MailScanner: Message attempted to kill MailScanner
DobriL Dobrilov
dobril at stanga.net
Mon Aug 6 12:13:03 UTC 2018
Until now the Mail Server was with old postfix and MailScanner 4.79. I migrated to new server with MailScanner 5.0.7. MS config is same as before.
>From webmail I can send messages out of my domain without problems.
Msg from webmail
Received: from mail.stanga.net (localhost [IPv6:::1])
by mail.stanga.net (Postfix) with ESMTPA id 8990B62C7F
for <dobril at stanga.net>; Mon, 6 Aug 2018 14:33:37 +0300 (EEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=stanga.net; s=mail;
t=1533555217; bh=mZ+uaN6Z/8N6WGVqk2wnIiNbWhm5wweetthyGV+rcTs=;
h=Date:From:To:Subject;
b=ex87f2OAPGbMz0sU6XWbhYCD03Et+mEjtKr925BfRPT5HgYLDlL8HqB+ZrCXHJwYF
YeklCaEhAz5eGuRaDcJThrwidzLyqdC8pAErnLbc49SmF0HIafTMMmnqxkhRqYefqz
EKNjrsrHGMMqNKqMUApcumMBXGt8zKEXw/S9HlrE=
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="=_75de8e069c6b4423276ecc8efe3eaa14"
Date: Mon, 06 Aug 2018 14:33:37 +0300
From: Dobril Dobrilov <dobril at stanga.net>
To: dobril at stanga.net
Subject: Test2
Organization: StangaOne1
Message-ID: <e836f2d9d2be88a49da5da675eba919e at stanga.net>
X-Sender: dobril at stanga.net
User-Agent: Roundcube Webmail/1.3.7
Msg from Mail Client
Received: from DL (unknown [192.168.0.222])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(No client certificate requested)
by mail.stanga.net (Postfix) with ESMTPSA id CB1BD62C84
for <dobril at stanga.net>; Mon, 6 Aug 2018 15:11:28 +0300 (EEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=stanga.net; s=mail;
t=1533557488; bh=PuTju5S6EPeO7sbRMZ/5jISvR+vw7+9AwwsxuKLvTZ8=;
h=From:To:Subject:Date;
b=IcMCXoZ3cdkehwkEMYfCytEDcgduiWi8Bats1ypadvf6hD/Mq/I0s7k6Lc3lBzJpN
FNopdMhbJ7HQ1irLN8fyHRvMPFzyCAE3rPZjIDm1Olf23G4E510mYtRvE1A/i1Dt0a
rHJVnjxltdYZ6+aaENwzE/oXaaO1XSW1zaSciN6k=
From: "DobriL Dobrilov" <dobril at stanga.net>
To: "'DobriL Dobrilov'" <dobril at stanga.net>
Subject: Test
Date: Mon, 6 Aug 2018 15:11:34 +0300
Message-ID: <00f901d42d7e$9e87dbe0$db9793a0$@stanga.net>
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="----=_NextPart_000_00FA_01D42D97.C3D513E0"
X-Mailer: Microsoft Outlook 16.0
Thread-Index: AdQtfptmFdgLS/d8QKixvWPS7nKlOQ==
Content-Language: bg
X-MS-TNEF-Correlator: 000000005234E38E73D4914094E5D7D34B79F6A564F78F00
Dobril Dobrilov
IT Manager
dobril at stanga.net
43, Cherni Vrah Blvd. | 1407 Sofia - Bulgaria
Phone: +359 2 81 960 69 Fax: +359 2 81 960 70
Mobile: +359 878 749 387
We shape Digital www.stanga.net
We re-invent Video www.bsbvision.com
We build Apps www.shanga.co
We support Start-Ups www.mysbar.net
-----Original Message-----
From: MailScanner [mailto:mailscanner-bounces+dobril=stanga.net at lists.mailscanner.info] On Behalf Of Antony Stone
Sent: Monday, August 6, 2018 3:01 PM
To: MailScanner Discussion <mailscanner at lists.mailscanner.info>
Subject: Re: MailScanner: Message attempted to kill MailScanner
On Monday 06 August 2018 at 13:55:36, DobriL Dobrilov wrote:
> Some other ideas, because unfortunately this Live system and It’s very
> critical ?
When did the problem start happening?
What changed on the MS server around that time?
Can you show us full headers of an example email from webmail (which MS can't
process) and another one to and from the same addresses, but not from webmail (which MS processes okay)?
Antony
> From: MailScanner
> Sent: Monday, August 6, 2018 2:08 PM
> To: 'MailScanner Discussion' <mailscanner at lists.mailscanner.info>
> Subject: RE: MailScanner: Message attempted to kill MailScanner
>
> The same thing after I disable Virus scan , memory is enough.
