MailScanner hanging process, cannot write to quarantine and not
processing incoming mails
Kocisky
kocisky at autistici.org
Mon Oct 31 17:10:08 GMT 2011
ok, which process changed the permissions
to /var/spool/MailScanner/quarantine ? mailscanner? baruwa?
[root at mail init.d]# ls -la /var/spool/MailScanner/
total 32
drwxr-xr-x. 5 root root 4096 Oct 22 09:00 .
drwxr-xr-x. 14 root root 4096 Oct 28 11:27 ..
drwxr-xr-x. 12 postfix clam 4096 Oct 31 12:54 incoming
drwxr-xr-x. 24 root apache 4096 Oct 31 12:48 quarantine
drwxr-x---. 2 postfix clam 4096 Oct 3 12:21 spamassassin
[root at mail init.d]# chown -R postfix.clam /var/spool/MailScanner/quarantine/
#@^%#$^%$@^*$#%^*5476q%E*!!!???!!!
On 31 October 2011 13:03, Kocisky <kocisky at autistici.org> wrote:
> from the strace (below below) it seems that the process cannot create the
> folder:
>
> [root at mail init.d]# ls -l /var/spool/MailScanner/quarantine/20111031
> ls: cannot access /var/spool/MailScanner/quarantine/20111031: No such file
> or directory
>
> it should be a simple permission issue because selinux doesnt give any
> audit.log and "setenforce 0" didn't change the situation.
>
> permission of MailScanner.conf:
>
> Run As User = postfix
> Run As Group = postfix
>
> i'm definitively missing something !!!
>
> below some permissions where it seems to hang:
>
> [root at mail init.d]# ls -la /var/spool/MailScanner/quarantine/
> total 96
> drwxr-xr-x. 24 root apache 4096 Oct 22 09:00 .
> drwxr-xr-x. 5 root root 4096 Oct 22 09:00 ..
> drwx------. 3 postfix apache 4096 Oct 3 13:06 20111003
> drwxrwx---. 7 postfix apache 4096 Oct 4 13:51 20111004
> drwxrwx---. 6 postfix apache 4096 Oct 5 13:19 20111005
> drwxrwx---. 5 postfix apache 4096 Oct 6 20:51 20111006
> drwxrwx---. 15 postfix apache 4096 Oct 7 07:56 20111007
> drwxrwx---. 3 postfix apache 4096 Oct 8 00:19 20111008
> drwxrwx---. 3 postfix apache 4096 Oct 9 00:05 20111009
> drwxrwx---. 3 postfix apache 4096 Oct 10 00:16 20111010
> drwxrwx---. 20 postfix apache 4096 Oct 12 22:32 20111012
> drwxrwx---. 37 postfix postfix 4096 Oct 13 16:29 20111013
> drwxrwx---. 15 postfix celeryd 4096 Oct 14 13:30 20111014
> drwxrwx---. 6 postfix celeryd 4096 Oct 17 22:17 20111017
> drwxrwx---. 20 postfix celeryd 4096 Oct 18 20:42 20111018
> drwxrwx---. 3 postfix celeryd 4096 Oct 19 04:38 20111019
> drwxrwx---. 54 postfix celeryd 4096 Oct 20 21:31 20111020
> drwxrwx---. 11 postfix celeryd 4096 Oct 21 10:08 20111021
> drwxrwx---. 5 postfix celeryd 4096 Oct 24 15:48 20111024
> drwxrwx---. 142 postfix postfix 4096 Oct 25 23:32 20111025
> drwxrwx---. 118 postfix postfix 4096 Oct 26 18:12 20111026
> drwxrwx---. 15 postfix apache 4096 Oct 27 21:14 20111027
> drwxrwx---. 5 postfix apache 4096 Oct 28 06:27 20111028
> drwxr-x---. 3 postfix apache 4096 Oct 31 12:08 phishingupdate
> [root at mail init.d]# ls -la /var/spool/MailScanner/quarantine/20111031
> ls: cannot access /var/spool/MailScanner/quarantine/20111031: No such file
> or directory
> [root at mail init.d]# ls -la /var/spool/MailScanner/
> total 32
> drwxr-xr-x. 5 root root 4096 Oct 22 09:00 .
> drwxr-xr-x. 14 root root 4096 Oct 28 11:27 ..
