MailScanner Overload...
Clay Goss
claygoss at gosscomputerprojects.net
Tue Nov 3 18:31:42 GMT 2009
I am having fits with a mail server running MailScanner. For many a year
now, it has just hummed along without much fuss - about 1 year ago, I
doubled the RAM after it got sluggish, but lately... I restart it - all
seems well, but after 12 to 48 hours, it comes to its knees. The box is
marginal - I'm building a new one, but for now, I need to keep this one up.
When things have gone south, I find:
The named server has crashed out....
SpamAssassin is timing out, being killed and restarted...
I have many "MailScanner" and "sendmail" processes running, to the point
that I must execute "service MailScanner stop" 4, 5, 6 times to get all the
MailScanner instances stopped and then "service sendmail stop" a few times
to stop all of those. Then I can restart everything and its good for
another 12 to 48.
The box is a PIII with 768 MB RAM. Any help much appreciated.
Here are the versions of the items I believe are pertinent:
bind-9.2.5-3
bind-libs-9.2.5-3
bind-utils-9.2.5-3
fedora-release-3-8
kernel-2.6.12-1.1381_FC3
mailscanner-4.68.8-1
MailScanner-perl-MIME-Base64-3.05-5
perl-5.8.5-24.FC3
perl-Archive-Tar-1.08-3
perl-Bit-Vector-6.3-3
perl-Compress-Zlib-1.41-1
perl-Convert-BinHex-1.119-2
perl-Crypt-OpenSSL-Bignum-0.03-1.1.fc3.rf
perl-Date-Calc-5.3-9
perl-DateManip-5.42a-3
perl-DBD-SQLite-1.13-1
perl-DBI-1.56-1
perl-Devel-Symdump-2.03-19
perl-Digest-SHA1-2.11-1
perl-File-MMagic-1.21-2
perl-File-Temp-0.19-1
perl-Filesys-Df-0.90-1
perl-Filter-Simple-0.79-4
perl-HTML-Parser-3.56-1
perl-HTML-Tagset-3.03-30
perl-IO-1.2301-1
perl-IO-stringy-2.110-1
perl-libwww-perl-5.79-5
perl-libxml-enno-1.02-31
perl-libxml-perl-0.07-30
perl-MailTools-2.02-1
perl-Math-BigInt-1.86-1
perl-Math-BigRat-0.19-1
perl-MIME-Base64-3.07-1
perl-MIME-tools-5.425-1
perl-Net-CIDR-0.11-1
perl-Net-DNS-0.63-1
perl-Net-IP-1.25-1
perl-NKF-2.04-3
perl-Parse-RecDescent-1.94-4
perl-Parse-Yapp-1.05-32
perl-PDL-2.4.1-5
perl-Pod-Escapes-1.04-1
perl-RPM2-0.66-7
perl-SGMLSpm-1.03ii-14
perl-suidperl-5.8.5-24.FC3
perl-Sys-Hostname-Long-1.4-1
perl-Sys-Syslog-0.18-1
perl-TermReadKey-2.20-17
perl-Test-Simple-0.70-1
perl-Text-Kakasi-1.05-11
perl-Time-HiRes-1.9707-1
perl-TimeDate-1.16-3
perl-XML-Dumper-0.71-2
perl-XML-Grove-0.46alpha-27
perl-XML-Twig-3.13-6
sendmail-8.13.1-2
sendmail-cf-8.13.1-2
sendmail-devel-8.13.1-2
sendmail-doc-8.13.1-2
spamass-milter-0.2.0-1.1.fc3.rf
spamassassin-3.0.4-2.fc3
And here is the MailScanner.conf:
%org-name% = MY_NET
%org-long-name% = My Net Place %web-site% = www.My.net %etc-dir% =
/etc/MailScanner %report-dir% = /etc/MailScanner/reports/en %rules-dir% =
/etc/MailScanner/rules %mcp-dir% = /etc/MailScanner/mcp Max Children = 5 Run
As User = Run As Group = Queue Scan Interval = 30 Incoming Queue Dir =
/var/spool/mqueue.in Outgoing Queue Dir = /var/spool/mqueue Incoming Work
Dir = /var/spool/MailScanner/incoming Quarantine Dir =
/var/spool/MailScanner/quarantine PID file = /var/run/MailScanner.pid
Restart Every = 7200 MTA = sendmail Sendmail = /usr/sbin/sendmail
Sendmail2 = /usr/sbin/sendmail
Incoming Work User =
Incoming Work Group =
Incoming Work Permissions = 0600
Quarantine User =
Quarantine Group =
Quarantine Permissions = 0600
Max Unscanned Bytes Per Scan = 100m
Max Unsafe Bytes Per Scan = 50m
Max Unscanned Messages Per Scan = 30
Max Unsafe Messages Per Scan = 30
Max Normal Queue Size = 800
Scan Messages = yes
Reject Message = no
Maximum Attachments Per Message = 200
Expand TNEF = yes
Use TNEF Contents = replace
Deliver Unparsable TNEF = no
TNEF Expander = /usr/bin/tnef --maxsize=100000000 TNEF Timeout = 120 File
