr/bin/freshclam -d -p /var/run/clamav/freshclam.pid root 32624 32603 0 00:45 pts/200:00:00 supervise clamd clamav 32645 32624 0 00:45 pts/200:02:51 /usr/sbin/clamd qmaill 32646 32625 0 00:45 pts/200:00:00 /usr/bin/multilog t s100 n100 /var/log/qmail/clamd clamav 17739 17737 0 18:07 pts/200:00:00 /var/qmail/bin/simscan clamav 17741 17739 0 18:07 pts/200:00:00 clamdscan --stdout root 18129 7112 0 18:10 pts/200:00:00 grep clam As it's PID is +1 to the clamdscan process, one might think that it is created by it? Regards, Peter - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] clamav upgrade problem with supervise/lock
On 2/28/07, Peter Peltonen [EMAIL PROTECTED] wrote: After enabling clamav for one domain and sending an email with attachment to it I see: PID USER PRI NI SIZE RSS SHARE STAT %CPU %MEM TIME CPU COMMAND 17742 clamav25 0 47588 42M 1444 R50.1 4.2 1:00 1 clamd 20466 clamav15 0 1624 1624 1256 S 0.0 0.1 0:00 1 freshclam 32645 clamav19 0 47588 42M 1444 S 0.0 4.2 0:06 1 clamd 17739 clamav20 0 572 572 356 S 0.0 0.0 0:00 1 simscan 17741 clamav24 0 1152 1152 920 S 0.0 0.1 0:00 1 clamdscan I enabled the PPID field in top and saw that the parent for the 17742 process was 32624, which was: # ps -ef |grep 32624 root 32624 32603 0 00:45 pts/200:00:00 supervise clamd clamav 32645 32624 1 00:45 pts/200:21:01 /usr/sbin/clamd Now I noticed that I had another phantom clamd process with PID 19309 (PPID being also 32624). Together they ate 100 % of my cpu. This also happened yesterday: the phantom processes seem to work in pairs, probably due to the hyperthreaded nature of my CPU. When the other is killed the other disappears also: I killed 19309 which apparently terminated 17742 too (at least it disappeared from top) and I got my emails delivered. In double (which also happened yesterday). So supervise is doing something funny with clamav... BTW Philip, are those qmailtoasters of yours multiprocessor/hyperthreaded/multicore systems? Peter - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[qmailtoaster] A lot of spam passing through
Hello everyone, I have the following installation, and a lot o spam is passing through, What recomendations do you suggest ? I am using Centos 4.2 daemontools-toaster-0.76-1.2.9 ezmlm-toaster-0.53.324-1.2.10 squirrelmail-toaster-1.4.5-1.2.13 ucspi-tcp-toaster-0.88-1.2.9 courier-imap-toaster-3.0.8-1.2.9 ezmlm-cgi-toaster-0.53.324-1.2.10 qmailtoaster-plus-0.2.2-1.3.4 maildrop-toaster-devel-1.8.1-1.2.10 spamassassin-toaster-3.1.0-1.2.11 vpopmail-toaster-5.4.10-1.2.10 autorespond-toaster-2.0.4-1.2.8 qmailadmin-toaster-1.2.9-1.2.11 isoqlog-toaster-2.1-1.2.9 clamav-toaster-0.87.1-1.2.10 qmail-toaster-1.03-1.2.10 control-panel-toaster-0.5-1.2.8 qmailmrtg-toaster-4.2-1.2.8 simscan-toaster-1.1-1.2.6 qmail-pop3d-toaster-1.03-1.2.10 maildrop-toaster-1.8.1-1.2.10 vqadmin-toaster-2.3.4-1.2.12 I have RulesDuJour, that I run every once in a while this is my local.cf # These values can be overridden by editing ~/.spamassassin/user_prefs.cf # (see spamassassin(1) for details) # These should be safe assumptions and allow for simple visual sifting # without risking lost emails. ok_locales all skip_rbl_checks 1 required_hits 3 report_safe 0 rewrite_header Subject ***SPAM*** use_pyzor 1 use_auto_whitelist 1 use_bayes 1 use_bayes_rules 1 bayes_auto_learn 1 Thanks - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] A lot of spam passing through
Guillermo Villasana wrote: Hello everyone, I have the following installation, and a lot o spam is passing through, What recomendations do you suggest ? If you want to stop/delete it, try some more RBLs in your blacklists file and also adjust your spam_hits in simcontrol to a lower number. smime.p7s Description: S/MIME Cryptographic Signature
Re: [qmailtoaster] clamav upgrade problem with supervise/lock