> drwxr-xr-x. 9 postfix clam 4096 Oct 31 12:41 incoming
> drwxr-xr-x. 24 root apache 4096 Oct 22 09:00 quarantine
> drwxr-x---. 2 postfix clam 4096 Oct 3 12:21 spamassassin
>
>
> below the strace output:
>
>
> unlink("/var/spool/MailScanner/incoming/SpamAssassin.cache.db-journal") = 0
> fcntl(6, F_SETLK, {type=F_RDLCK, whence=SEEK_SET, start=1073741826,
> len=510}) = 0
> fcntl(6, F_SETLK, {type=F_UNLCK, whence=SEEK_SET, start=1073741824,
> len=2}) = 0
> fcntl(6, F_SETLK, {type=F_UNLCK, whence=SEEK_SET, start=0, len=0}) = 0
> gettimeofday({1320079287, 180287}, NULL) = 0
> stat("/etc/localtime", {st_mode=S_IFREG|0644, st_size=3519, ...}) = 0
> gettimeofday({1320079287, 180496}, NULL) = 0
> stat("/etc/localtime", {st_mode=S_IFREG|0644, st_size=3519, ...}) = 0
> stat("/etc/localtime", {st_mode=S_IFREG|0644, st_size=3519, ...}) = 0
> select(8, [7], NULL, [7], {0, 0}) = 0 (Timeout)
> write(7, "<22>Oct 31 12:41:27 MailScanner["..., 94) = 94
> gettimeofday({1320079287, 181930}, NULL) = 0
> stat("/etc/localtime", {st_mode=S_IFREG|0644, st_size=3519, ...}) = 0
> gettimeofday({1320079287, 182134}, NULL) = 0
> stat("/etc/localtime", {st_mode=S_IFREG|0644, st_size=3519, ...}) = 0
> stat("/etc/localtime", {st_mode=S_IFREG|0644, st_size=3519, ...}) = 0
> select(8, [7], NULL, [7], {0, 0}) = 0 (Timeout)
> write(7, "<22>Oct 31 12:41:27 MailScanner["..., 432) = 432
> gettimeofday({1320079287, 183021}, NULL) = 0
> gettimeofday({1320079287, 183150}, NULL) = 0
> lseek(26, 0, SEEK_SET) = 0
> lseek(26, 0, SEEK_CUR) = 0
> read(26, "CO 7091 69"..., 4096) = 4096
> lseek(26, 81, SEEK_SET) = 81
> lseek(26, 0, SEEK_CUR) = 81
> lseek(26, 691, SEEK_SET) = 691
> lseek(26, 0, SEEK_CUR) = 691
> read(26, "NJReceived: from mysubdomain.trac"..., 4096) = 4096
> lseek(26, 2049, SEEK_SET) = 2049
> lseek(26, 0, SEEK_CUR) = 2049
> lseek(26, 2049, SEEK_SET) = 2049
> lseek(26, 0, SEEK_CUR) = 2049
> read(26, "N\0N,This is a multi-part message"..., 4096) = 4096
> read(26, "realize friend letter be able.N "..., 4096) = 1641
> fcntl(6, F_SETLK, {type=F_RDLCK, whence=SEEK_SET, start=1073741824,
> len=1}) = 0
> fcntl(6, F_SETLK, {type=F_RDLCK, whence=SEEK_SET, start=1073741826,
> len=510}) = 0
> fcntl(6, F_SETLK, {type=F_UNLCK, whence=SEEK_SET, start=1073741824,
> len=1}) = 0
> access("/var/spool/MailScanner/incoming/SpamAssassin.cache.db-journal",
> F_OK) = -1 ENOENT (No such file or directory)
> fstat(6, {st_mode=S_IFREG|0750, st_size=4264960, ...}) = 0
> lseek(6, 24, SEEK_SET) = 24
> read(6, "\0\2F\230\0\0\0\0\0\0\16\310\0\0\17\356", 16) = 16
> fcntl(6, F_SETLK, {type=F_UNLCK, whence=SEEK_SET, start=0, len=0}) = 0
> fcntl(6, F_SETLK, {type=F_RDLCK, whence=SEEK_SET, start=1073741824,
> len=1}) = 0
> fcntl(6, F_SETLK, {type=F_RDLCK, whence=SEEK_SET, start=1073741826,
> len=510}) = 0
> fcntl(6, F_SETLK, {type=F_UNLCK, whence=SEEK_SET, start=1073741824,
> len=1}) = 0
> access("/var/spool/MailScanner/incoming/SpamAssassin.cache.db-journal",
> F_OK) = -1 ENOENT (No such file or directory)
> fstat(6, {st_mode=S_IFREG|0750, st_size=4264960, ...}) = 0
> lseek(6, 24, SEEK_SET) = 24
> read(6, "\0\2F\230\0\0\0\0\0\0\16\310\0\0\17\356", 16) = 16
> fcntl(6, F_SETLK, {type=F_WRLCK, whence=SEEK_SET, start=1073741825,
> len=1}) = 0
> open("/var/spool/MailScanner/incoming/SpamAssassin.cache.db-journal",
> O_RDWR|O_CREAT, 0644) = 38
> open("/var/spool/MailScanner/incoming", O_RDONLY) = 39
> fcntl(39, F_GETFD) = 0
> fcntl(39, F_SETFD, FD_CLOEXEC) = 0
> fcntl(38, F_GETFD) = 0
> fcntl(38, F_SETFD, FD_CLOEXEC) = 0
> lseek(38, 0, SEEK_SET) = 0
> write(38,
> "\0\0\0\0\0\0\0\0\0\0\0\0\7\20\240\225\0\0\20E\0\0\2\0\0\0\4\0\0\0\0\0"...,
> 512) = 512
> gettimeofday({1320079287, 191900}, NULL) = 0
> lseek(38, 512, SEEK_SET) = 512
> write(38, "\0\0\0\4", 4) = 4
> lseek(38, 516, SEEK_SET) = 516
> write(38,
