From yuwang at cs.fsu.edu Thu Aug 1 01:58:53 2019 From: yuwang at cs.fsu.edu (yuwang) Date: Wed, 31 Jul 2019 21:58:53 -0400 Subject: Any sample init.d scripts for sendmail on CentOS 6? In-Reply-To: <5a276e37-903c-32da-8a6c-9fca32d7c4af@replies.cyways.com> References: <5a276e37-903c-32da-8a6c-9fca32d7c4af@replies.cyways.com> Message-ID: <024d52359620f1bd229ceec605e63ca2@cs.fsu.edu> Since you run MailScanner, you should let the MailScanner start/stop sendmail. James On 2019-07-31 12:43, Peter H. Lemieux wrote: > I just installed 5.1.3-2 on a CentOS 6 box. Does anyone have a > modified /etc/init.d/sendmail script or a diff? Doing surgery on > these scripts has always been a bit daunting for me. I appear to have > got starting worked out, but stopping isn't working so well. I guess > I could just use "killall -9 sendmail", but I'd prefer something more > elegant if possible. > > Thanks! > > Peter From mailscanner at replies.cyways.com Thu Aug 1 05:37:03 2019 From: mailscanner at replies.cyways.com (Peter H. Lemieux) Date: Thu, 1 Aug 2019 01:37:03 -0400 Subject: Any sample init.d scripts for sendmail on CentOS 6? In-Reply-To: <024d52359620f1bd229ceec605e63ca2@cs.fsu.edu> References: <5a276e37-903c-32da-8a6c-9fca32d7c4af@replies.cyways.com> <024d52359620f1bd229ceec605e63ca2@cs.fsu.edu> Message-ID: MailScanner 4 managed start/stop for SMTP daemons; MailScanner 5 apparently does not. https://www.mailscanner.info/sendmail/ However I did find this: https://github.com/MailScanner/v5/issues/23 I'll give that a try in the morning. Peter On 7/31/19 9:58 PM, yuwang wrote: > Since you run MailScanner, you should let the MailScanner start/stop > sendmail. > > James > > On 2019-07-31 12:43, Peter H. Lemieux wrote: >> I just installed 5.1.3-2 on a CentOS 6 box.? Does anyone have a >> modified /etc/init.d/sendmail script or a diff?? Doing surgery on >> these scripts has always been a bit daunting for me.? I appear to have >> got starting worked out, but stopping isn't working so well.? I guess >> I could just use "killall -9 sendmail", but I'd prefer something more >> elegant if possible. >> >> Thanks! >> >> Peter > From mailscanner at replies.cyways.com Thu Aug 1 15:47:41 2019 From: mailscanner at replies.cyways.com (Peter H. Lemieux) Date: Thu, 1 Aug 2019 11:47:41 -0400 Subject: Any sample init.d scripts for sendmail on CentOS 6? In-Reply-To: References: <5a276e37-903c-32da-8a6c-9fca32d7c4af@replies.cyways.com> <024d52359620f1bd229ceec605e63ca2@cs.fsu.edu> Message-ID: <2ad005f4-9120-caed-389e-fcb88826a36c@replies.cyways.com> This worked for me out-of-the-box. https://github.com/MailScanner/v5/files/900514/mailscanner-sendmail.zip Thanks to all who contributed. Peter On 8/1/19 1:37 AM, Peter H. Lemieux wrote: > MailScanner 4 managed start/stop for SMTP daemons; MailScanner 5 > apparently does not. > > https://www.mailscanner.info/sendmail/ > > However I did find this: > > https://github.com/MailScanner/v5/issues/23 > > I'll give that a try in the morning. > > Peter > > > On 7/31/19 9:58 PM, yuwang wrote: >> Since you run MailScanner, you should let the MailScanner start/stop >> sendmail. >> >> James >> >> On 2019-07-31 12:43, Peter H. Lemieux wrote: >>> I just installed 5.1.3-2 on a CentOS 6 box.? Does anyone have a >>> modified /etc/init.d/sendmail script or a diff?? Doing surgery on >>> these scripts has always been a bit daunting for me.? I appear to have >>> got starting worked out, but stopping isn't working so well.? I guess >>> I could just use "killall -9 sendmail", but I'd prefer something more >>> elegant if possible. >>> >>> Thanks! >>> >>> Peter >> > > From carles at unlimitedmail.org Thu Aug 1 17:45:48 2019 From: carles at unlimitedmail.org (=?UTF-8?Q?Carles_Xavier_Munyoz_Bald=c3=b3?=) Date: Thu, 1 Aug 2019 19:45:48 +0200 Subject: Messages quarantined due to: Allow WebBugs = disarm Message-ID: <89d059a3-1c10-eb04-ee7f-f36f49bd64f8@zimbra.soltecsis.com> Hi, Since some days ago, I have had some e-mails don't delivered to my end users due to this error message: MailScanner[14567]: Quarantined message x71GlTpg013562 as it caused MailScanner to crash several times Investigating the problem I have discovered that it is caused by this configuration option: [...] # Do you want to allow tags with very small images in email messages? # This is a bad idea as these are used as 'web bugs' to find out if a message # has been read. It is not dangerous, it is just used to make you give away # information. # Value: yes???? => Allow these tags to be in the message #??????? disarm? => Allow these tags, but stop these tags from working #?????????????????? Note: Disarming can be defeated, it is not 100% safe! # Note: You cannot block messages containing web bugs as their detection #?????? is very vulnerable to false alarms. # This can also be the filename of a ruleset. Allow WebBugs = disarm [...] If I modify it for "Allow WebBugs = yes" then the problem dissapears. But the strangeous thing is that this problem has arised suddenly, maybe after an OS (we are using Ubuntu 16) software update, but we are not sure. Any one knows why? Thank you very much for your great help! ======================================== SOLTECSIS SOLUCIONES TECNOLOGICAS, S.L. Carles Xavier Munyoz Bald? Departamento de I+D+I Tel./Fax: 966 446 046 cmunyoz at soltecsis.com www.soltecsis.com ======================================== --- La informaci?n contenida en este e-mail es confidencial, siendo para uso exclusivo del destinatario arriba mencionado. Le informamos que est? totalmente prohibida cualquier utilizaci?n, divulgaci?n, distribuci?n y/o reproducci?n de esta comunicaci?n sin autorizaci?n expresa en virtud de la legislaci?n vigente. Si ha recibido este mensaje por error, le rogamos nos lo notifique inmediatamente por la misma v?a y proceda a su eliminaci?n. --- From belle at bazuin.nl Fri Aug 2 06:59:46 2019 From: belle at bazuin.nl (=?windows-1252?Q?L.P.H._van_Belle?=) Date: Fri, 2 Aug 2019 08:59:46 +0200 Subject: Debian Buster In-Reply-To: <2ad005f4-9120-caed-389e-fcb88826a36c@replies.cyways.com> References: Message-ID: Hai, Just to verify, is mailscanner with mailwatch Debian Buster compliant? Before i upgrade my server.. :-) Greetz, Louis From iversons at rushville.k12.in.us Fri Aug 2 12:53:37 2019 From: iversons at rushville.k12.in.us (Shawn Iverson) Date: Fri, 2 Aug 2019 08:53:37 -0400 Subject: Debian Buster In-Reply-To: References: <2ad005f4-9120-caed-389e-fcb88826a36c@replies.cyways.com> Message-ID: Test it off production first ;) On Fri, Aug 2, 2019, 2:59 AM L.P.H. van Belle via MailScanner < mailscanner at lists.mailscanner.info wrote: > Hai, > > Just to verify, is mailscanner with mailwatch Debian Buster compliant? > Before i upgrade my server.. :-) > > Greetz, > > Louis > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From iversons at rushville.k12.in.us Fri Aug 2 12:54:17 2019 From: iversons at rushville.k12.in.us (Shawn Iverson) Date: Fri, 2 Aug 2019 08:54:17 -0400 Subject: Messages quarantined due to: Allow WebBugs = disarm In-Reply-To: <89d059a3-1c10-eb04-ee7f-f36f49bd64f8@zimbra.soltecsis.com> References: <89d059a3-1c10-eb04-ee7f-f36f49bd64f8@zimbra.soltecsis.com> Message-ID: Sample (sanitized if needed)? On Thu, Aug 1, 2019, 1:46 PM Carles Xavier Munyoz Bald? < carles at unlimitedmail.org wrote: > Hi, > Since some days ago, I have had some e-mails don't delivered to my end > users due to this error message: > MailScanner[14567]: Quarantined message x71GlTpg013562 as it caused > MailScanner to crash several times > > Investigating the problem I have discovered that it is caused by this > configuration option: > [...] > # Do you want to allow tags with very small images in email messages? > # This is a bad idea as these are used as 'web bugs' to find out if a > message > # has been read. It is not dangerous, it is just used to make you give away > # information. > # Value: yes => Allow these tags to be in the message > # disarm => Allow these tags, but stop these tags from working > # Note: Disarming can be defeated, it is not 100% safe! > # Note: You cannot block messages containing web bugs as their detection > # is very vulnerable to false alarms. > # This can also be the filename of a ruleset. > Allow WebBugs = disarm > [...] > > > If I modify it for "Allow WebBugs = yes" then the problem dissapears. > > But the strangeous thing is that this problem has arised suddenly, maybe > after an OS (we are using Ubuntu 16) software update, but we are not sure. > > Any one knows why? > > > Thank you very much for your great help! > > ======================================== > SOLTECSIS SOLUCIONES TECNOLOGICAS, S.L. > Carles Xavier Munyoz Bald? > Departamento de I+D+I > Tel./Fax: 966 446 046 > cmunyoz at soltecsis.com > www.soltecsis.com > ======================================== > > --- > La informaci?n contenida en este e-mail es confidencial, > siendo para uso exclusivo del destinatario arriba mencionado. > Le informamos que est? totalmente prohibida cualquier > utilizaci?n, divulgaci?n, distribuci?n y/o reproducci?n de > esta comunicaci?n sin autorizaci?n expresa en virtud de la > legislaci?n vigente. Si ha recibido