Command = /usr/bin/file File Timeout = 50 Gunzip Command = /bin/gunzip
Gunzip Timeout = 50 Unrar Command = /usr/bin/unrar Unrar Timeout = 50 Find
UU-Encoded Files = no Maximum Message Size =
%rules-dir%/max.message.size.rules
Maximum Attachment Size = -1
Minimum Attachment Size = -1
Maximum Archive Depth = 2
Find Archives By Content = yes
Zip Attachments = no
Attachments Zip Filename = MessageAttachments.zip Attachments Min Total Size
To Zip = 100k Attachment Extensions Not To Zip = .zip .rar .gz .tgz .jpg
.jpeg .mpg .mpe .mpeg .mp3 .rpm .htm .html .eml Virus Scanning = yes Virus
Scanners = auto Virus Scanner Timeout = 300 Deliver Disinfected Files = no
Silent Viruses = HTML-IFrame All-Viruses Still Deliver Silent Viruses = no
Non-Forging Viruses = Joke/ OF97/ WM97/ W97M/ eicar Block Encrypted Messages
= no Block Unencrypted Messages = no Allow Password-Protected Archives = yes
Check Filenames In Password-Protected Archives = yes Allowed Sophos Error
Messages = Sophos IDE Dir = /opt/sophos-av/lib/sav Sophos Lib Dir =
/opt/sophos-av/lib Monitors For Sophos Updates =
/opt/sophos-av/lib/sav/*.ide Monitors for ClamAV Updates =
/usr/local/share/clamav/*.inc/* /usr/local/share/clamav/*.cvd ClamAVmodule
Maximum Recursion Level = 8 ClamAVmodule Maximum Files = 1000 ClamAVmodule
Maximum File Size = 10000000 # (10 Mbytes) ClamAVmodule Maximum Compression
Ratio = 250 Clamd Port = 3310 Clamd Socket = /tmp/clamd Clamd Lock File = #
/var/lock/subsys/clamd Clamd Use Threads = no ClamAV Full Message Scan = yes
Fpscand Port = 10200 Dangerous Content Scanning = yes Allow Partial Messages
= no Allow External Message Bodies = no Find Phishing Fraud = yes Also Find
Numeric Phishing = yes Use Stricter Phishing Net = yes Highlight Phishing
Fraud = yes Phishing Safe Sites File = %etc-dir%/phishing.safe.sites.conf
Phishing Bad Sites File = %etc-dir%/phishing.bad.sites.conf Country
Sub-Domains List = %etc-dir%/country.domains.conf Allow IFrame Tags = disarm
Allow Form Tags = disarm Allow Script Tags = disarm Allow WebBugs = disarm
Ignored Web Bug Filenames = spacer pixel.gif pixel.png gap shim Known Web
Bug Servers = msgtag.com Web Bug Replacement =
http://www.mailscanner.tv/1x1spacer.gif
Allow Object Codebase Tags = disarm
Convert Dangerous HTML To Text = no
Convert HTML To Text = no
Allow Filenames =
Deny Filenames =
Filename Rules = %etc-dir%/filename.rules.conf Allow Filetypes = Allow File
MIME Types = Deny Filetypes = Deny File MIME Types = Filetype Rules =
%etc-dir%/filetype.rules.conf Quarantine Infections = yes Quarantine Silent
Viruses = no Quarantine Modified Body = no Quarantine Whole Message = no
Quarantine Whole Messages As Queue Files = no Keep Spam And MCP Archive
Clean = yes Language Strings = %report-dir%/languages.conf Rejection Report
= %report-dir%/rejection.report.txt Deleted Bad Content Message Report =
%report-dir%/deleted.content.message.txt
Deleted Bad Filename Message Report =
%report-dir%/deleted.filename.message.txt
Deleted Virus Message Report = %report-dir%/deleted.virus.message.txt
Deleted Size Message Report = %report-dir%/deleted.size.message.txt
Stored Bad Content Message Report = %report-dir%/stored.content.message.txt
Stored Bad Filename Message Report =
%report-dir%/stored.filename.message.txt
Stored Virus Message Report = %report-dir%/stored.virus.message.txt
Stored Size Message Report = %report-dir%/stored.size.message.txt
Disinfected Report = %report-dir%/disinfected.report.txt
Inline HTML Signature = %report-dir%/inline.sig.html Inline Text Signature =
%report-dir%/inline.sig.txt Signature Image Filename = %report-dir%/sig.jpg
Signature Image <img> Filename = signature.jpg Inline HTML Warning =