> "\n\2\362\0A\0\302\0\0\302\0\314\0\326\0\340\0\352\0\364\0\376\1\10\1\22\1\34\1&\0010"...,
> 1024) = 1024
> lseek(38, 1540, SEEK_SET) = 1540
> write(38, "\7\20\240\261", 4) = 4
> lseek(38, 1544, SEEK_SET) = 1544
> write(38, "\0\0\v\33", 4) = 4
> lseek(38, 1548, SEEK_SET) = 1548
> write(38, "\r\0\0\0\2\0E\0\3\221\0E23.AFFF7\0 Wed Oct "..., 1024) = 1024
> lseek(38, 2572, SEEK_SET) = 2572
> write(38, "\7\20\242\352", 4) = 4
> lseek(38, 2576, SEEK_SET) = 2576
> write(38, "\0\0\0\1", 4) = 4
> lseek(38, 2580, SEEK_SET) = 2580
> write(38, "SQLite format 3\0\4\0\1\1\0@ \0\2F\230\0\0\0\0"..., 1024) =
> 1024
> lseek(38, 3604, SEEK_SET) = 3604
> write(38, "\7\20\241\25", 4) = 4
> lseek(38, 4096, SEEK_SET) = 4096
> read(38, "", 8) = 0
> fdatasync(38) = 0
> close(39) = 0
> lseek(38, 0, SEEK_SET) = 0
> write(38, "\331\325\5\371 \241c\327\0\0\0\3", 12) = 12
> fdatasync(38) = 0
> fcntl(6, F_SETLK, {type=F_WRLCK, whence=SEEK_SET, start=1073741824,
> len=1}) = 0
> fcntl(6, F_SETLK, {type=F_WRLCK, whence=SEEK_SET, start=1073741826,
> len=510}) = 0
> lseek(6, 0, SEEK_SET) = 0
> write(6, "SQLite format 3\0\4\0\1\1\0@ \0\2F\231\0\0\0\0"..., 1024) =
> 1024
> lseek(6, 3072, SEEK_SET) = 3072
> write(6,
> "\n\2\350\0A\0\302\0\0\302\0\314\0\326\0\340\0\352\0\364\0\376\1\10\1\22\1\34\1&\0010"...,
> 1024) = 1024
> lseek(6, 2910208, SEEK_SET) = 2910208
> write(6, "\r\0\0\0\2\0E\0\3\221\0E23.AFFF7\0 Wed Oct "..., 1024) = 1024
> fdatasync(6) = 0
> close(38) = 0
> unlink("/var/spool/MailScanner/incoming/SpamAssassin.cache.db-journal") = 0
> fcntl(6, F_SETLK, {type=F_RDLCK, whence=SEEK_SET, start=1073741826,
> len=510}) = 0
> fcntl(6, F_SETLK, {type=F_UNLCK, whence=SEEK_SET, start=1073741824,
> len=2}) = 0
> fcntl(6, F_SETLK, {type=F_UNLCK, whence=SEEK_SET, start=0, len=0}) = 0
> gettimeofday({1320079287, 246889}, NULL) = 0
> stat("/etc/localtime", {st_mode=S_IFREG|0644, st_size=3519, ...}) = 0
> gettimeofday({1320079287, 247091}, NULL) = 0
> stat("/etc/localtime", {st_mode=S_IFREG|0644, st_size=3519, ...}) = 0
> stat("/etc/localtime", {st_mode=S_IFREG|0644, st_size=3519, ...}) = 0
> select(8, [7], NULL, [7], {0, 0}) = 0 (Timeout)
> write(7, "<22>Oct 31 12:41:27 MailScanner["..., 94) = 94
> gettimeofday({1320079287, 248624}, NULL) = 0
> stat("/etc/localtime", {st_mode=S_IFREG|0644, st_size=3519, ...}) = 0
> gettimeofday({1320079287, 248827}, NULL) = 0
> stat("/etc/localtime", {st_mode=S_IFREG|0644, st_size=3519, ...}) = 0
> stat("/etc/localtime", {st_mode=S_IFREG|0644, st_size=3519, ...}) = 0
> select(8, [7], NULL, [7], {0, 0}) = 0 (Timeout)
> write(7, "<22>Oct 31 12:41:27 MailScanner["..., 343) = 343
> gettimeofday({1320079287, 249686}, NULL) = 0
> gettimeofday({1320079287, 249820}, NULL) = 0
> lseek(12, 0, SEEK_SET) = 0
> lseek(12, 0, SEEK_CUR) = 0
> read(12, "CO 42635 68"..., 4096) = 4096
> lseek(12, 81, SEEK_SET) = 81
> lseek(12, 0, SEEK_CUR) = 81
> lseek(12, 689, SEEK_SET) = 689
> lseek(12, 0, SEEK_CUR) = 689
> read(12, "NJReceived: from mysubdomain.trac"..., 4096) = 4096
> lseek(12, 3328, SEEK_SET) = 3328
> lseek(12, 0, SEEK_CUR) = 3328
> lseek(12, 3328, SEEK_SET) = 3328
> lseek(12, 0, SEEK_CUR) = 3328
> read(12, "N\6<html>N\6<head>N\24<title>Sears</"..., 4096) = 4096
> read(12, "amai=2Enet/f/248/47562/14d/ig=2E"..., 4096) = 4096
> read(12, "b9VSRRYSUWV1b9X8w9GVbwzfTRSSSRUR"..., 4096) = 4096
> read(12, "NLYSUWzf1vSvWf2aRRVXLX=22 rilt=3"..., 4096) = 4096
> read(12, "klhuLjXpKVSYSARUSRVhilXlPiLXJhKL"..., 4096) = 4096
> read(12, "trong>Even more offers from Sear"..., 4096) = 4096
> read(12, "2011_Oc=NLtober_Week4/20111030_S"..., 4096) = 4096
> read(12, "e</a></td>NE <td width="..., 4096) = 4096
> read(12, "sys4=2Enet/servlet/cc6?kLHjkQDRY"..., 4096) = 4096
> read(12, " <td valign=3D=22"..., 4096) = 3136
> fcntl(6, F_SETLK, {type=F_RDLCK, whence=SEEK_SET, start=1073741824,
> len=1}) = 0
> fcntl(6, F_SETLK, {type=F_RDLCK, whence=SEEK_SET, start=1073741826,