este mensaje por error, > le rogamos nos lo notifique inmediatamente por la misma v?a > y proceda a su eliminaci?n. > --- > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From kevin.miller at juneau.org Fri Aug 2 16:54:06 2019 From: kevin.miller at juneau.org (Kevin Miller) Date: Fri, 2 Aug 2019 16:54:06 +0000 Subject: Debian Buster In-Reply-To: References: Message-ID: <28a66ad780544186b29205782e43a802@City-Exch-DB2.cbj.local> I upgraded my test box to Buster from Stretch. It does work but there were a few things that went bump in the process. For instance, php is upgraded so the links in /etc/apache2/mods-enabled broke (only an issue if you're running MailWatch on top of MailScanner). Stretch: lrwxrwxrwx 1 root root 29 Apr 11 2018 php7.0.conf -> ../mods-available/php7.0.conf lrwxrwxrwx 1 root root 29 Apr 11 2018 php7.0.load -> ../mods-available/php7.0.load Buster: lrwxrwxrwx 1 root root 29 Jul 11 08:54 php7.3.conf -> ../mods-available/php7.3.conf lrwxrwxrwx 1 root root 29 Jul 11 08:54 php7.3.load -> ../mods-available/php7.3.load An easy fix but it took me a while to figure out what the trouble was. Had a couple of other issues that were puzzlers too, but again easy fixes after I tracked them down. Can't recall what all the problems were now or if they were MailScanner issues or more MailWatch issues. Looking back at the history file on my test box, I see I had to fiddle with opendmarc after upgrading. Debian seems to screw up the opendmarc start script: Edit /etc/systemd/system/multi-user.target.wants/opendmarc.service Change the line below: ExecStart=/usr/sbin/opendmarc To: ExecStart=/usr/sbin/opendmarc -p $SOCKET -c /etc/opendmarc.conf -u opendmarc -P /var/run/opendmarc/opendmarc.pid Also had to fiddle with sa-compile to get it working again. Not an show stopper but better performance if it's enabled. Not sure what other issues I had. As Shawn says, give it a go on a test box first if you have one unless you can live w/o email for a few hours. Best of luck... ...Kevin -- Kevin Miller Network/email Administrator, CBJ MIS Dept. 155 South Seward Street Juneau, Alaska 99801 Phone: (907) 586-0242, Fax: (907) 586-4588 Registered Linux User No: 307357 -----Original Message----- From: MailScanner On Behalf Of L.P.H. van Belle via MailScanner Sent: Thursday, August 01, 2019 11:00 PM To: MailScanner Discussion Cc: L.P.H. van Belle Subject: Debian Buster EXTERNAL E-MAIL: BE CAUTIOUS WHEN OPENING FILES OR FOLLOWING LINKS ________________________________ Hai, Just to verify, is mailscanner with mailwatch Debian Buster compliant? Before i upgrade my server.. :-) Greetz, Louis -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner From n.kilner at kilner-vacuum-lifting.com Wed Aug 7 11:23:55 2019 From: n.kilner at kilner-vacuum-lifting.com (Nigel Kilner) Date: Wed, 7 Aug 2019 12:23:55 +0100 Subject: MailScanner 5.1.3 not finding F-protd-6 Message-ID: Hello, I cannot get the f-prot daemon fpscand to work with mailscanner.? In virus.scanners.conf i have: f-protd-6??? ??? /bin/false??? ??? /usr/local/f-prot?? (which is the location of fpscand) fpscand is confirmed to be listening on port 10200. here is the out put from mailscanner --lint ?>>>Checking for SpamAssassin errors (if you use it)... Using SpamAssassin results cache Connected to SpamAssassin cache database SpamAssassin reported no errors. Connected to Processing Attempts Database Created Processing Attempts Database successfully There is 1 message in the Processing Attempts Database Using locktype = posix MailScanner.conf says "Virus Scanners = f-protd-6 clamd" Found these virus scanners installed: clamd =========================================================================== Filename Checks: Blocked Filename Detected (1 eicar.com) Other Checks: Found 1 problems Virus and Content Scanning: Starting Clamd::INFECTED::Eicar-Test-Signature :: ./1/ Virus Scanning: Clamd found 1 infections Infected message 1 came from 10.1.1.1 Virus Scanning: Found 1 viruses =========================================================================== If any of your virus scanners (clamd) are not listed there, you should check that they are installed correctly and that MailScanner is finding them correctly via its virus.scanners.conf. It correctly shows clamd but not f-protd-6. I also see no reference to f-prot in the logs when mailscanner starts. I have searched for solutions but can find no clues to the problem. Why does mailscanner not find or use f-prot? Nigel -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From iversons at rushville.k12.in.us Sat Aug 10 11:37:21 2019 From: iversons at rushville.k12.in.us (Shawn Iverson) Date: Sat, 10 Aug 2019 07:37:21 -0400 Subject: MailScanner 5.1.3 not finding F-protd-6 In-Reply-To: References: Message-ID: A new wrapper is needed for f-protd-6 for this to function. https://github.com/MailScanner/v5/issues/400 On Sat, Aug 10, 2019 at 5:33 AM Nigel Kilner < n.kilner at kilner-vacuum-lifting.com> wrote: > Hello, > > I cannot get the f-prot daemon fpscand to work with mailscanner. In > virus.scanners.conf i have: > > f-protd-6 /bin/false /usr/local/f-prot (which is the > location of fpscand) > > fpscand is confirmed to be listening on port 10200. here is the out put > from mailscanner --lint > > >>>Checking for SpamAssassin errors (if you use it)... > Using SpamAssassin results cache > Connected to SpamAssassin cache database > SpamAssassin reported no errors. > Connected to Processing Attempts Database > Created Processing Attempts Database successfully > There is 1 message in the Processing Attempts Database > Using locktype = posix > MailScanner.conf says "Virus Scanners = f-protd-6 clamd" > Found these virus scanners installed: clamd > =========================================================================== > Filename Checks: Blocked Filename Detected (1 eicar.com) > Other Checks: Found 1 problems > Virus and Content Scanning: Starting > Clamd::INFECTED::Eicar-Test-Signature :: ./1/ > Virus Scanning: Clamd found 1 infections > Infected message 1 came from 10.1.1.1 > Virus Scanning: Found 1 viruses > =========================================================================== > > If any of your virus scanners (clamd) > are not listed there, you should check that they are installed correctly > and that MailScanner is finding them correctly via its virus.scanners.conf. > > It correctly shows clamd but not f-protd-6. I also see no reference to > f-prot in the logs when mailscanner starts. > I have searched for solutions but can find no clues to the problem. > > Why does mailscanner not find or use f-prot? > > Nigel > > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > -- Shawn Iverson, CETL Director of Technology Rush County Schools 765-932-3901 option 7 iversons at rushville.k12.in.us [image: Cybersecurity] -------------- next part -------------- An HTML attachment was scrubbed... URL: From xserverlinux at gmail.com Tue Aug 20 02:36:44 2019 From: xserverlinux at gmail.com (Rick Gutierrez) Date: Mon, 19 Aug 2019 20:36:44 -0600 Subject: constant restart Message-ID: H list, I recently installed the latest version of MailScanner with a github script https://raw.githubusercontent.com/MailScanner/v5/master/rhel/install.sh, but I see in the log that MailScanner restarts every minute. log: Aug 19 20:32:35 escm MailScanner[16161]: New Batch: Found 45 messages waiting Aug 19 20:32:35 escm MailScanner[16161]: New Batch: Scanning 1 messages, 4386 bytes Aug 19 20:32:35 escm MailScanner[16161]: Virus and Content Scanning: Starting Aug 19 20:32:35 escm MailScanner[16161]: Spam Checks: Starting Aug 19 20:32:35 escm MailScanner[16225]: MailScanner Email Processor version 5.1.3 starting... Aug 19 20:32:36 escm MailScanner[16225]: Reading configuration file /etc/MailScanner/MailScanner.conf Aug 19 20:32:36 escm MailScanner[16225]: Reading configuration file /etc/MailScanner/conf.d/README Aug 19 20:32:36 escm MailScanner[16225]: Read 1500 hostnames from the phishing whitelist Aug 19 20:32:36 escm MailScanner[16225]: Read 6857 hostnames from the phishing blacklists Aug 19 20:32:36 escm MailScanner[16225]: Config: calling custom init function SQLBlacklist Aug 19 20:32:36 escm MailScanner[16225]: Config: calling custom init function MailWatchLogging Aug 19 20:32:36 escm MailScanner[16225]: Config: calling custom init function SQLWhitelist Aug 19 20:32:36 escm MailScanner[16185]: Connected to Processing Attempts Database Aug 19 20:32:36 escm MailScanner[16185]: Found 323 messages in the Processing Attempts Database Aug 19 20:32:36 escm MailScanner[16185]: Using locktype = flock Aug 19 20:32:36 escm MailScanner[16225]: Using SpamAssassin results cache Aug 19 20:32:36 escm MailScanner[16225]: Connected to SpamAssassin cache database Aug 19 20:32:36 escm MailScanner[16225]: Enabling SpamAssassin auto-whitelist functionality... Aug 19 20:32:38 escm MailScanner[16203]: Connected to Processing Attempts Database Aug 19 20:32:38 escm MailScanner[16203]: Found 323 messages in the Processing Attempts Database Aug 19 20:32:38 escm MailScanner[16203]: Using locktype = flock Aug 19 20:32:38 escm MailScanner[16203]: Making attempt 3 at