%report-dir%/inline.warning.html Inline Text Warning =
%report-dir%/inline.warning.txt
Sender Content Report = %report-dir%/sender.content.report.txt
Sender Error Report = %report-dir%/sender.error.report.txt
Sender Bad Filename Report = %report-dir%/sender.filename.report.txt
Sender Virus Report = %report-dir%/sender.virus.report.txt
Sender Size Report = %report-dir%/sender.size.report.txt
Hide Incoming Work Dir = yes
Include Scanner Name In Reports = yes
Mail Header = X-%org-name%-MailScanner:
Spam Header = X-%org-name%-MailScanner-SpamCheck:
Spam Score Header = X-%org-name%-MailScanner-SpamScore:
Information Header = X-%org-name%-MailScanner-Information:
Add Envelope From Header = yes
Add Envelope To Header = no
Envelope From Header = X-%org-name%-MailScanner-From:
Envelope To Header = X-%org-name%-MailScanner-To:
Spam Score Character = s
SpamScore Number Instead Of Stars = no
Minimum Stars If On Spam List = 0
Clean Header Value = Found to be clean
Infected Header Value = Found to be infected
Disinfected Header Value = Disinfected
Information Header Value = Please contact the ISP for more information
Detailed Spam Report = yes Include Scores In SpamAssassin Report = yes
Always Include SpamAssassin Report = no Multiple Headers = append Hostname =
the %org-name% ($HOSTNAME) MailScanner Sign Messages Already Processed = no
Sign Clean Messages = yes Attach Image To Signature = no Attach Image To
HTML Message Only = yes Mark Infected Messages = yes Mark Unscanned Messages
= yes Unscanned Header Value = Not scanned: please contact your Internet
E-Mail Service Provider for details Remove These Headers = X-Mozilla-Status:
X-Mozilla-Status2:
Deliver Cleaned Messages = yes
Notify Senders = no
Notify Senders Of Viruses = no
Notify Senders Of Blocked Filenames Or Filetypes = no Notify Senders Of
Blocked Size Attachments = no Notify Senders Of Other Blocked Content = yes
Never Notify Senders Of Precedence = list bulk Scanned Modify Subject = no #
end Scanned Subject Text = {Scanned} Virus Modify Subject = start Virus
Subject Text = {Virus?} Filename Modify Subject = start Filename Subject
Text = {Filename?} Content Modify Subject = start Content Subject Text =
{Dangerous Content?} Size Modify Subject = start Size Subject Text = {Size}
Disarmed Modify Subject = start Disarmed Subject Text = {Disarmed} Phishing
Modify Subject = start Phishing Subject Text = {Fraud?} Spam Modify Subject
= start Spam Subject Text = {Spam?} High Scoring Spam Modify Subject = start
High Scoring Spam Subject Text = {Spam?} Warning Is Attachment = yes
Attachment Warning Filename = %org-name%-Attachment-Warning.txt Attachment
Encoding Charset = ISO-8859-1 Archive Mail = Send Notices = no Notices
Include Full Headers = yes Hide Incoming Work Dir in Notices = no Notice
Signature = -- \nMailScanner\nEmail Virus Scanner\nwww.mailscanner.info
Notices From = MailScanner Notices To = postmaster Local Postmaster =
postmaster Spam List Definitions = %etc-dir%/spam.lists.conf Virus Scanner
Definitions = %etc-dir%/virus.scanners.conf Spam Checks = yes Spam List = #
spamhaus-ZEN # You can un-comment this to enable them Spam Domain List =
Spam Lists To Be Spam = 1 Spam Lists To Reach High Score = 1 Spam List
Timeout = 20 Max Spam List Timeouts = 7 Spam List Timeouts History = 10 Is
Definitely Not Spam = %rules-dir%/spam.whitelist.rules Is Definitely Spam =
no Definite Spam Is High Scoring = yes Ignore Spam Whitelist If Recipients
Exceed = 20 Max Spam Check Size = 100k Use Watermarking = no Add Watermark =
yes Check Watermarks With No Sender = yes Treat Invalid Watermarks With No
Sender as Spam = nothing Check Watermarks To Skip Spam Checks = yes