> len=510}) = 0
> fcntl(6, F_SETLK, {type=F_UNLCK, whence=SEEK_SET, start=1073741824,
> len=1}) = 0
> access("/var/spool/MailScanner/incoming/SpamAssassin.cache.db-journal",
> F_OK) = -1 ENOENT (No such file or directory)
> fstat(6, {st_mode=S_IFREG|0750, st_size=4264960, ...}) = 0
> lseek(6, 24, SEEK_SET) = 24
> read(6, "\0\2F\231\0\0\0\0\0\0\16\310\0\0\17\356", 16) = 16
> lseek(6, 3857408, SEEK_SET) = 3857408
> read(6,
> "\0\0\0\0.l\326\373_\266_\327G\311\7Pm+E\311\317\367\275\344\233\340\371\250\27\33i\v"...,
> 1024) = 1024
> fcntl(6, F_SETLK, {type=F_UNLCK, whence=SEEK_SET, start=0, len=0}) = 0
> fcntl(6, F_SETLK, {type=F_RDLCK, whence=SEEK_SET, start=1073741824,
> len=1}) = 0
> fcntl(6, F_SETLK, {type=F_RDLCK, whence=SEEK_SET, start=1073741826,
> len=510}) = 0
> fcntl(6, F_SETLK, {type=F_UNLCK, whence=SEEK_SET, start=1073741824,
> len=1}) = 0
> access("/var/spool/MailScanner/incoming/SpamAssassin.cache.db-journal",
> F_OK) = -1 ENOENT (No such file or directory)
> fstat(6, {st_mode=S_IFREG|0750, st_size=4264960, ...}) = 0
> lseek(6, 24, SEEK_SET) = 24
> read(6, "\0\2F\231\0\0\0\0\0\0\16\310\0\0\17\356", 16) = 16
> fcntl(6, F_SETLK, {type=F_WRLCK, whence=SEEK_SET, start=1073741825,
> len=1}) = 0
> open("/var/spool/MailScanner/incoming/SpamAssassin.cache.db-journal",
> O_RDWR|O_CREAT, 0644) = 38
> open("/var/spool/MailScanner/incoming", O_RDONLY) = 39
> fcntl(39, F_GETFD) = 0
> fcntl(39, F_SETFD, FD_CLOEXEC) = 0
> fcntl(38, F_GETFD) = 0
> fcntl(38, F_SETFD, FD_CLOEXEC) = 0
> lseek(38, 0, SEEK_SET) = 0
> write(38,
> "\0\0\0\0\0\0\0\0\0\0\0\0\274\244\2267\0\0\20E\0\0\2\0\0\0\4\0\0\0\0\0"...,
> 512) = 512
> gettimeofday({1320079287, 269307}, NULL) = 0
> lseek(38, 512, SEEK_SET) = 512
> write(38, "\0\0\0\4", 4) = 4
> lseek(38, 516, SEEK_SET) = 516
> write(38,
> "\n\2\350\0A\0\302\0\0\302\0\314\0\326\0\340\0\352\0\364\0\376\1\10\1\22\1\34\1&\0010"...,
> 1024) = 1024
> lseek(38, 1540, SEEK_SET) = 1540
> write(38, "\274\244\226S", 4) = 4
> lseek(38, 1544, SEEK_SET) = 1544
> write(38, "\0\0\0\1", 4) = 4
> lseek(38, 1548, SEEK_SET) = 1548
> write(38, "SQLite format 3\0\4\0\1\1\0@ \0\2F\231\0\0\0\0"..., 1024) =
> 1024
> lseek(38, 2572, SEEK_SET) = 2572
> write(38, "\274\244\226\267", 4) = 4
> lseek(38, 2576, SEEK_SET) = 2576
> write(38, "\0\0\16\310", 4) = 4
> lseek(38, 2580, SEEK_SET) = 2580
> write(38,
> "\0\0\16N\0\0\0]\0\0\16>\0\0\7\317\0\0\16a\0\0\6\366\0\0\6\335\0\0\16\262"...,
> 1024) = 1024
> lseek(38, 3604, SEEK_SET) = 3604
> write(38, "\274\244\226\244", 4) = 4
> lseek(38, 3608, SEEK_SET) = 3608
> write(38, "\0\0\16>", 4) = 4
> lseek(38, 3612, SEEK_SET) = 3612
> write(38,
> "\0\0\0\0\233\306\0\367\310\355z\367\344\332f\v;;\f\315\223\215\20\5\217\326\266\320\214c\263z"...,
> 1024) = 1024
> lseek(38, 4636, SEEK_SET) = 4636
> write(38, "\274\244\227F", 4) = 4
> lseek(38, 4640, SEEK_SET) = 4640
> write(38, "\0\0\t\334", 4) = 4
> lseek(38, 4644, SEEK_SET) = 4644
> write(38,
> "\r\0\0\0\2\0\210\0\3\221\0\210d\303\265\3322(yy=J\276C\313`\217W\33Ik\220"...,
> 1024) = 1024
> lseek(38, 5668, SEEK_SET) = 5668
> write(38, "\274\244\230\350", 4) = 4
> lseek(38, 6144, SEEK_SET) = 6144
> read(38, "", 8) = 0
> fdatasync(38) = 0
> close(39) = 0
> lseek(38, 0, SEEK_SET) = 0
> write(38, "\331\325\5\371 \241c\327\0\0\0\5", 12) = 12
> fdatasync(38) = 0
> fcntl(6, F_SETLK, {type=F_WRLCK, whence=SEEK_SET, start=1073741824,
> len=1}) = 0
> fcntl(6, F_SETLK, {type=F_WRLCK, whence=SEEK_SET, start=1073741826,
> len=510}) = 0
> lseek(6, 0, SEEK_SET) = 0
> write(6, "SQLite format 3\0\4\0\1\1\0@ \0\2F\232\0\0\0\0"..., 1024) =
> 1024
> lseek(6, 3072, SEEK_SET) = 3072
> write(6,
> "\n\2\336\0A\0\302\0\0\302\0\314\0\326\0\340\0\352\0\364\0\376\1\10\1\22\1\34\1&\0010"...,
> 1024) = 1024
> lseek(6, 2583552, SEEK_SET) = 2583552
> write(6,