Hi Peter 32645 is the only pid you should see did you by any chance try to rebuild the rpm ? Yes Pentium D, Core Duo and Xenon 5130 machines all with smp kernels What's your distrib Peter (sorry if you already mentioned it :)) Peter Peltonen wrote: On 2/28/07, Peter Peltonen [EMAIL PROTECTED] wrote: After enabling clamav for one domain and sending an email with attachment to it I see: PID USER PRI NI SIZE RSS SHARE STAT %CPU %MEM TIME CPU COMMAND 17742 clamav25 0 47588 42M 1444 R50.1 4.2 1:00 1 clamd 20466 clamav15 0 1624 1624 1256 S 0.0 0.1 0:00 1 freshclam 32645 clamav19 0 47588 42M 1444 S 0.0 4.2 0:06 1 clamd 17739 clamav20 0 572 572 356 S 0.0 0.0 0:00 1 simscan 17741 clamav24 0 1152 1152 920 S 0.0 0.1 0:00 1 clamdscan I enabled the PPID field in top and saw that the parent for the 17742 process was 32624, which was: # ps -ef |grep 32624 root 32624 32603 0 00:45 pts/200:00:00 supervise clamd clamav 32645 32624 1 00:45 pts/200:21:01 /usr/sbin/clamd Now I noticed that I had another phantom clamd process with PID 19309 (PPID being also 32624). Together they ate 100 % of my cpu. This also happened yesterday: the phantom processes seem to work in pairs, probably due to the hyperthreaded nature of my CPU. When the other is killed the other disappears also: I killed 19309 which apparently terminated 17742 too (at least it disappeared from top) and I got my emails delivered. In double (which also happened yesterday). So supervise is doing something funny with clamav... BTW Philip, are those qmailtoasters of yours multiprocessor/hyperthreaded/multicore systems? Peter - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] A lot of spam passing through
I had to remove several RBLs, because they were making the system very slow or my users wouldn't be able to send mail, I don't remember if this versions have the outgoing port? I will try lowering the simcontrol, and the patch to check if an RBL server is not responding to be skipped. Jake Vickers wrote: Guillermo Villasana wrote: Hello everyone, I have the following installation, and a lot o spam is passing through, What recomendations do you suggest ? daemontools-toaster-0.76-1.2.9 ezmlm-toaster-0.53.324-1.2.10 squirrelmail-toaster-1.4.5-1.2.13 ucspi-tcp-toaster-0.88-1.2.9 courier-imap-toaster-3.0.8-1.2.9 ezmlm-cgi-toaster-0.53.324-1.2.10 qmailtoaster-plus-0.2.2-1.3.4 maildrop-toaster-devel-1.8.1-1.2.10 spamassassin-toaster-3.1.0-1.2.11 vpopmail-toaster-5.4.10-1.2.10 autorespond-toaster-2.0.4-1.2.8 qmailadmin-toaster-1.2.9-1.2.11 isoqlog-toaster-2.1-1.2.9 clamav-toaster-0.87.1-1.2.10 qmail-toaster-1.03-1.2.10 control-panel-toaster-0.5-1.2.8 qmailmrtg-toaster-4.2-1.2.8 simscan-toaster-1.1-1.2.6 qmail-pop3d-toaster-1.03-1.2.10 maildrop-toaster-1.8.1-1.2.10 vqadmin-toaster-2.3.4-1.2.12 If you want to stop/delete it, try some more RBLs in your blacklists file and also adjust your spam_hits in simcontrol to a lower number. - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] clamav upgrade problem with supervise/lock
On 2/28/07, Philip Nix Guru [EMAIL PROTECTED] wrote: Hi Peter 32645 is the only pid you should see did you by any chance try to rebuild the rpm ? Yes Pentium D, Core Duo and Xenon 5130 machines all with smp kernels What's your distrib Peter (sorry if you already mentioned it :)) I have not seen such phantom PIDs before either... I am running CentOS 3.8. I haven't tried rebuilding the rpm. It was actually built on another CentOS 3 box. I'll have to try that too. We are resolving the issue at #QmailToaster channel at freenode irc server with Eric at the moment. If you have time, join us? Peter - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] A lot of spam passing through
Guillermo Villasana wrote: I had to remove several RBLs, because they were making the system very slow or my users wouldn't be able to send mail, I don't remember if this versions have the outgoing port? I will try lowering the simcontrol, and the patch to check if an RBL server is not responding to be skipped. And bear in mind that a couple of the RBL's are no longer around This caused quite a problem, which is the reason the patch came out. smime.p7s Description: S/MIME Cryptographic Signature
[qmailtoaster] Qmailtoaster without my own DNS
Hello I am setting up Qmailtoaster on a server and will be using another company's DNS services where I cannot create TXT records. Is it still worthwhile to install/configure libdomainkeys? Nutshell: are there any components in Qmailtoaster (for CentOS 4.4) that will not add useful functionality given I can only create A, CNAME, NS, and MX records on the authoritative DNS? - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]