processing message 36D189D0F8.AA3C5 Aug 19 20:32:38 escm MailScanner[16203]: Making attempt 3 at processing message B6C3D9D10D.A913A Aug 19 20:32:38 escm MailScanner[16203]: New Batch: Found 45 messages waiting Aug 19 20:32:38 escm MailScanner[16203]: New Batch: Scanning 2 messages, 73803 bytes Aug 19 20:32:38 escm MailScanner[16203]: Virus and Content Scanning: Starting any idea , o help that may be failing. -- rickygm http://gnuforever.homelinux.com From thom at vdb.nl Tue Aug 20 02:45:00 2019 From: thom at vdb.nl (Thom van der Boon) Date: Tue, 20 Aug 2019 04:45:00 +0200 (CEST) Subject: constant restart In-Reply-To: References: Message-ID: <1221639257.486050.1566269100833.JavaMail.zimbra@vdb.nl> What is the output of MailScanner --lint ? Met vriendelijke groet, Best regards, Thom van der Boon E-Mail: thom at vdb.nl ===== Thom.H. van der Boon b.v. Transito 4 6909 DA Babberich Tel.: [ tel:+31884272727 | +31 (0)88 4272727 ] Fax: +31 (0)88 4272789 Home Page: http://www.vdb.nl/ Van: "Rick Gutierrez" Aan: "MailScanner Discussion" Verzonden: Dinsdag 20 augustus 2019 04:36:44 Onderwerp: constant restart H list, I recently installed the latest version of MailScanner with a github script https://raw.githubusercontent.com/MailScanner/v5/master/rhel/install.sh, but I see in the log that MailScanner restarts every minute. log: Aug 19 20:32:35 escm MailScanner[16161]: New Batch: Found 45 messages waiting Aug 19 20:32:35 escm MailScanner[16161]: New Batch: Scanning 1 messages, 4386 bytes Aug 19 20:32:35 escm MailScanner[16161]: Virus and Content Scanning: Starting Aug 19 20:32:35 escm MailScanner[16161]: Spam Checks: Starting Aug 19 20:32:35 escm MailScanner[16225]: MailScanner Email Processor version 5.1.3 starting... Aug 19 20:32:36 escm MailScanner[16225]: Reading configuration file /etc/MailScanner/MailScanner.conf Aug 19 20:32:36 escm MailScanner[16225]: Reading configuration file /etc/MailScanner/conf.d/README Aug 19 20:32:36 escm MailScanner[16225]: Read 1500 hostnames from the phishing whitelist Aug 19 20:32:36 escm MailScanner[16225]: Read 6857 hostnames from the phishing blacklists Aug 19 20:32:36 escm MailScanner[16225]: Config: calling custom init function SQLBlacklist Aug 19 20:32:36 escm MailScanner[16225]: Config: calling custom init function MailWatchLogging Aug 19 20:32:36 escm MailScanner[16225]: Config: calling custom init function SQLWhitelist Aug 19 20:32:36 escm MailScanner[16185]: Connected to Processing Attempts Database Aug 19 20:32:36 escm MailScanner[16185]: Found 323 messages in the Processing Attempts Database Aug 19 20:32:36 escm MailScanner[16185]: Using locktype = flock Aug 19 20:32:36 escm MailScanner[16225]: Using SpamAssassin results cache Aug 19 20:32:36 escm MailScanner[16225]: Connected to SpamAssassin cache database Aug 19 20:32:36 escm MailScanner[16225]: Enabling SpamAssassin auto-whitelist functionality... Aug 19 20:32:38 escm MailScanner[16203]: Connected to Processing Attempts Database Aug 19 20:32:38 escm MailScanner[16203]: Found 323 messages in the Processing Attempts Database Aug 19 20:32:38 escm MailScanner[16203]: Using locktype = flock Aug 19 20:32:38 escm MailScanner[16203]: Making attempt 3 at processing message 36D189D0F8.AA3C5 Aug 19 20:32:38 escm MailScanner[16203]: Making attempt 3 at processing message B6C3D9D10D.A913A Aug 19 20:32:38 escm MailScanner[16203]: New Batch: Found 45 messages waiting Aug 19 20:32:38 escm MailScanner[16203]: New Batch: Scanning 2 messages, 73803 bytes Aug 19 20:32:38 escm MailScanner[16203]: Virus and Content Scanning: Starting any idea , o help that may be failing. -- rickygm http://gnuforever.homelinux.com -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner -------------- next part -------------- An HTML attachment was scrubbed... URL: From jpmarcucci at gmail.com Tue Aug 20 09:51:59 2019 From: jpmarcucci at gmail.com (Joao Marcucci) Date: Tue, 20 Aug 2019 06:51:59 -0300 Subject: constant restart In-Reply-To: References: Message-ID: There is a parameter in the MailScanner.conf that tells him to restart every x seconds. Take a look in this parameter: # To avoid resource leaks, re-start periodically. Forces a re-read of all # the configuration files too, so new updates to the bad phishing sites list # are read frequently. Restart Every = 14400 On Mon, Aug 19, 2019 at 11:38 PM Rick Gutierrez wrote: > H list, I recently installed the latest version of MailScanner with a > github script > https://raw.githubusercontent.com/MailScanner/v5/master/rhel/install.sh, > but I see in the log that MailScanner restarts every minute. > > log: > > > Aug 19 20:32:35 escm MailScanner[16161]: New Batch: Found 45 messages > waiting > Aug 19 20:32:35 escm MailScanner[16161]: New Batch: Scanning 1 > messages, 4386 bytes > Aug 19 20:32:35 escm MailScanner[16161]: Virus and Content Scanning: > Starting > Aug 19 20:32:35 escm MailScanner[16161]: Spam Checks: Starting > Aug 19 20:32:35 escm MailScanner[16225]: MailScanner Email Processor > version 5.1.3 starting... > Aug 19 20:32:36 escm MailScanner[16225]: Reading configuration file > /etc/MailScanner/MailScanner.conf > Aug 19 20:32:36 escm MailScanner[16225]: Reading configuration file > /etc/MailScanner/conf.d/README > Aug 19 20:32:36 escm MailScanner[16225]: Read 1500 hostnames from the > phishing whitelist > Aug 19 20:32:36 escm MailScanner[16225]: Read 6857 hostnames from the > phishing blacklists > Aug 19 20:32:36 escm MailScanner[16225]: Config: calling custom init > function SQLBlacklist > Aug 19 20:32:36 escm MailScanner[16225]: Config: calling custom init > function MailWatchLogging > Aug 19 20:32:36 escm MailScanner[16225]: Config: calling custom init > function SQLWhitelist > Aug 19 20:32:36 escm MailScanner[16185]: Connected to Processing > Attempts Database > Aug 19 20:32:36 escm MailScanner[16185]: Found 323 messages in the > Processing Attempts Database > Aug 19 20:32:36 escm MailScanner[16185]: Using locktype = flock > Aug 19 20:32:36 escm MailScanner[16225]: Using SpamAssassin results cache > Aug 19 20:32:36 escm MailScanner[16225]: Connected to SpamAssassin > cache database > Aug 19 20:32:36 escm MailScanner[16225]: Enabling SpamAssassin > auto-whitelist functionality... > Aug 19 20:32:38 escm MailScanner[16203]: Connected to Processing > Attempts Database > Aug 19 20:32:38 escm MailScanner[16203]: Found 323 messages in the > Processing Attempts Database > Aug 19 20:32:38 escm MailScanner[16203]: Using locktype = flock > Aug 19 20:32:38 escm MailScanner[16203]: Making attempt 3 at > processing message 36D189D0F8.AA3C5 > Aug 19 20:32:38 escm MailScanner[16203]: Making attempt 3 at > processing message B6C3D9D10D.A913A > Aug 19 20:32:38 escm MailScanner[16203]: New Batch: Found 45 messages > waiting > Aug 19 20:32:38 escm MailScanner[16203]: New Batch: Scanning 2 > messages, 73803 bytes > Aug 19 20:32:38 escm MailScanner[16203]: Virus and Content Scanning: > Starting > > any idea , o help that may be failing. > -- > rickygm > > http://gnuforever.homelinux.com > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From xserverlinux at gmail.com Tue Aug 20 14:46:19 2019 From: xserverlinux at gmail.com (Rick Gutierrez) Date: Tue, 20 Aug 2019 08:46:19 -0600 Subject: constant restart In-Reply-To: <1221639257.486050.1566269100833.JavaMail.zimbra@vdb.nl> References: <1221639257.486050.1566269100833.JavaMail.zimbra@vdb.nl> Message-ID: El lun., 19 ago. 2019 a las 20:45, Thom van der Boon () escribi?: > > What is the output of MailScanner --lint ? > > Met vriendelijke groet, Best regards, > > Hi thom , this is the output , I have been fighting with the permissions and groups, in version 5.0.3 I did not have these problems and corrected the antivirus by modifying this file as follows: vim /usr/lib/tmpfiles.d/clamd.scan.conf d /var/run/clamd.scan 0710 clamscan clamscan but now it doesn't work for me, I found this thread http://lists.mailscanner.info/pipermail/mailscanner/2017-October/104878.html , and I did the test and neither, I'm using centos 7 [root at escm ~]# MailScanner --lint Trying to setlogsock(unix) Reading configuration file /etc/MailScanner/MailScanner.conf Reading configuration file /etc/MailScanner/conf.d/README Read 1500 hostnames from the phishing whitelist Read 6788 hostnames from the phishing blacklists Config: calling custom init function SQLBlacklist Config: calling custom init function MailWatchLogging Config: calling custom init function SQLWhitelist Checking version numbers... Version number in MailScanner.conf (5.1.3) is correct. Your envelope_sender_header in spamassassin.conf is correct. MailScanner setting UID to (89) Checking for SpamAssassin errors (if you use it)... Using SpamAssassin results cache Connected to SpamAssassin cache database SpamAssassin reported no errors. Connected to Processing Attempts Database Created Processing Attempts Database successfully There are 465 messages in the Processing Attempts Database Using locktype = posix MailScanner.conf says "Virus Scanners = clamd" Found these virus scanners installed: clamav =========================================================================== Filename Checks: Windows/DOS Executable (1 