> "\r\0\0\0\2\0\210\0\3\221\0\210d\303\265\3322(yy=J\276C\313`\217W\33Ik\220"...,
> 1024) = 1024
> lseek(6, 3732480, SEEK_SET) = 3732480
> write(6,
> "\0\0\0\0.l\326\373_\266_\327G\311\7Pm+E\311\317\367\275\344\233\340\371\250\27\33i\v"...,
> 1024) = 1024
> lseek(6, 3873792, SEEK_SET) = 3873792
> write(6,
> "\0\0\16N\0\0\0]\0\0\n\n\0\0\7\317\0\0\16a\0\0\6\366\0\0\6\335\0\0\16\262"...,
> 1024) = 1024
> fdatasync(6) = 0
> close(38) = 0
> unlink("/var/spool/MailScanner/incoming/SpamAssassin.cache.db-journal") = 0
> fcntl(6, F_SETLK, {type=F_RDLCK, whence=SEEK_SET, start=1073741826,
> len=510}) = 0
> fcntl(6, F_SETLK, {type=F_UNLCK, whence=SEEK_SET, start=1073741824,
> len=2}) = 0
> fcntl(6, F_SETLK, {type=F_UNLCK, whence=SEEK_SET, start=0, len=0}) = 0
> gettimeofday({1320079287, 337396}, NULL) = 0
> stat("/etc/localtime", {st_mode=S_IFREG|0644, st_size=3519, ...}) = 0
> gettimeofday({1320079287, 337599}, NULL) = 0
> stat("/etc/localtime", {st_mode=S_IFREG|0644, st_size=3519, ...}) = 0
> stat("/etc/localtime", {st_mode=S_IFREG|0644, st_size=3519, ...}) = 0
> select(8, [7], NULL, [7], {0, 0}) = 0 (Timeout)
> write(7, "<22>Oct 31 12:41:27 MailScanner["..., 94) = 94
> gettimeofday({1320079287, 339319}, NULL) = 0
> stat("/etc/localtime", {st_mode=S_IFREG|0644, st_size=3519, ...}) = 0
> gettimeofday({1320079287, 339522}, NULL) = 0
> stat("/etc/localtime", {st_mode=S_IFREG|0644, st_size=3519, ...}) = 0
> stat("/etc/localtime", {st_mode=S_IFREG|0644, st_size=3519, ...}) = 0
> select(8, [7], NULL, [7], {0, 0}) = 0 (Timeout)
> write(7, "<21>Oct 31 12:41:27 MailScanner["..., 77) = 77
> gettimeofday({1320079287, 340458}, NULL) = 0
> stat("/etc/localtime", {st_mode=S_IFREG|0644, st_size=3519, ...}) = 0
> gettimeofday({1320079287, 340662}, NULL) = 0
> stat("/etc/localtime", {st_mode=S_IFREG|0644, st_size=3519, ...}) = 0
> stat("/etc/localtime", {st_mode=S_IFREG|0644, st_size=3519, ...}) = 0
> select(8, [7], NULL, [7], {0, 0}) = 0 (Timeout)
> write(7, "<21>Oct 31 12:41:27 MailScanner["..., 99) = 99
> umask(07) = 077
> stat("/var/spool/MailScanner/quarantine", {st_mode=S_IFDIR|0755,
> st_size=4096, ...}) = 0
> stat("/var/spool/MailScanner/quarantine/20111031", 0x129c130) = -1 ENOENT
> (No such file or directory)
> mkdir("/var/spool/MailScanner/quarantine/20111031", 0777) = -1 EACCES
> (Permission denied)
> chown("/var/spool/MailScanner/quarantine/20111031", 89, 48) = -1 ENOENT
> (No such file or directory)
> stat("/var/spool/MailScanner/quarantine/20111031/spam", 0x129c130) = -1
> ENOENT (No such file or directory)
> mkdir("/var/spool/MailScanner/quarantine/20111031/spam", 0777) = -1 ENOENT
> (No such file or directory)
> chown("/var/spool/MailScanner/quarantine/20111031/spam", 89, 48) = -1
> ENOENT (No such file or directory)
> umask(0117) = 07
> open("/var/spool/MailScanner/quarantine/20111031/spam/BBA2A2024A1.AB0F1",
> O_WRONLY|O_CREAT|O_TRUNC, 0666) = -1 ENOENT (No such file or directory)
> gettimeofday({1320079287, 342597}, NULL) = 0
> stat("/etc/localtime", {st_mode=S_IFREG|0644, st_size=3519, ...}) = 0
> gettimeofday({1320079287, 342797}, NULL) = 0
> stat("/etc/localtime", {st_mode=S_IFREG|0644, st_size=3519, ...}) = 0
> stat("/etc/localtime", {st_mode=S_IFREG|0644, st_size=3519, ...}) = 0
> select(8, [7], NULL, [7], {0, 0}) = 0 (Timeout)
> write(7, "<20>Oct 31 12:41:27 MailScanner["..., 145) = 145
> lseek(32, 7335, SEEK_SET) = 7335
> lseek(32, 0, SEEK_CUR) = 7335
> lseek(32, 0, SEEK_SET) = 0
> lseek(32, 0, SEEK_CUR) = 0
> read(32, "CO 6642 69"..., 4096) = 4096
> lseek(32, 81, SEEK_SET) = 81
> lseek(32, 0, SEEK_CUR) = 81
> lseek(32, 691, SEEK_SET) = 691
> lseek(32, 0, SEEK_CUR) = 691
> read(32, "NJReceived: from mysubdomain.trac"..., 4096) = 4096
> write(2, "Can't call method \"print\" on an "..., 111Can't call method
> "print" on an undefined value at
> /usr/share/MailScanner/MailScanner/PFDiskStore.pm line 755.