Watermark Secret = %org-name%-Secret Watermark Lifetime = 604800 Watermark
Header = X-%org-name%-MailScanner-Watermark:
Use SpamAssassin = yes
Max SpamAssassin Size = 200k
Required SpamAssassin Score = 4
High SpamAssassin Score = 6
SpamAssassin Auto Whitelist = yes
SpamAssassin Timeout = 75
Max SpamAssassin Timeouts = 10
SpamAssassin Timeouts History = 30
Check SpamAssassin If On Spam List = yes Include Binary Attachments In
SpamAssassin = no Spam Score = yes Cache SpamAssassin Results = yes
SpamAssassin Cache Database File =
/var/spool/MailScanner/incoming/SpamAssassin.cache.db
Rebuild Bayes Every = 0
Wait During Bayes Rebuild = no
Use Custom Spam Scanner = no
Max Custom Spam Scanner Size = 20k
Custom Spam Scanner Timeout = 20
Max Custom Spam Scanner Timeouts = 10
Custom Spam Scanner Timeout History = 20 Spam Actions = deliver header
"X-Spam-Status: Yes"
High Scoring Spam Actions = store
Non Spam Actions = deliver header "X-Spam-Status: No"
SpamAssassin Rule Actions =
Sender Spam Report = %report-dir%/sender.spam.report.txt
Sender Spam List Report = %report-dir%/sender.spam.rbl.report.txt
Sender SpamAssassin Report = %report-dir%/sender.spam.sa.report.txt
Inline Spam Warning = %report-dir%/inline.spam.warning.txt
Recipient Spam Report = %report-dir%/recipient.spam.report.txt
Enable Spam Bounce = %rules-dir%/bounce.rules Bounce Spam As Attachment = no
Syslog Facility = mail Log Speed = no Log Spam = no Log Non Spam = no Log
Permitted Filenames = no Log Permitted Filetypes = no Log Permitted File
MIME Types = no Log Silent Viruses = no Log Dangerous HTML Tags = no Log
SpamAssassin Rule Actions = no SpamAssassin Temporary Dir =
/var/spool/MailScanner/incoming/SpamAssassin-Temp
SpamAssassin User State Dir =
SpamAssassin Install Prefix =
SpamAssassin Site Rules Dir = /etc/mail/spamassassin SpamAssassin Local
Rules Dir = SpamAssassin Local State Dir = # /var/lib/spamassassin
SpamAssassin Default Rules Dir = MCP Checks = no First Check = spam MCP
Required SpamAssassin Score = 1 MCP High SpamAssassin Score = 10 MCP Error
Score = 1 MCP Header = X-%org-name%-MailScanner-MCPCheck:
Non MCP Actions = deliver
MCP Actions = deliver
High Scoring MCP Actions = deliver
Bounce MCP As Attachment = no
MCP Modify Subject = start
MCP Subject Text = {MCP?}
High Scoring MCP Modify Subject = start
High Scoring MCP Subject Text = {MCP?}
Is Definitely MCP = no
Is Definitely Not MCP = no
Definite MCP Is High Scoring = no
Always Include MCP Report = no
Detailed MCP Report = yes
Include Scores In MCP Report = no
Log MCP = no
MCP Max SpamAssassin Timeouts = 20
MCP Max SpamAssassin Size = 100k
MCP SpamAssassin Timeout = 10
MCP SpamAssassin Prefs File = %mcp-dir%/mcp.spam.assassin.prefs.conf
MCP SpamAssassin User State Dir =
MCP SpamAssassin Local Rules Dir = %mcp-dir% MCP SpamAssassin Default Rules
Dir = %mcp-dir% MCP SpamAssassin Install Prefix = %mcp-dir% Recipient MCP
Report = %report-dir%/recipient.mcp.report.txt
Sender MCP Report = %report-dir%/sender.mcp.report.txt
Use Default Rules With Multiple Recipients = no Spam Score Number Format =
%d MailScanner Version Number = 4.68.8 SpamAssassin Cache Timings =
1800,300,10800,172800,600 Debug = no Debug SpamAssassin = no Run In
Foreground = no Always Looked Up Last = no Always Looked Up Last After Batch
= no Deliver In Background = yes Delivery Method = batch Split Exim Spool =
no Lockfile Dir = /tmp Custom Functions Dir =
/usr/lib/MailScanner/MailScanner/CustomFunctions
Lock Type =
Syslog Socket Type =
Automatic Syntax Check = yes
Minimum Code Status = supported
Thank you,
Clay Goss
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
More information about the MailScanner
mailing list