eicar.com) Other Checks: Found 1 problems Virus and Content Scanning: Starting Cannot find Socket (/var/run/clamd.scan/clamd.sock) Exiting! at /usr/share/MailScanner/perl/MailScanner/SweepViruses.pm line 2159. Virus Scanning: No virus scanners worked, so message batch will be tried again at /usr/share/MailScanner/perl/MailScanner/SweepViruses.pm line 506. Cannot find Socket (/var/run/clamd.scan/clamd.sock) Exiting! at /usr/share/MailScanner/perl/MailScanner/SweepViruses.pm line 2159. Virus Scanning: No virus scanners worked, so message batch will be tried again at /usr/share/MailScanner/perl/MailScanner/SweepViruses.pm line 506. Cannot find Socket (/var/run/clamd.scan/clamd.sock) Exiting! at /usr/share/MailScanner/perl/MailScanner/SweepViruses.pm line 2159. systemctl status mailscanner.service ? mailscanner.service - LSB: MailScanner daemon Loaded: loaded (/usr/lib/MailScanner/init/ms-init; enabled; vendor preset: disabled) Active: active (running) since Tue 2019-08-20 08:39:15 CST; 2min 56s ago Docs: man:systemd-sysv-generator(8) Process: 11421 ExecStop=/usr/lib/MailScanner/init/ms-init stop (code=exited, status=0/SUCCESS) Process: 11489 ExecStart=/usr/lib/MailScanner/init/ms-init start (code=exited, status=0/SUCCESS) Main PID: 12033 (MailScanner: st) CGroup: /system.slice/mailscanner.service ??12033 MailScanner: starting child ??12064 MailScanner: scanning for filenames and filetypes ??12066 MailScanner: scanning for filenames and filetypes ??12068 MailScanner: scanning for filenames and filetypes MailScanner[12068]: Virus Scanning: No virus scanners worked, so message batch will be tried again MailScanner[12064]: Cannot lock /var/lock/subsys/clamavBusy.lock, No such file or directory MailScanner[12502]: Cannot find Socket (/var/run/clamd.scan/clamd.sock) Exiting! MailScanner[12064]: Virus Scanning: No virus scanners worked, so message batch will be tried again MailScanner[12066]: Cannot lock /var/lock/subsys/clamavBusy.lock, No such file or directory MailScanner[12506]: Cannot find Socket (/var/run/clamd.scan/clamd.sock) Exiting! MailScanner[12066]: Virus Scanning: No virus scanners worked, so message batch will be tried again MailScanner[12068]: Cannot lock /var/lock/subsys/clamavBusy.lock, No such file or directory MailScanner[12507]: Cannot find Socket (/var/run/clamd.scan/clamd.sock) Exiting! MailScanner[12068]: Virus Scanning: No virus scanners worked, so message batch will be tried again -- rickygm http://gnuforever.homelinux.com From mark at msapiro.net Wed Aug 21 00:06:34 2019 From: mark at msapiro.net (Mark Sapiro) Date: Tue, 20 Aug 2019 17:06:34 -0700 Subject: constant restart In-Reply-To: References: Message-ID: <6ac19f78-a54d-df5e-9f33-46d77c12217c@msapiro.net> On 8/20/19 2:51 AM, Joao Marcucci wrote: > There is a parameter in the MailScanner.conf that tells him to restart > every x seconds. Take a look in this parameter: That's not the issue here. If it were, there would be log entries like Aug 18 08:58:49 sbh16 MailScanner[7443]: MailScanner child dying of old age for every restart. -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From mark at msapiro.net Wed Aug 21 00:15:19 2019 From: mark at msapiro.net (Mark Sapiro) Date: Tue, 20 Aug 2019 17:15:19 -0700 Subject: constant restart In-Reply-To: References: <1221639257.486050.1566269100833.JavaMail.zimbra@vdb.nl> Message-ID: <18d972ce-d924-6878-8f75-8f84a74489b9@msapiro.net> On 8/20/19 7:46 AM, Rick Gutierrez wrote: > > [root at escm ~]# MailScanner --lint > Trying to setlogsock(unix) ... > =========================================================================== > Filename Checks: Windows/DOS Executable (1 eicar.com) > Other Checks: Found 1 problems > Virus and Content Scanning: Starting > Cannot find Socket (/var/run/clamd.scan/clamd.sock) Exiting! at > /usr/share/MailScanner/perl/MailScanner/SweepViruses.pm line 2159. > Virus Scanning: No virus scanners worked, so message batch will be > tried again at /usr/share/MailScanner/perl/MailScanner/SweepViruses.pm > line 506. This is the issue. Is clamd even running? If so, where is it listening? The clamd socket path defined in clamd.conf as `LocalSocket` must match the path defined by `Clamd Socket` in your MailScanner config. -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From xserverlinux at gmail.com Wed Aug 21 01:58:05 2019 From: xserverlinux at gmail.com (Rick Gutierrez) Date: Tue, 20 Aug 2019 19:58:05 -0600 Subject: constant restart In-Reply-To: <18d972ce-d924-6878-8f75-8f84a74489b9@msapiro.net> References: <1221639257.486050.1566269100833.JavaMail.zimbra@vdb.nl> <18d972ce-d924-6878-8f75-8f84a74489b9@msapiro.net> Message-ID: El mar., 20 ago. 2019 a las 18:15, Mark Sapiro () escribi?: > > This is the issue. Is clamd even running? If so, where is it listening? > The clamd socket path defined in clamd.conf as `LocalSocket` must match > the path defined by `Clamd Socket` in your MailScanner config. Hi mark, clamd is running , ? clamd at scan.service - Generic clamav scanner daemon Loaded: loaded (/usr/lib/systemd/system/clamd at scan.service; enabled; vendor preset: disabled) Active: active (running) since Tue 2019-08-20 09:03:06 CST; 10h ago Docs: man:clamd(8) man:clamd.conf(5) https://www.clamav.net/documents/ Process: 820 ExecStart=/usr/sbin/clamd -c /etc/clamd.d/%i.conf (code=exited, status=0/SUCCESS) Main PID: 7765 (clamd) CGroup: /system.slice/system-clamd.slice/clamd at scan.service ??7765 /usr/sbin/clamd -c /etc/clamd.d/scan.conf Aug 20 18:17:29 clamd[7765]: SelfCheck: Database status OK. Aug 20 18:27:29 clamd[7765]: SelfCheck: Database status OK. clamd.conf LocalSocket /var/run/clamd.scan/clamd.sock MailScanner.conf Clamd Port = 3310 Clamd Socket = /var/run/clamd.scan/clamd.sock Clamd Lock File = # /var/lock/subsys/clamd Clamd Use Threads = no regards -- rickygm http://gnuforever.homelinux.com From mark at msapiro.net Wed Aug 21 02:32:46 2019 From: mark at msapiro.net (Mark Sapiro) Date: Tue, 20 Aug 2019 19:32:46 -0700 Subject: constant restart In-Reply-To: References: <1221639257.486050.1566269100833.JavaMail.zimbra@vdb.nl> <18d972ce-d924-6878-8f75-8f84a74489b9@msapiro.net> Message-ID: <191770bb-e04c-4817-fc06-8187372962a2@msapiro.net> On 8/20/19 6:58 PM, Rick Gutierrez wrote: > > Hi mark, clamd is running , > > ? clamd at scan.service - Generic clamav scanner daemon > Loaded: loaded (/usr/lib/systemd/system/clamd at scan.service; > enabled; vendor preset: disabled) > Active: active (running) since Tue 2019-08-20 09:03:06 CST; 10h ago > Docs: man:clamd(8) > man:clamd.conf(5) > https://www.clamav.net/documents/ > Process: 820 ExecStart=/usr/sbin/clamd -c /etc/clamd.d/%i.conf > (code=exited, status=0/SUCCESS) > Main PID: 7765 (clamd) > CGroup: /system.slice/system-clamd.slice/clamd at scan.service > ??7765 /usr/sbin/clamd -c /etc/clamd.d/scan.conf > > Aug 20 18:17:29 clamd[7765]: SelfCheck: Database status OK. > Aug 20 18:27:29 clamd[7765]: SelfCheck: Database status OK. > > clamd.conf > LocalSocket /var/run/clamd.scan/clamd.sock Yet Mailscanner --lint says Cannot find Socket (/var/run/clamd.scan/clamd.sock) What does `ls -l /var/run/clamd.scan/clamd.sock` show? -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From xserverlinux at gmail.com Wed Aug 21 03:04:58 2019 From: xserverlinux at gmail.com (Rick Gutierrez) Date: Tue, 20 Aug 2019 21:04:58 -0600 Subject: constant restart In-Reply-To: <191770bb-e04c-4817-fc06-8187372962a2@msapiro.net> References: <1221639257.486050.1566269100833.JavaMail.zimbra@vdb.nl> <18d972ce-d924-6878-8f75-8f84a74489b9@msapiro.net> <191770bb-e04c-4817-fc06-8187372962a2@msapiro.net> Message-ID: El mar., 20 ago. 2019 a las 20:33, Mark Sapiro () escribi?: > > > Yet Mailscanner --lint says Cannot find Socket > (/var/run/clamd.scan/clamd.sock) > > What does `ls -l /var/run/clamd.scan/clamd.sock` show? > output: cd /var/run/clamd.scan/ [root at escm clamd.scan]# ls -l total 4 -rw-rw-r-- 1 clamscan mtagroup 5 Aug 20 09:03 clamd.pid srw-rw-rw- 1 clamscan mtagroup 0 Aug 20 09:03 clamd.sock group file clamupdate:x:994: virusgroup:x:993:clamupdate,clamscan clamscan:x:992: mtagroup:x:1000:clamscan,postfix,mail saslauth:x:76: -- rickygm http://gnuforever.homelinux.com From mark at msapiro.net Wed Aug 21 03:27:20 2019 From: mark at msapiro.net (Mark Sapiro) Date: Tue, 20 Aug 2019 20:27:20 -0700 Subject: constant restart In-Reply-To: References: <1221639257.486050.1566269100833.JavaMail.zimbra@vdb.nl> <18d972ce-d924-6878-8f75-8f84a74489b9@msapiro.net> <191770bb-e04c-4817-fc06-8187372962a2@msapiro.net> Message-ID: <5d96f73d-d924-42d7-04bd-419125e0b202@msapiro.net> On 8/20/19 8:04 PM, Rick Gutierrez wrote: > > cd /var/run/clamd.scan/ > [root at escm clamd.scan]# ls -l > total 4 > -rw-rw-r-- 1 clamscan mtagroup 5 Aug 20 09:03 clamd.pid > srw-rw-rw- 1 clamscan mtagroup 0 Aug 20 09:03 clamd.sock What about `ls -ld /var/run/clamav/ /var/run/` What is the setting for Incoming Work Group in your MailScanner config, i.e. `ms-peek 'Incoming Work Group' /etc/MailScanner/MailScanner.conf`? I suspect from the fact the `MailScanner --lint` says MailScanner setting UID to (89) but nothing about MailScanner setting GID that it's unset. It should be