> ) = 111
> lseek(8, 3860, SEEK_SET) = 3860
> lseek(8, 0, SEEK_CUR) = 3860
> lseek(9, 8388, SEEK_SET) = 8388
> lseek(9, 0, SEEK_CUR) = 8388
> lseek(10, 21849, SEEK_SET) = 21849
> lseek(10, 0, SEEK_CUR) = 21849
> lseek(11, 5590, SEEK_SET) = 5590
> lseek(11, 0, SEEK_CUR) = 5590
> lseek(12, 43326, SEEK_SET) = 43326
> lseek(12, 0, SEEK_CUR) = 43326
> lseek(13, 10434, SEEK_SET) = 10434
> lseek(13, 0, SEEK_CUR) = 10434
> lseek(14, 10074, SEEK_SET) = 10074
> lseek(14, 0, SEEK_CUR) = 10074
> lseek(15, 21625, SEEK_SET) = 21625
> lseek(15, 0, SEEK_CUR) = 21625
> lseek(16, 9794, SEEK_SET) = 9794
> lseek(16, 0, SEEK_CUR) = 9794
> lseek(17, 13493, SEEK_SET) = 13493
> lseek(17, 0, SEEK_CUR) = 13493
> lseek(18, 905, SEEK_SET) = 905
> lseek(18, 0, SEEK_CUR) = 905
> lseek(19, 3604, SEEK_SET) = 3604
> lseek(19, 0, SEEK_CUR) = 3604
> lseek(20, 15318, SEEK_SET) = 15318
> lseek(20, 0, SEEK_CUR) = 15318
> lseek(21, 27935, SEEK_SET) = 27935
> lseek(21, 0, SEEK_CUR) = 27935
> lseek(22, 5884, SEEK_SET) = 5884
> lseek(22, 0, SEEK_CUR) = 5884
> lseek(23, 6165, SEEK_SET) = 6165
> lseek(23, 0, SEEK_CUR) = 6165
> lseek(24, 54958, SEEK_SET) = 54958
> lseek(24, 0, SEEK_CUR) = 54958
> lseek(25, 7347, SEEK_SET) = 7347
> lseek(25, 0, SEEK_CUR) = 7347
> lseek(26, 7784, SEEK_SET) = 7784
> lseek(26, 0, SEEK_CUR) = 7784
> lseek(27, 11887, SEEK_SET) = 11887
> lseek(27, 0, SEEK_CUR) = 11887
> lseek(28, 10515, SEEK_SET) = 10515
> lseek(28, 0, SEEK_CUR) = 10515
> lseek(29, 3475, SEEK_SET) = 3475
> lseek(29, 0, SEEK_CUR) = 3475
> lseek(31, 6376, SEEK_SET) = 6376
> lseek(31, 0, SEEK_CUR) = 6376
> lseek(32, 767, SEEK_SET) = 767
> lseek(32, 0, SEEK_CUR) = 767
> lseek(33, 18203, SEEK_SET) = 18203
> lseek(33, 0, SEEK_CUR) = 18203
> lseek(34, 12058, SEEK_SET) = 12058
> lseek(34, 0, SEEK_CUR) = 12058
> lseek(35, 3818, SEEK_SET) = 3818
> lseek(35, 0, SEEK_CUR) = 3818
> lseek(36, 6967, SEEK_SET) = 6967
> lseek(36, 0, SEEK_CUR) = 6967
> lseek(37, 8868, SEEK_SET) = 8868
> lseek(37, 0, SEEK_CUR) = 8868
> close(37) = 0
> close(35) = 0
> close(36) = 0
> close(34) = 0
> close(32) = 0
> close(33) = 0
> close(31) = 0
> close(29) = 0
> close(30) = 0
> close(28) = 0
> close(27) = 0
> close(25) = 0
> close(26) = 0
> close(24) = 0
> close(22) = 0
> close(23) = 0
> close(21) = 0
> close(19) = 0
> close(20) = 0
> close(18) = 0
> close(16) = 0
> close(17) = 0
> close(15) = 0
> close(14) = 0
> close(13) = 0
> close(12) = 0
> close(10) = 0
> close(11) = 0
> close(9) = 0
> close(8) = 0
> stat("/usr/lib64/perl5/auto/DBI/DESTROY.al", 0x129c130) = -1 ENOENT (No
> such file or directory)
> stat("/usr/sbin/auto/DBI/DESTROY.al", 0x7ffffabb86f0) = -1 ENOENT (No such
> file or directory)
> stat("/usr/sbin/MailScanner/auto/DBI/DESTROY.al", 0x7ffffabb86f0) = -1
> ENOTDIR (Not a directory)
> stat("/usr/share/MailScanner/auto/DBI/DESTROY.al", 0x7ffffabb86f0) = -1
> ENOENT (No such file or directory)
> stat("/usr/local/lib64/perl5/auto/DBI/DESTROY.al", 0x7ffffabb86f0) = -1
> ENOENT (No such file or directory)
> stat("/usr/local/share/perl5/auto/DBI/DESTROY.al", 0x7ffffabb86f0) = -1
> ENOENT (No such file or directory)
> stat("/usr/lib64/perl5/vendor_perl/auto/DBI/DESTROY.al", 0x7ffffabb86f0) =
> -1 ENOENT (No such file or directory)
> stat("/usr/share/perl5/vendor_perl/auto/DBI/DESTROY.al", 0x7ffffabb86f0) =
> -1 ENOENT (No such file or directory)
> stat("/usr/lib64/perl5/auto/DBI/DESTROY.al", 0x7ffffabb86f0) = -1 ENOENT
> (No such file or directory)
> stat("/usr/share/perl5/auto/DBI/DESTROY.al", 0x7ffffabb86f0) = -1 ENOENT
> (No such file or directory)
> stat("/usr/share/MailScanner/auto/DBI/DESTROY.al", 0x7ffffabb86f0) = -1
> ENOENT (No such file or directory)
> close(4) = 0
> close(5) = 0
> close(7) = 0
> exit_group(255)
>
> On 31 October 2011 12:37, Kocisky <kocisky at autistici.org> wrote:
>
>> Hi all,
>>
>> i've just installed Centos 6 and my system is up to date. I've tried to
>> google a bit but didn't find any solutions:
>>
>> LOGS:
>>
>> ################################################
>>
>> mailq with more than 2000 emails and messages are not delivered;
>>
>> ################################################
>>
>> [root at mail init.d]# ps aux | grep MailScanner
>> postfix 4074 0.0 2.2 302708 89248 ? S Oct28 0:05
>> MailScanner: compressing attachments
>> postfix 4081 0.0 2.2 302708 89148 ? S Oct28 0:05
>> MailScanner: compressing attachments
>> postfix 4086 0.0 2.2 302840 89284 ? S Oct28 0:04
>> MailScanner: compressing attachments
>> root 8844 0.0 0.0 103156 812 pts/2 S+ 11:31 0:00 grep
>> MailScanner
>>
>> ################################################
>>
>> /var/log/maillog :
>>
>> Oct 31 11:50:27 mail MailScanner[9227]: writing to
>> /var/spool/MailScanner/quarantine/20111031/spam/BBA2A2024A1.AB0F1: No such
>> file or directory
>>
>> ################################################
>>
>> [root at mail init.d]# MailScanner --debug
>>
>> Configuration: Failed to find any configuration files like
>> /etc/MailScanner/conf.d/*, skipping them. at
>> /usr/share/MailScanner/MailScanner/Config.pm line 2044
>>
>> In Debugging mode, not forking...
>> Trying to setlogsock(unix)
>> Building a message batch to scan...
>> Have a batch of 30 messages.
>> Can't call method "print" on an undefined value at
>> /usr/share/MailScanner/MailScanner/PFDiskStore.pm line 755.
>>
>> ################################################
>>
>> VERSIONS:
>>
>> MailScanner --lint
>> Trying to setlogsock(unix)
>>
>> Reading configuration file /etc/MailScanner/MailScanner.conf
>> Configuration: Failed to find any configuration files like
>> /etc/MailScanner/conf.d/*, skipping them. at
>> /usr/share/MailScanner/MailScanner/Config.pm line 2044
>> Read 869 hostnames from the phishing whitelist
>> Read 4051 hostnames from the phishing blacklists
>> Config: calling custom init function SQLBlacklist
>> Starting up SQL Blacklist
>> Read 0 blacklist entries
>> Config: calling custom init function MailWatchLogging
>> Started SQL Logging child
>> Config: calling custom init function SQLWhitelist
>> Starting up SQL Whitelist
>> Read 0 whitelist entries
>>
>> Checking version numbers...
>> Version number in MailScanner.conf (4.84.3) is correct.
>>
>> Unrar is not installed, it should be in /usr/bin/unrar.
>> This is required for RAR archives to be read to check
>> filenames and filetypes. Virus scanning is not affected.
>>
>>
>> Your envelope_sender_header in spam.assassin.prefs.conf is correct.
>> MailScanner setting GID to (89)
>> MailScanner setting UID to (89)
>>
>> Checking for SpamAssassin errors (if you use it)...
>> Using SpamAssassin results cache
>> Connected to SpamAssassin cache database
>> SpamAssassin reported no errors.
>> Connected to Processing Attempts Database
>> Created Processing Attempts Database successfully
>> There are 248 messages in the Processing Attempts Database
>> lock.pl sees Config LockType = posix
>> lock.pl sees have_module = 0
>> Using locktype = posix
>> MailScanner.conf says "Virus Scanners = clamd"
>> Debug Mode Is On
>> Use Threads : NO
>> Socket : /var/run/clamav/clamd.sock
>> IP : Using Sockets
>> Lock File : NOT USED
>> Time Out : 300
>> Scan Dir : /var/spool/MailScanner/incoming/9341/ISITINSTALLED
>> Clamd : Sending PING
>> Clamd : GOT 'PONG'
>> ClamD is running
>>
>> Found these virus scanners installed: clamd
>>
>> ===========================================================================
>> Created attachment dirs for 1 messages
>> Filename Checks: Windows/DOS Executable (1 eicar.com)
>> Completed checking by /usr/bin/file
>> Other Checks: Found 1 problems
>>
>> ###################################
>>
>> is the above "Configuration: Failed to find any configuration files like
>> /etc/MailScanner/conf.d/*, skipping them. at
>> /usr/share/MailScanner/MailScanner/Config.pm line 2044" an issue? am i
>> really missing something?