> Something else cause the issue , and happen only with email send by
> webmail
>
>
> From: MailScanner
> Sent: Monday, August 6, 2018 2:04 PM
> To: MailScanner Discussion <mailscanner at lists.mailscanner.info>
> Subject: Re: MailScanner:
> Message attempted to kill MailScanner
>
> Very first thing I would check is whether you have enough memory to
> carry out virus scanning, and make sure that OOM is not occurring.
>
> On Mon, Aug 6, 2018 at 6:56 AM, DobriL Dobrilov wrote:
>
> Hello,
>
>
> Please help me to debug follow issue:
>
> All emails sent from my webmail to same domain cannot be processes by
> mailscanner.
>
>
>
> Aug 6 13:19:15 mail postfix/smtpd[31702]: connect from localhost[::1]
>
> Aug 6 13:19:15 mail postfix/smtpd[31702]: CE4AB62C48:
> client=localhost[::1], sasl_method=LOGIN,
> sasl_username=dobril at stanga.net <mailto:dobril at stanga.net>
>
> Aug 6 13:19:15 mail postfix/cleanup[31703]: CE4AB62C48: hold: header
> Received: from mail.stanga.net <http://mail.stanga.net> (localhost
> [IPv6:::1])??by mail.stanga.net <http://mail.stanga.net> (Postfix)
> with ESMTPA id CE4AB62C48??for <dob
>
> ril at stanga.net <mailto:ril at stanga.net> >; Mon, 6 Aug 2018 13:19:15
> +0300
> (EEST) from localhost[::1]; from=<dobril at stanga.net
> <mailto:dobril at stanga.net> > to=<dobril at stanga.net
> <mailto:dobril at stanga.net> > proto=ESMTP helo=<mail.stanga.net
> <http://mail.stanga.net> >
>
> Aug 6 13:19:15 mail postfix/cleanup[31703]: CE4AB62C48:
> message-id=<0a5acc9eeddaa3cd9256ba112f5270d5 at stanga.net
> <mailto:0a5acc9eeddaa3cd9256ba112f5270d5 at stanga.net> >
>
> Aug 6 13:19:15 mail opendkim[3326]: CE4AB62C48: DKIM-Signature field
> added (s=mail, d=stanga.net <http://stanga.net> )
>
> Aug 6 13:19:15 mail postfix/smtpd[31702]: disconnect from
> localhost[::1]
> ehlo=1 auth=1 mail=1 rcpt=1 data=1 quit=1 commands=6
>
> Aug 6 13:19:18 mail MailScanner[31554]: New Batch: Scanning 1
> messages,
> 3097 bytes
>
> Aug 6 13:19:18 mail MailScanner[31554]: Saved archive copies of
> CE4AB62C48.A8F32
>
> Aug 6 13:19:19 mail MailScanner[31554]: Virus and Content Scanning:
> Starting
>
> Aug 6 13:19:19 mail MailScanner[31554]: Virus Scanning completed at
> 24018 bytes per second
>
> Aug 6 13:19:18 mail MailScanner[31554]: Saved archive copies of
> CE4AB62C48.A8F32
>
> Aug 6 13:23:37 mail MailScanner[32582]: Making attempt 2 at
> processing message CE4AB62C48.A8F32
>
> Aug 6 13:23:37 mail MailScanner[32582]: Saved archive copies of
> CE4AB62C48.A8F32
>
> Aug 6 13:26:15 mail MailScanner[2138]: Making attempt 3 at processing
> message CE4AB62C48.A8F32
>
> Aug 6 13:26:15 mail MailScanner[2138]: Saved archive copies of
> CE4AB62C48.A8F32
>
> Aug 6 13:30:55 mail MailScanner[1659]: Making attempt 4 at processing
> message CE4AB62C48.A8F32
>
> Aug 6 13:30:55 mail MailScanner[1659]: Saved archive copies of
> CE4AB62C48.A8F32
>
> Aug 6 13:35:44 mail MailScanner[1736]: Making attempt 5 at processing
> message CE4AB62C48.A8F32
>
> Aug 6 13:35:44 mail MailScanner[1736]: Saved archive copies of
> CE4AB62C48.A8F32
>
> Aug 6 13:39:03 mail MailScanner[2946]: Making attempt 6 at processing
> message CE4AB62C48.A8F32
>
> Aug 6 13:39:03 mail MailScanner[2946]: Saved archive copies of
> CE4AB62C48.A8F32
>
> Aug 6 13:39:05 mail MailScanner[2589]: Warning: skipping message
> CE4AB62C48.A8F32 as it has been attempted too many times
>
> Aug 6 13:39:05 mail MailScanner[2589]: Quarantined message
> CE4AB62C48.A8F32 as it caused MailScanner to crash several times
>
> Aug 6 13:39:05 mail MailScanner[2589]: Saved entire message to
> /var/spool/MailScanner/quarantine/20180806/CE4AB62C48.A8F32
>
> Aug 6 13:39:05 mail MailScanner[2589]: MailWatch: Logging message
> CE4AB62C48.A8F32 to SQL
>
>
>
>
>
> Then I started in with debug option.