Incoming Work Group = mtagroup -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From xserverlinux at gmail.com Wed Aug 21 03:38:38 2019 From: xserverlinux at gmail.com (Rick Gutierrez) Date: Tue, 20 Aug 2019 21:38:38 -0600 Subject: constant restart In-Reply-To: <5d96f73d-d924-42d7-04bd-419125e0b202@msapiro.net> References: <1221639257.486050.1566269100833.JavaMail.zimbra@vdb.nl> <18d972ce-d924-6878-8f75-8f84a74489b9@msapiro.net> <191770bb-e04c-4817-fc06-8187372962a2@msapiro.net> <5d96f73d-d924-42d7-04bd-419125e0b202@msapiro.net> Message-ID: El mar., 20 ago. 2019 a las 21:27, Mark Sapiro () escribi?: > > > What about `ls -ld /var/run/clamav/ /var/run/` ls -ld /var/run/clamav/ /var/run/ ls: cannot access /var/run/clamav/: No such file or directory drwxr-xr-x 27 root root 720 Aug 20 09:06 /var/run/ > > What is the setting for Incoming Work Group in your MailScanner config, > i.e. `ms-peek 'Incoming Work Group' /etc/MailScanner/MailScanner.conf`? Incoming Work User = Incoming Work Group = clamscan > > I suspect from the fact the `MailScanner --lint` says > > MailScanner setting UID to (89) > > but nothing about > > MailScanner setting GID > > that it's unset. It should be > > Incoming Work Group = mtagroup I made the change, putting that option, but the same Using locktype = posix MailScanner.conf says "Virus Scanners = clamd" Found these virus scanners installed: clamav =========================================================================== Filename Checks: Windows/DOS Executable (1 eicar.com) Other Checks: Found 1 problems Virus and Content Scanning: Starting Cannot find Socket (/var/run/clamd.scan/clamd.sock) Exiting! at /usr/share/MailScanner/perl/MailScanner/SweepViruses.pm line 2159. Virus Scanning: No virus scanners worked, so message batch will be tried again at /usr/share/MailScanner/perl/MailScanner/SweepViruses.pm line 506. Cannot find Socket (/var/run/clamd.scan/clamd.sock) Exiting! at /usr/share/MailScanner/perl/MailScanner/SweepViruses.pm line 2159. Virus Scanning: No virus scanners worked, so message batch will be tried again at /usr/share/MailScanner/perl/MailScanner/SweepViruses.pm line 506. Cannot find Socket (/var/run/clamd.scan/clamd.sock) Exiting! at /usr/share/MailScanner/perl/MailScanner/SweepViruses.pm line 2159. Virus Scanning: No virus scanners worked, so message batch will be tried again at /usr/share/MailScanner/perl/MailScanner/SweepViruses.pm line 506. Cannot find Socket (/var/run/clamd.scan/clamd.sock) Exiting! at /usr/share/MailScanner/perl/MailScanner/SweepViruses.pm line 2159. Virus Scanning: No virus scanners worked, so message batch will be tried again at /usr/share/MailScanner/perl/MailScanner/SweepViruses.pm line 506. Cannot find Socket (/var/run/clamd.scan/clamd.sock) Exiting! at /usr/share/MailScanner/perl/MailScanner/SweepViruses.pm line 2159. Virus Scanning: No virus scanne systemctl status mailscanner.service ? mailscanner.service - LSB: MailScanner daemon Loaded: loaded (/usr/lib/MailScanner/init/ms-init; enabled; vendor preset: disabled) Active: active (running) since Tue 2019-08-20 21:35:21 CST; 1min 46s ago Docs: man:systemd-sysv-generator(8) Process: 3279 ExecStop=/usr/lib/MailScanner/init/ms-init stop (code=exited, status=0/SUCCESS) Process: 3315 ExecStart=/usr/lib/MailScanner/init/ms-init start (code=exited, status=0/SUCCESS) Main PID: 3859 (MailScanner: st) CGroup: /system.slice/mailscanner.service ??3859 MailScanner: starting child ??3875 MailScanner: scanning for filenames and filetypes ??3878 MailScanner: scanning for filenames and filetypes ??3883 MailScanner: scanning for filenames and filetypes Aug 20 21:36:56 MailScanner[3883]: Virus Scanning: No virus scanners worked, so message batch will be tried again Aug 20 21:37:04 MailScanner[3875]: Cannot lock /var/lock/subsys/clamavBusy.lock, No such file or directory Aug 20 21:37:04 MailScanner[4205]: Cannot find Socket (/var/run/clamd.scan/clamd.sock) Exiting! Aug 20 21:37:04 MailScanner[3875]: Virus Scanning: No virus scanners worked, so message batch will be tried again Aug 20 21:37:05 MailScanner[3878]: Cannot lock /var/lock/subsys/clamavBusy.lock, No such file or directory Aug 20 21:37:05 MailScanner[4207]: Cannot find Socket (/var/run/clamd.scan/clamd.sock) Exiting! Aug 20 21:37:05 MailScanner[3878]: Virus Scanning: No virus scanners worked, so message batch will be tr -- rickygm http://gnuforever.homelinux.com From mark at msapiro.net Wed Aug 21 03:50:01 2019 From: mark at msapiro.net (Mark Sapiro) Date: Tue, 20 Aug 2019 20:50:01 -0700 Subject: constant restart In-Reply-To: References: <1221639257.486050.1566269100833.JavaMail.zimbra@vdb.nl> <18d972ce-d924-6878-8f75-8f84a74489b9@msapiro.net> <191770bb-e04c-4817-fc06-8187372962a2@msapiro.net> <5d96f73d-d924-42d7-04bd-419125e0b202@msapiro.net> Message-ID: <9e05d0c0-f945-6aa5-aa7f-4de68b4cdec7@msapiro.net> On 8/20/19 8:38 PM, Rick Gutierrez wrote: > El mar., 20 ago. 2019 a las 21:27, Mark Sapiro () escribi?: >> > >> >> What about `ls -ld /var/run/clamav/ /var/run/` > > ls -ld /var/run/clamav/ /var/run/ > ls: cannot access /var/run/clamav/: No such file or directory > drwxr-xr-x 27 root root 720 Aug 20 09:06 /var/run/ Sorry, I meant `ls -ld /var/run/clamd.scan/ /var/run/ -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From xserverlinux at gmail.com Wed Aug 21 03:56:11 2019 From: xserverlinux at gmail.com (Rick Gutierrez) Date: Tue, 20 Aug 2019 21:56:11 -0600 Subject: constant restart In-Reply-To: <9e05d0c0-f945-6aa5-aa7f-4de68b4cdec7@msapiro.net> References: <1221639257.486050.1566269100833.JavaMail.zimbra@vdb.nl> <18d972ce-d924-6878-8f75-8f84a74489b9@msapiro.net> <191770bb-e04c-4817-fc06-8187372962a2@msapiro.net> <5d96f73d-d924-42d7-04bd-419125e0b202@msapiro.net> <9e05d0c0-f945-6aa5-aa7f-4de68b4cdec7@msapiro.net> Message-ID: El mar., 20 ago. 2019 a las 21:50, Mark Sapiro () escribi?: > > > Sorry, I meant `ls -ld /var/run/clamd.scan/ /var/run/ > > -- ok , ls -ld /var/run/clamd.scan/ /var/run/ drwxr-xr-x 27 root root 720 Aug 20 21:35 /var/run/ drwxr-x--- 2 clamscan mtagroup 80 Aug 20 09:03 /var/run/clamd.scan/ -- rickygm http://gnuforever.homelinux.com From mark at msapiro.net Wed Aug 21 04:23:30 2019 From: mark at msapiro.net (Mark Sapiro) Date: Tue, 20 Aug 2019 21:23:30 -0700 Subject: constant restart In-Reply-To: References: <1221639257.486050.1566269100833.JavaMail.zimbra@vdb.nl> <18d972ce-d924-6878-8f75-8f84a74489b9@msapiro.net> <191770bb-e04c-4817-fc06-8187372962a2@msapiro.net> <5d96f73d-d924-42d7-04bd-419125e0b202@msapiro.net> <9e05d0c0-f945-6aa5-aa7f-4de68b4cdec7@msapiro.net> Message-ID: <952244ea-1441-c793-984a-6d1baa34df6e@msapiro.net> On 8/20/19 8:56 PM, Rick Gutierrez wrote: > El mar., 20 ago. 2019 a las 21:50, Mark Sapiro () escribi?: >> > >> >> Sorry, I meant `ls -ld /var/run/clamd.scan/ /var/run/ >> >> -- > ok , ls -ld /var/run/clamd.scan/ /var/run/ > drwxr-xr-x 27 root root 720 Aug 20 21:35 /var/run/ > drwxr-x--- 2 clamscan mtagroup 80 Aug 20 09:03 /var/run/clamd.scan/ I'm almost out of ideas. You have Incoming Work Group = mtagroup and /var/run is world readable/searchable and /var/run/clamd.scan is readable/searchable by mtagroup and the socket /var/run/clamd.scan/clamd.sock is readable/writable by mtagroup, yet `MailScanner --lint` says Cannot find Socket (/var/run/clamd.scan/clamd.sock). Do you have SELinux, apparmor or some other security manager running? If not, I'm stumped. -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From xserverlinux at gmail.com Wed Aug 21 05:05:02 2019 From: xserverlinux at gmail.com (Rick Gutierrez) Date: Tue, 20 Aug 2019 23:05:02 -0600 Subject: constant restart In-Reply-To: <952244ea-1441-c793-984a-6d1baa34df6e@msapiro.net> References: <1221639257.486050.1566269100833.JavaMail.zimbra@vdb.nl> <18d972ce-d924-6878-8f75-8f84a74489b9@msapiro.net> <191770bb-e04c-4817-fc06-8187372962a2@msapiro.net> <5d96f73d-d924-42d7-04bd-419125e0b202@msapiro.net> <9e05d0c0-f945-6aa5-aa7f-4de68b4cdec7@msapiro.net> <952244ea-1441-c793-984a-6d1baa34df6e@msapiro.net> Message-ID: El mar., 20 ago. 2019 a las 22:23, Mark Sapiro () escribi?: > > and /var/run is world readable/searchable and /var/run/clamd.scan is > readable/searchable by mtagroup and the socket > /var/run/clamd.scan/clamd.sock is readable/writable by mtagroup, yet > `MailScanner --lint` says Cannot find Socket > (/var/run/clamd.scan/clamd.sock). > > Do you have SELinux, apparmor or some other security manager running? If > not, I'm stumped. > selinux is disabled , I have nothing else. -- rickygm http://gnuforever.homelinux.com From thom at vdb.nl Wed Aug 21 05:30:42 2019 From: thom at vdb.nl (Thom van der Boon) Date: Wed, 21 Aug 2019 07:30:42 +0200 (CEST) Subject: constant restart In-Reply-To: References: <1221639257.486050.1566269100833.JavaMail.zimbra@vdb.nl> <18d972ce-d924-6878-8f75-8f84a74489b9@msapiro.net> Message-ID: <829862930.498250.1566365442962.JavaMail.zimbra@vdb.nl> Rick, Did you disable selinux on CentOS (and reboot)? What is the permission and filetype of the clamd.sock : ls -lah /var/run/clamd.scan/clamd.sock clamd can be running, but at what port is it listening? netstat -ln Disable your firewall temporary, restart