>>
>> ###################################
>>
>> MailScanner -v
>> Running on
>> Linux mail.ny03.mydomain.org 2.6.32-71.29.1.el6.centos.plus.x86_64 #1
>> SMP Sun Jun 26 16:27:27 BST 2011 x86_64 x86_64 x86_64 GNU/Linux
>> This is CentOS Linux release 6.0 (Final)
>> This is Perl version 5.010001 (5.10.1)
>>
>> This is MailScanner version 4.84.3
>> Module versions are:
>> 1.00 AnyDBM_File
>> 1.30 Archive::Zip
>> 0.23 bignum
>> 1.11 Carp
>> 2.02 Compress::Zlib
>> 1.119 Convert::BinHex
>> 0.17 Convert::TNEF
>> 2.124 Data::Dumper
>> 2.27 Date::Parse
>> 1.03 DirHandle
>> 1.06 Fcntl
>> 2.77 File::Basename
>> 2.14 File::Copy
>> 2.02 FileHandle
>> 2.08 File::Path
>> 0.22 File::Temp
>> 0.92 Filesys::Df
>> 3.64 HTML::Entities
>> 3.64 HTML::Parser
>> 3.57 HTML::TokeParser
>> 1.25 IO
>> 1.14 IO::File
>> 1.13 IO::Pipe
>> 2.04 Mail::Header
>> 1.89 Math::BigInt
>> 0.22 Math::BigRat
>> 3.08 MIME::Base64
>> 5.427 MIME::Decoder
>> 5.427 MIME::Decoder::UU
>> 5.427 MIME::Head
>> 5.427 MIME::Parser
>> 3.08 MIME::QuotedPrint
>> 5.427 MIME::Tools
>> 0.14 Net::CIDR
>> 1.25 Net::IP
>> 0.19 OLE::Storage_Lite
>> 1.04 Pod::Escapes
>> 3.13 Pod::Simple
>> 1.17 POSIX
>> 1.21 Scalar::Util
>> 1.82 Socket
>> 2.20 Storable
>> 1.4 Sys::Hostname::Long
>> 0.27 Sys::Syslog
>> 1.40 Test::Pod
>> 0.92 Test::Simple
>> 1.9721 Time::HiRes
>> 1.02 Time::localtime
>>
>> Optional module versions are:
>> 1.58 Archive::Tar
>> 0.23 bignum
>> missing Business::ISBN
>> missing Business::ISBN::Data
>> missing Data::Dump
>> 1.82 DB_File
>> 1.27 DBD::SQLite
>> 1.609 DBI
>> 1.16 Digest
>> 1.01 Digest::HMAC
>> 2.39 Digest::MD5
>> 2.12 Digest::SHA1
>> 1.01 Encode::Detect
>> missing Error
>> 0.27 ExtUtils::CBuilder
>> 2.2203 ExtUtils::ParseXS
>> 2.38 Getopt::Long
>> missing Inline
>> missing IO::String
>> 1.09 IO::Zlib
>> missing IP::Country
>> missing Mail::ClamAV
>> 3.003001 Mail::SpamAssassin
>> missing Mail::SPF
>> missing Mail::SPF::Query
>> 0.35 Module::Build
>> missing Net::CIDR::Lite
>> 0.65 Net::DNS
>> missing Net::DNS::Resolver::Programmable
>> missing Net::LDAP
>> 4.027 NetAddr::IP
>> missing Parse::RecDescent
>> missing SAVI
>> 3.17 Test::Harness
>> missing Test::Manifest
>> 2.0.0 Text::Balanced
>> 1.40 URI
>> 0.77 version
>> missing YAML
>> Virus and Content Scanning: Starting
>> Commencing scanning by clamd...
>> Debug Mode Is On
>> Use Threads : NO
>> Socket : /var/run/clamav/clamd.sock
>> IP : Using Sockets
>> Lock File : NOT USED
>> Time Out : 300
>> Scan Dir : /var/spool/MailScanner/incoming/9341
>> Clamd : Sending PING
>> Clamd : GOT 'PONG'
>> ClamD is running
>>
>> SENT : CONTSCAN /var/spool/MailScanner/incoming/9341
>> Clamd::INFECTED::Eicar-Test-Signature :: ./1/
>> Clamd::INFECTED:: Eicar-Test-Signature :: ./1/eicar.com
>> Completed scanning by clamd
>> Virus Scanning: Clamd found 2 infections
>> Infected message 1 came from 10.1.1.1
>> Virus Scanning: Found 2 viruses
>>
>> ===========================================================================
>> Virus Scanner test reports:
>> Clamd said "eicar.com was infected: Eicar-Test-Signature"
>>
>> If any of your virus scanners (clamd)
>> are not listed there, you should check that they are installed correctly
>> and that MailScanner is finding them correctly via its
>> virus.scanners.conf.
>> Config: calling custom end function SQLBlacklist
>> Closing down by-domain spam blacklist
>> Config: calling custom end function MailWatchLogging
>> Config: calling custom end function SQLWhitelist
>> Closing down by-domain spam whitelist
>>
>> ########################################
>>
>> I've tried also to disable selinux:
>>
>> [root at mail init.d]# setenforce 0
>> [root at mail init.d]#
>> [root at mail init.d]# MailScanner -debug
>>
>> Configuration: Failed to find any configuration files like
>> /etc/MailScanner/conf.d/*, skipping them. at
>> /usr/share/MailScanner/MailScanner/Config.pm line 2044
>>
>> In Debugging mode, not forking...
>> Trying to setlogsock(unix)
>> Building a message batch to scan...
>> Have a batch of 30 messages.
>> Can't call method "print" on an undefined value at
>> /usr/share/MailScanner/MailScanner/PFDiskStore.pm line 755.
>> [root at mail init.d]#
>> [root at mail init.d]#
>> [root at mail init.d]#
>>
>> [root at mail init.d]# postconf -d | grep mail_version
>> mail_version = 2.6.6
>>
>> any ideas ? thanks you !!
>>
>>
>> milter_macro_v = $mail_name $mail_version
>> [root at mail init.d]#
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20111031/3f87cae1/attachment.html
More information about the MailScanner
mailing list