>
> Aug 6 13:19:15 mail postfix/smtpd[31702]: connect from localhost[::1]
>
> Aug 6 13:19:15 mail postfix/smtpd[31702]: CE4AB62C48:
> client=localhost[::1], sasl_method=LOGIN,
> sasl_username=dobril at stanga.net <mailto:dobril at stanga.net>
>
> Aug 6 13:19:15 mail postfix/cleanup[31703]: CE4AB62C48: hold: header
> Received: from mail.stanga.net <http://mail.stanga.net> (localhost
> [IPv6:::1])??by mail.stanga.net <http://mail.stanga.net> (Postfix)
> with ESMTPA id CE4AB62C48??for <dobril at stanga.net
> <mailto:dobril at stanga.net> >; Mon, 6 Aug 2018 13:19:15 +0300 (EEST)
> from localhost[::1]; from=<dobril at stanga.net
> <mailto:dobril at stanga.net> > to=<dobril at stanga.net
> <mailto:dobril at stanga.net> > proto=ESMTP helo=<mail.stanga.net
> <http://mail.stanga.net> >
>
> Aug 6 13:19:15 mail postfix/cleanup[31703]: CE4AB62C48:
> message-id=<0a5acc9eeddaa3cd9256ba112f5270d5 at stanga.net
> <mailto:0a5acc9eeddaa3cd9256ba112f5270d5 at stanga.net> >
>
> Aug 6 13:19:15 mail opendkim[3326]: CE4AB62C48: DKIM-Signature field
> added (s=mail, d=stanga.net <http://stanga.net> )
>
> Aug 6 13:19:15 mail postfix/smtpd[31702]: disconnect from
> localhost[::1]
> ehlo=1 auth=1 mail=1 rcpt=1 data=1 quit=1 commands=6
>
> Aug 6 13:19:18 mail MailScanner[31554]: New Batch: Found 4 messages
> waiting
>
> Aug 6 13:19:18 mail MailScanner[31554]: New Batch: Scanning 1
> messages,
> 3097 bytes
>
> Aug 6 13:19:18 mail MailScanner[31554]: Saved archive copies of
> CE4AB62C48.A8F32
>
> Aug 6 13:19:18 mail MailScanner[31554]: Created attachment dirs for 1
> messages
>
> Aug 6 13:19:19 mail MailScanner[31554]: Completed checking by
> /usr/bin/file
>
> Aug 6 13:19:19 mail MailScanner[31554]: Virus and Content Scanning:
> Starting
>
> Aug 6 13:19:19 mail MailScanner[31554]: Commencing scanning with clamd...
>
> Aug 6 13:19:19 mail MailScanner[31726]: Debug Mode Is On
>
> Aug 6 13:19:19 mail MailScanner[31726]: Use Threads : YES
>
> Aug 6 13:19:19 mail MailScanner[31726]: Socket :
> /var/run/clamav/clamd.sock
>
> Aug 6 13:19:19 mail MailScanner[31726]: IP : Using Sockets
>
> Aug 6 13:19:19 mail MailScanner[31726]: Lock File : NOT USED
>
> Aug 6 13:19:19 mail MailScanner[31726]: Time Out : 300
>
> Aug 6 13:19:19 mail MailScanner[31726]: Scan Dir :
> /var/spool/MailScanner/incoming/31554
>
> Aug 6 13:19:19 mail MailScanner[31726]: Clamd : Sending PING
>
> Aug 6 13:19:19 mail MailScanner[31726]: Clamd : GOT 'PONG'
>
> Aug 6 13:19:19 mail MailScanner[31726]: ClamD is running
>
> Aug 6 13:19:19 mail MailScanner[31726]: SENT : MULTISCAN
> /var/spool/MailScanner/incoming/31554
>
> Aug 6 13:19:19 mail MailScanner[31554]: Completed AV scan with clamd
>
> Aug 6 13:19:19 mail MailScanner[31554]: Virus Scanning completed at
> 24018 bytes per second
>
> Aug 6 13:19:19 mail root[31735]: MailScanner failed to start
>
> Aug 6 13:19:19 mail root[31736]: Found a possible dead PID. Stopping
> all MailScanner rogue processes ...
>
>
>
>
>
> How I can find out what cause this issue.
--
When you find yourself arguing with an idiot, you should first of all make sure that the other person isn't doing the same thing.
Please reply to the list;
please *don't* CC me.
--
MailScanner mailing list
mailscanner at lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner
More information about the MailScanner
mailing list