MailScanner and run Mailscanner --lint Met vriendelijke groet, Best regards, Thom van der Boon E-Mail: thom at vdb.nl ===== Thom.H. van der Boon b.v. Transito 4 6909 DA Babberich Tel.: [ tel:+31884272727 | +31 (0)88 4272727 ] Fax: +31 (0)88 4272789 Home Page: http://www.vdb.nl/ Van: "Rick Gutierrez" Aan: "MailScanner Discussion" Verzonden: Woensdag 21 augustus 2019 03:58:05 Onderwerp: Re: constant restart El mar., 20 ago. 2019 a las 18:15, Mark Sapiro () escribi?: > > This is the issue. Is clamd even running? If so, where is it listening? > The clamd socket path defined in clamd.conf as `LocalSocket` must match > the path defined by `Clamd Socket` in your MailScanner config. Hi mark, clamd is running , ? clamd at scan.service - Generic clamav scanner daemon Loaded: loaded (/usr/lib/systemd/system/clamd at scan.service; enabled; vendor preset: disabled) Active: active (running) since Tue 2019-08-20 09:03:06 CST; 10h ago Docs: man:clamd(8) man:clamd.conf(5) https://www.clamav.net/documents/ Process: 820 ExecStart=/usr/sbin/clamd -c /etc/clamd.d/%i.conf (code=exited, status=0/SUCCESS) Main PID: 7765 (clamd) CGroup: /system.slice/system-clamd.slice/clamd at scan.service ??7765 /usr/sbin/clamd -c /etc/clamd.d/scan.conf Aug 20 18:17:29 clamd[7765]: SelfCheck: Database status OK. Aug 20 18:27:29 clamd[7765]: SelfCheck: Database status OK. clamd.conf LocalSocket /var/run/clamd.scan/clamd.sock MailScanner.conf Clamd Port = 3310 Clamd Socket = /var/run/clamd.scan/clamd.sock Clamd Lock File = # /var/lock/subsys/clamd Clamd Use Threads = no regards -- rickygm http://gnuforever.homelinux.com -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner -------------- next part -------------- An HTML attachment was scrubbed... URL: From xserverlinux at gmail.com Wed Aug 21 11:48:59 2019 From: xserverlinux at gmail.com (Rick Gutierrez) Date: Wed, 21 Aug 2019 05:48:59 -0600 Subject: constant restart In-Reply-To: <829862930.498250.1566365442962.JavaMail.zimbra@vdb.nl> References: <1221639257.486050.1566269100833.JavaMail.zimbra@vdb.nl> <18d972ce-d924-6878-8f75-8f84a74489b9@msapiro.net> <829862930.498250.1566365442962.JavaMail.zimbra@vdb.nl> Message-ID: El mar., 20 ago. 2019 a las 23:31, Thom van der Boon () escribi?: > > Rick, > > Did you disable selinux on CentOS (and reboot)? > What is the permission and filetype of the clamd.sock : ls -lah /var/run/clamd.scan/clamd.sock > clamd can be running, but at what port is it listening? netstat -ln > Disable your firewall temporary, restart MailScanner and run Mailscanner --lint > > Met vriendelijke groet, Best regards, > > yes reboot the server , ls -lah /var/run/clamd.scan/clamd.sock srw-rw-rw- 1 clamscan mtagroup 0 Aug 21 05:42 /var/run/clamd.scan/clamd.sock clamd is runnning on the port 3310 [root at escm ~]# netstat -ln Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:587 0.0.0.0:* LISTEN tcp 0 0 127.0.0.1:3310 0.0.0.0:* LISTEN tcp 0 0 127.0.0.1:783 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN tcp6 disabled my firewall and run test debug of MailScanner MailScanner --debug --lint Trying to setlogsock(unix) Reading configuration file /etc/MailScanner/MailScanner.conf Reading configuration file /etc/MailScanner/conf.d/README Read 1500 hostnames from the phishing whitelist Read 6730 hostnames from the phishing blacklists Config: calling custom init function SQLBlacklist Config: calling custom init function MailWatchLogging Config: calling custom init function SQLWhitelist Checking version numbers... Version number in MailScanner.conf (5.1.3) is correct. Your envelope_sender_header in spamassassin.conf is correct. MailScanner setting UID to (89) Checking for SpamAssassin errors (if you use it)... Using SpamAssassin results cache Connected to SpamAssassin cache database SpamAssassin reported no errors. Connected to Processing Attempts Database Created Processing Attempts Database successfully There are 502 messages in the Processing Attempts Database Using locktype = posix MailScanner.conf says "Virus Scanners = clamd" Found these virus scanners installed: clamav =========================================================================== Filename Checks: Windows/DOS Executable (1 eicar.com) Other Checks: Found 1 problems Virus and Content Scanning: Starting Cannot find Socket (/var/run/clamd.scan/clamd.sock) Exiting! at /usr/share/MailScanner/perl/MailScanner/SweepViruses.pm line 2159. Virus Scanning: No virus scanners worked, so message batch will be tried again at /usr/share/MailScanner/perl/MailScanner/SweepViruses.pm line 506. ^C thanks for the support guys -- rickygm http://gnuforever.homelinux.com From belle at bazuin.nl Wed Aug 21 11:59:14 2019 From: belle at bazuin.nl (=?windows-1252?Q?L.P.H._van_Belle?=) Date: Wed, 21 Aug 2019 13:59:14 +0200 Subject: constant restart In-Reply-To: References: <829862930.498250.1566365442962.JavaMail.zimbra@vdb.nl> Message-ID: Hi, My output with the debug enabled. Your envelope_sender_header in spamassassin.conf is correct. MailScanner setting GID to (113) << your missing this one. MailScanner setting UID to (108) Checking for SpamAssassin errors (if you use it)... Using SpamAssassin results cache Then later on: Mine: MailScanner.conf says "Virus Scanners = clamd" Found these virus scanners installed: clamd << Yours shows here clamav On debian clamav-daemon and clamadscan are 2 different packages. I dont know how thats on Centos, but i suggest you check this. And I've set my viruscanner to : Virus Scanners = clamd Monitors for ClamAV Updates = /var/lib/clamav/*.cld /var/lib/clamav/*.cvd Clamd Lock File = /var/run/clamav/clamd.pid This is on Debian Stretch. Greetz, Louis > -----Oorspronkelijk bericht----- > Van: MailScanner > [mailto:mailscanner-bounces+belle=bazuin.nl at lists.mailscanner. > info] Namens Rick Gutierrez > Verzonden: woensdag 21 augustus 2019 13:49 > Aan: MailScanner Discussion > Onderwerp: Re: constant restart > > El mar., 20 ago. 2019 a las 23:31, Thom van der Boon > () escribi?: > > > > Rick, > > > > Did you disable selinux on CentOS (and reboot)? > > What is the permission and filetype of the clamd.sock : ls > -lah /var/run/clamd.scan/clamd.sock > > clamd can be running, but at what port is it listening? netstat -ln > > Disable your firewall temporary, restart MailScanner and > run Mailscanner --lint > > > > Met vriendelijke groet, Best regards, > > > > > > yes reboot the server , ls -lah /var/run/clamd.scan/clamd.sock > srw-rw-rw- 1 clamscan mtagroup 0 Aug 21 05:42 > /var/run/clamd.scan/clamd.sock > > clamd is runnning on the port 3310 > > [root at escm ~]# netstat -ln > Active Internet connections (only servers) > Proto Recv-Q Send-Q Local Address Foreign Address > State > tcp 0 0 0.0.0.0:25 0.0.0.0:* > LISTEN > tcp 0 0 0.0.0.0:587 0.0.0.0:* > LISTEN > tcp 0 0 127.0.0.1:3310 0.0.0.0:* > LISTEN > tcp 0 0 127.0.0.1:783 0.0.0.0:* > LISTEN > tcp 0 0 0.0.0.0:22 0.0.0.0:* > LISTEN > tcp6 > > disabled my firewall and run test debug of MailScanner > > MailScanner --debug --lint > Trying to setlogsock(unix) > > Reading configuration file /etc/MailScanner/MailScanner.conf > Reading configuration file /etc/MailScanner/conf.d/README > Read 1500 hostnames from the phishing whitelist > Read 6730 hostnames from the phishing blacklists > Config: calling custom init function SQLBlacklist > Config: calling custom init function MailWatchLogging > Config: calling custom init function SQLWhitelist > > Checking version numbers... > Version number in MailScanner.conf (5.1.3) is correct. > > Your envelope_sender_header in spamassassin.conf is correct. > MailScanner setting UID to (89) > > Checking for SpamAssassin errors (if you use it)... > Using SpamAssassin results cache > Connected to SpamAssassin cache database > SpamAssassin reported no errors. > Connected to Processing Attempts Database > Created Processing Attempts Database successfully > There are 502 messages in the Processing Attempts Database > Using locktype = posix > MailScanner.conf says "Virus Scanners = clamd" > Found these virus scanners installed: clamav > ============================================================== > ============= > Filename Checks: Windows/DOS Executable (1 eicar.com) > Other Checks: Found 1 problems > Virus and Content Scanning: Starting > Cannot find Socket (/var/run/clamd.scan/clamd.sock) Exiting! at > /usr/share/MailScanner/perl/MailScanner/SweepViruses.pm line 2159. > Virus Scanning: No virus scanners worked, so message batch will be > tried again at /usr/share/MailScanner/perl/MailScanner/SweepViruses.pm > line 506. > ^C > > thanks for the support guys > > > -- > rickygm > > http://gnuforever.homelinux.com > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > From thom at vdb.nl Wed Aug 21 12:03:02 2019 From: thom at vdb.nl (Thom van der Boon) Date: Wed, 21 Aug 2019 14:03:02 +0200 (CEST) Subject: constant restart In-Reply-To: References: <1221639257.486050.1566269100833.JavaMail.zimbra@vdb.nl> <18d972ce-d924-6878-8f75-8f84a74489b9@msapiro.net> <829862930.498250.1566365442962.JavaMail.zimbra@vdb.nl> Message-ID: <1129886782.510111.1566388982188.JavaMail.zimbra@vdb.nl> rICK, Did you read this: [ https://serverfault.com/questions/948520/mailscanner-error-cannot-find-socket | https://serverfault.com/questions/948520/mailscanner-error-cannot-find-socket ] [ https://serverfault.com/questions/948299/socket-access-for-clamdscan | https://serverfault.com/questions/948299/socket-access-for-clamdscan ] Met vriendelijke groet, Best regards, Thom van der Boon E-Mail: thom at vdb.nl ===== Thom.H. van der Boon b.v. Transito 4 6909 DA Babberich Tel.: [ tel:+31884272727 | +31 (0)88 4272727 ] Fax: +31 (0)88 4272789 Home Page: http://www.vdb.nl/ Van: "Rick Gutierrez" Aan: "MailScanner Discussion" Verzonden: Woensdag 21 augustus 2019 13:48:59 Onderwerp: Re: constant restart El mar., 20 ago. 2019 a las 23:31, Thom van der Boon () escribi?: > > Rick, > > Did you disable selinux on CentOS (and reboot)? > What is the permission and filetype of the clamd.sock : ls -lah /var/run/clamd.scan/clamd.sock > clamd can be running, but at what port is it listening? netstat -ln > Disable your firewall temporary, restart MailScanner and run Mailscanner --lint > > Met vriendelijke groet, Best regards, > > yes reboot the server , ls -lah /var/run/clamd.scan/clamd.sock srw-rw-rw- 1 clamscan mtagroup 0 Aug 21 05:42 /var/run/clamd.scan/clamd.sock clamd is runnning on the port 3310 [root at escm ~]# netstat -ln Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:587 0.0.0.0:* LISTEN tcp 0 0 127.0.0.1:3310 0.0.0.0:* LISTEN tcp 0 0 127.0.0.1:783 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN tcp6 disabled my firewall and run test debug of MailScanner MailScanner --debug --lint Trying to setlogsock(unix) Reading configuration file /etc/MailScanner/MailScanner.conf Reading configuration file /etc/MailScanner/conf.d/README Read 1500 hostnames from the phishing whitelist Read 6730 hostnames from the phishing blacklists Config: calling custom init function SQLBlacklist Config: calling custom init function MailWatchLogging Config: calling custom init function SQLWhitelist Checking version numbers... Version number in MailScanner.conf (5.1.3) is correct. Your envelope_sender_header in spamassassin.conf is correct. MailScanner setting UID to (89) Checking for SpamAssassin errors (if you use it)... Using SpamAssassin results cache Connected to SpamAssassin cache database SpamAssassin reported no errors. Connected to Processing Attempts Database Created Processing Attempts Database successfully There are 502 messages in the Processing Attempts Database Using locktype = posix MailScanner.conf says "Virus Scanners = clamd" Found these virus scanners installed: clamav =========================================================================== Filename Checks: Windows/DOS Executable (1 eicar.com) Other Checks: Found 1 problems Virus and Content Scanning: Starting Cannot find Socket (/var/run/clamd.scan/clamd.sock) Exiting! at /usr/share/MailScanner/perl/MailScanner/SweepViruses.pm line 2159. Virus Scanning: No virus scanners worked, so message batch will be tried again at /usr/share/MailScanner/perl/MailScanner/SweepViruses.pm line 506. ^C thanks for the support guys -- rickygm http://gnuforever.homelinux.com -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner -------------- next part -------------- An HTML attachment was scrubbed... URL: From yuwang at cs.fsu.edu Wed Aug 21 13:57:45 2019 From: yuwang at cs.fsu.edu (yuwang) Date: Wed, 21 Aug 2019 09:57:45 -0400 Subject: constant restart In-Reply-To: References: <1221639257.486050.1566269100833.JavaMail.zimbra@vdb.nl> <18d972ce-d924-6878-8f75-8f84a74489b9@msapiro.net> <191770bb-e04c-4817-fc06-8187372962a2@msapiro.net> <5d96f73d-d924-42d7-04bd-419125e0b202@msapiro.net> <9e05d0c0-f945-6aa5-aa7f-4de68b4cdec7@msapiro.net> <952244ea-1441-c793-984a-6d1baa34df6e@msapiro.net> Message-ID: Rick, Please post the outputs of following commands: getenforce grep -i clam /etc/MailScanner/MailScanner.conf | grep -v '^#' ps -elf | egrep -i 'mailscanner|clam' cat /etc/clamd.d/scan.conf | egrep -v '^#|^$' getent passwd | grep ':89:' Thank you. James On 2019-08-21 01:05, Rick Gutierrez wrote: > El mar., 20 ago. 2019 a las 22:23, Mark Sapiro () > escribi?: >> > >> and /var/run is world readable/searchable and /var/run/clamd.scan is >> readable/searchable by mtagroup and the socket >> /var/run/clamd.scan/clamd.sock is readable/writable by mtagroup, yet >> `MailScanner --lint` says Cannot find Socket >> (/var/run/clamd.scan/clamd.sock). >> >> Do you have SELinux, apparmor or some other security manager running? >> If >> not, I'm stumped. >> > > selinux is disabled , I have nothing else. > > -- > rickygm > > http://gnuforever.homelinux.com From xserverlinux at gmail.com Wed Aug 21 14:10:01 2019 From: xserverlinux at gmail.com (Rick Gutierrez) Date: Wed, 21 Aug 2019 08:10:01 -0600 Subject: constant restart In-Reply-To: <1129886782.510111.1566388982188.JavaMail.zimbra@vdb.nl> References: <1221639257.486050.1566269100833.JavaMail.zimbra@vdb.nl> <18d972ce-d924-6878-8f75-8f84a74489b9@msapiro.net> <829862930.498250.1566365442962.JavaMail.zimbra@vdb.nl> <1129886782.510111.1566388982188.JavaMail.zimbra@vdb.nl> Message-ID: El mi?., 21 ago. 2019 a las 6:03, Thom van der Boon () escribi?: > > rICK, > > Did you read this: > > https://serverfault.com/questions/948520/mailscanner-error-cannot-find-socket > https://serverfault.com/questions/948299/socket-access-for-clamdscan > > yes , look the output escm# cat /usr/lib/tmpfiles.d/clamd.scan.conf d /var/run/clamd.scan 0750 clamscan mtagroup I tried in two ways d /var/run/clamd.scan 0710 clamscan clamscan -- rickygm http://gnuforever.homelinux.com From xserverlinux at gmail.com Wed Aug 21 14:13:24 2019 From: xserverlinux at gmail.com (Rick Gutierrez) Date: Wed, 21 Aug 2019 08:13:24 -0600 Subject: constant restart In-Reply-To: References: <1221639257.486050.1566269100833.JavaMail.zimbra@vdb.nl> <18d972ce-d924-6878-8f75-8f84a74489b9@msapiro.net> <191770bb-e04c-4817-fc06-8187372962a2@msapiro.net> <5d96f73d-d924-42d7-04bd-419125e0b202@msapiro.net> <9e05d0c0-f945-6aa5-aa7f-4de68b4cdec7@msapiro.net> <952244ea-1441-c793-984a-6d1baa34df6e@msapiro.net> Message-ID: El mi?., 21 ago. 2019 a las 7:57, yuwang () escribi?: > > Rick, > > Please post the outputs of following commands: sure. > > getenforce [root at escm ~]# getenforce Disabled > grep -i clam /etc/MailScanner/MailScanner.conf | grep -v '^#' grep -i clam /etc/MailScanner/MailScanner.conf | grep -v '^#' Virus Scanners = clamd Monitors for ClamAV Updates = /usr/local/share/clamav/*.cld /usr/local/share/clamav/*.cvd /var/lib/clamav/*.inc/* /var/lib/clamav/*.?db /var/lib/clamav/*.cvd ClamAVmodule Maximum Recursion Level = 8 ClamAVmodule Maximum Files = 1000 ClamAVmodule Maximum File Size = 10000000 # (10 Mbytes) ClamAVmodule Maximum Compression Ratio = 250 Clamd Port = 3310 Clamd Socket = /var/run/clamd.scan/clamd.sock Clamd Lock File = # /var/lock/subsys/clamd Clamd Use Threads = no ClamAV Full Message Scan = yes > ps -elf | egrep -i 'mailscanner|clam' [root at escm ~]# ps -elf | egrep -i 'mailscanner|clam' 1 S clamscan 7361 1 0 80 0 - 234807 poll_s 05:42 ? 00:00:50 /usr/sbin/clamd -c /etc/clamd.d/scan.conf 1 S postfix 11602 1 0 80 0 - 52663 do_wai 05:44 ? 00:00:00 MailScanner: starting child 1 S postfix 11639 11602 0 80 0 - 92407 hrtime 05:45 ? 00:00:05 MailScanner: scanning for filenames and filetypes 1 S postfix 11641 11602 0 80 0 - 92407 hrtime 05:45 ? 00:00:05 MailScanner: scanning for filenames and filetypes 1 S postfix 11646 11602 0 80 0 - 92427 hrtime 05:45 ? 00:00:05 MailScanner: scanning for filenames and filetypes 0 R root 23511 22980 0 80 0 - 28177 - 08:11 pts/0 00:00:00 grep -E --color=auto -i mailscanner|clam > cat /etc/clamd.d/scan.conf | egrep -v '^#|^$' [root at escm ~]# cat /etc/clamd.d/scan.conf | egrep -v '^#|^$' LogFileMaxSize 0 LogTime yes LogSyslog yes PidFile /var/run/clamd.scan/clamd.pid TemporaryDirectory /var/tmp DatabaseDirectory /var/lib/clamav LocalSocket /var/run/clamd.scan/clamd.sock LocalSocketGroup mtagroup FixStaleSocket yes TCPSocket 3310 TCPAddr 127.0.0.1 MaxConnectionQueueLength 30 MaxThreads 50 ReadTimeout 300 User clamscan ScanPE yes ScanELF yes ScanOLE2 yes ScanMail yes ScanArchive yes > getent passwd | grep ':89:' > [root at escm ~]# getent passwd | grep ':89:' postfix:x:89:89::/var/spool/postfix:/sbin/nologin -- rickygm http://gnuforever.homelinux.com From yuwang at cs.fsu.edu Wed Aug 21 14:38:24 2019 From: yuwang at cs.fsu.edu (yuwang) Date: Wed, 21 Aug 2019 10:38:24 -0400 Subject: constant restart In-Reply-To: References: <1221639257.486050.1566269100833.JavaMail.zimbra@vdb.nl> <18d972ce-d924-6878-8f75-8f84a74489b9@msapiro.net> <191770bb-e04c-4817-fc06-8187372962a2@msapiro.net> <5d96f73d-d924-42d7-04bd-419125e0b202@msapiro.net> <9e05d0c0-f945-6aa5-aa7f-4de68b4cdec7@msapiro.net> <952244ea-1441-c793-984a-6d1baa34df6e@msapiro.net> Message-ID: <2ecb1fc345829f68e27d88f988211189@cs.fsu.edu> Please try followings: change /etc/clamd.d/scan.conf: from User clamscan to User postfix change /var/run/clamd.scan owner to postfix: chown postfix.mtagroup /var/run/clamd.scan change /usr/lib/tmpfiles.d/clamd.scan.conf to: d /run/clamd.scan 0710 postfix mtagroup restart clamd and mailscanner make sure /var/run/clamd.scan/clamd.sock is owned by postfix. run MailScanner --lint again. James On 2019-08-21 10:13, Rick Gutierrez wrote: > El mi?., 21 ago. 2019 a las 7:57, yuwang () > escribi?: >> >> Rick, >> >> Please post the outputs of following commands: > > sure. > >> >> getenforce > > [root at escm ~]# getenforce > Disabled > > >> grep -i clam /etc/MailScanner/MailScanner.conf | grep -v '^#' > > grep -i clam /etc/MailScanner/MailScanner.conf | grep -v '^#' > Virus Scanners = clamd > Monitors for ClamAV Updates = /usr/local/share/clamav/*.cld > /usr/local/share/clamav/*.cvd /var/lib/clamav/*.inc/* > /var/lib/clamav/*.?db /var/lib/clamav/*.cvd > ClamAVmodule Maximum Recursion Level = 8 > ClamAVmodule Maximum Files = 1000 > ClamAVmodule Maximum File Size = 10000000 # (10 Mbytes) > ClamAVmodule Maximum Compression Ratio = 250 > Clamd Port = 3310 > Clamd Socket = /var/run/clamd.scan/clamd.sock > Clamd Lock File = # /var/lock/subsys/clamd > Clamd Use Threads = no > ClamAV Full Message Scan = yes > >> ps -elf | egrep -i 'mailscanner|clam' > > [root at escm ~]# ps -elf | egrep -i 'mailscanner|clam' > 1 S clamscan 7361 1 0 80 0 - 234807 poll_s 05:42 ? > 00:00:50 /usr/sbin/clamd -c /etc/clamd.d/scan.conf > 1 S postfix 11602 1 0 80 0 - 52663 do_wai 05:44 ? > 00:00:00 MailScanner: starting child > 1 S postfix 11639 11602 0 80 0 - 92407 hrtime 05:45 ? > 00:00:05 MailScanner: scanning for filenames and filetypes > 1 S postfix 11641 11602 0 80 0 - 92407 hrtime 05:45 ? > 00:00:05 MailScanner: scanning for filenames and filetypes > 1 S postfix 11646 11602 0 80 0 - 92427 hrtime 05:45 ? > 00:00:05 MailScanner: scanning for filenames and filetypes > 0 R root 23511 22980 0 80 0 - 28177 - 08:11 pts/0 > 00:00:00 grep -E --color=auto -i mailscanner|clam > > > >> cat /etc/clamd.d/scan.conf | egrep -v '^#|^$' > > [root at escm ~]# cat /etc/clamd.d/scan.conf | egrep -v '^#|^$' > LogFileMaxSize 0 > LogTime yes > LogSyslog yes > PidFile /var/run/clamd.scan/clamd.pid > TemporaryDirectory /var/tmp > DatabaseDirectory /var/lib/clamav > LocalSocket /var/run/clamd.scan/clamd.sock > LocalSocketGroup mtagroup > FixStaleSocket yes > TCPSocket 3310 > TCPAddr 127.0.0.1 > MaxConnectionQueueLength 30 > MaxThreads 50 > ReadTimeout 300 > User clamscan > ScanPE yes > ScanELF yes > ScanOLE2 yes > ScanMail yes > ScanArchive yes > > >> getent passwd | grep ':89:' >> > > [root at escm ~]# getent passwd | grep ':89:' > postfix:x:89:89::/var/spool/postfix:/sbin/nologin > > -- > rickygm > > http://gnuforever.homelinux.com From phil.randal at hoopleltd.co.uk Wed Aug 21 15:11:53 2019 From: phil.randal at hoopleltd.co.uk (Randal, Phil) Date: Wed, 21 Aug 2019 15:11:53 +0000 Subject: constant restart In-Reply-To: References: <1221639257.486050.1566269100833.JavaMail.zimbra@vdb.nl> <18d972ce-d924-6878-8f75-8f84a74489b9@msapiro.net> <191770bb-e04c-4817-fc06-8187372962a2@msapiro.net> <5d96f73d-d924-42d7-04bd-419125e0b202@msapiro.net> <9e05d0c0-f945-6aa5-aa7f-4de68b4cdec7@msapiro.net> Message-ID: <41cb700caafd411aa29d67e8d8964920@hoopleltd.co.uk> Try creating /etc/tmpfiles.d/clamd.scan.conf d /var/run/clamd.scan 0750 clamscan mtagroup - and rebooting. 0710 might work as the mask instead of 0750. Good luck, Phil -- Phil Randal Infrastructure Engineer Hoople Ltd | Plough Lane | Hereford HR4 0LE Tel: 01432 260415 | Website: www.hoopleltd.co.uk Follow us on: Twitter | Facebook | LinkedIn -----Original Message----- From: MailScanner On Behalf Of Rick Gutierrez Sent: 21 August 2019 04:56 To: MailScanner Discussion Subject: Re: constant restart CAUTION: This email originated from outside of the organisation. Do not click links or open attachments unless you recognise the sender and know the content is safe. El mar., 20 ago. 2019 a las 21:50, Mark Sapiro () escribi?: > > > Sorry, I meant `ls -ld /var/run/clamd.scan/ /var/run/ > > -- ok , ls -ld /var/run/clamd.scan/ /var/run/ drwxr-xr-x 27 root root 720 Aug 20 21:35 /var/run/ drwxr-x--- 2 clamscan mtagroup 80 Aug 20 09:03 /var/run/clamd.scan/ -- rickygm http://gnuforever.homelinux.com -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Hoople Ltd, Registered in England and Wales No. 7556595 Registered office: Plough Lane, Hereford, HR4 0LE "Any opinion expressed in this e-mail or any attached files are those of the individual and not necessarily those of Hoople Ltd. You should be aware that Hoople Ltd. monitors its email service. This e-mail and any attached files are confidential and intended solely for the use of the addressee. This communication may contain material protected by law from being passed on. If you are not the intended recipient and have received this e-mail in error, you are advised that any use, dissemination, forwarding, printing or copying of this e-mail is strictly prohibited. If you have received this e-mail in error please contact the sender immediately and destroy all copies of it." From mark at msapiro.net Wed Aug 21 15:42:35 2019 From: mark at msapiro.net (Mark Sapiro) Date: Wed, 21 Aug 2019 08:42:35 -0700 Subject: constant restart In-Reply-To: References: <1221639257.486050.1566269100833.JavaMail.zimbra@vdb.nl> <18d972ce-d924-6878-8f75-8f84a74489b9@msapiro.net> <829862930.498250.1566365442962.JavaMail.zimbra@vdb.nl> Message-ID: <4120cb0c-3876-4a58-0ce5-39ae1fdf1e6e@msapiro.net> On 8/21/19 4:48 AM, Rick Gutierrez wrote: > > yes reboot the server , ls -lah /var/run/clamd.scan/clamd.sock > srw-rw-rw- 1 clamscan mtagroup 0 Aug 21 05:42 /var/run/clamd.scan/clamd.sock > > clamd is runnning on the port 3310 Clamd should either use a unix socket or a tcp socket, not both. For a unix socket, clamd.conf should have LocalSocket /var/run/clamd.scan/clamd.sock FixStaleSocket true LocalSocketGroup clamscan LocalSocketMode 666 and should not define TCPSocket or TCPAddr and MailScanner should have Clamd Socket = /var/run/lamd.scan/clamd.sock For a TCP socket, clamd.conf should have TCPSocket 3310 TCPAddr 127.0.0.1 and not define LocalSocket, FixStaleSocket, LocalSocketGroup or LocalSocketMode and MailScanner should have Clamd Port = 3310 Clamd Socket = 127.0.0.1 In your case, if you have TCPSocket and TCPAddr defined in clamd.conf, I think just removing them may fix the issue. -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From mark at msapiro.net Wed Aug 21 16:03:22 2019 From: mark at msapiro.net (Mark Sapiro) Date: Wed, 21 Aug 2019 09:03:22 -0700 Subject: constant restart In-Reply-To: <4120cb0c-3876-4a58-0ce5-39ae1fdf1e6e@msapiro.net> References: <1221639257.486050.1566269100833.JavaMail.zimbra@vdb.nl> <18d972ce-d924-6878-8f75-8f84a74489b9@msapiro.net> <829862930.498250.1566365442962.JavaMail.zimbra@vdb.nl> <4120cb0c-3876-4a58-0ce5-39ae1fdf1e6e@msapiro.net> Message-ID: <1ddf86e7-0e4e-7cf7-3ff9-d66fe1391f3e@msapiro.net> On 8/21/19 8:42 AM, Mark Sapiro wrote: > > Clamd Socket = /var/run/lamd.scan/clamd.sock Ooops. That should be Clamd Socket = /var/run/clamd.scan/clamd.sock -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From xserverlinux at gmail.com Wed Aug 21 16:21:57 2019 From: xserverlinux at gmail.com (Rick Gutierrez) Date: Wed, 21 Aug 2019 10:21:57 -0600 Subject: constant restart In-Reply-To: <1ddf86e7-0e4e-7cf7-3ff9-d66fe1391f3e@msapiro.net> References: <1221639257.486050.1566269100833.JavaMail.zimbra@vdb.nl> <18d972ce-d924-6878-8f75-8f84a74489b9@msapiro.net> <829862930.498250.1566365442962.JavaMail.zimbra@vdb.nl> <4120cb0c-3876-4a58-0ce5-39ae1fdf1e6e@msapiro.net> <1ddf86e7-0e4e-7cf7-3ff9-d66fe1391f3e@msapiro.net> Message-ID: El mi?., 21 ago. 2019 a las 10:03, Mark Sapiro () escribi?: > > On 8/21/19 8:42 AM, Mark Sapiro wrote: > > > > Clamd Socket = /var/run/lamd.scan/clamd.sock > > Ooops. That should be > > Clamd Socket = /var/run/clamd.scan/clamd.sock > wrong finger, I have it right in MailScanner.conf , I will try the other emails above. -- rickygm http://gnuforever.homelinux.com From xserverlinux at gmail.com Thu Aug 22 00:25:56 2019 From: xserverlinux at gmail.com (Rick Gutierrez) Date: Wed, 21 Aug 2019 18:25:56 -0600 Subject: constant restart In-Reply-To: <2ecb1fc345829f68e27d88f988211189@cs.fsu.edu> References: <1221639257.486050.1566269100833.JavaMail.zimbra@vdb.nl> <18d972ce-d924-6878-8f75-8f84a74489b9@msapiro.net> <191770bb-e04c-4817-fc06-8187372962a2@msapiro.net> <5d96f73d-d924-42d7-04bd-419125e0b202@msapiro.net> <9e05d0c0-f945-6aa5-aa7f-4de68b4cdec7@msapiro.net> <952244ea-1441-c793-984a-6d1baa34df6e@msapiro.net> <2ecb1fc345829f68e27d88f988211189@cs.fsu.edu> Message-ID: El mi?., 21 ago. 2019 a las 8:38, yuwang () escribi?: > > Please try followings: > > change /etc/clamd.d/scan.conf: > from > User clamscan > to > User postfix > > change /var/run/clamd.scan owner to postfix: > chown postfix.mtagroup /var/run/clamd.scan > > change /usr/lib/tmpfiles.d/clamd.scan.conf to: > d /run/clamd.scan 0710 postfix mtagroup > > restart clamd and mailscanner > > make sure /var/run/clamd.scan/clamd.sock is owned by postfix. > > run MailScanner --lint again. > This was the trick, I made the change and now I don't see the error. MailScanner --lint --debug Trying to setlogsock(unix) Reading configuration file /etc/MailScanner/MailScanner.conf Reading configuration file /etc/MailScanner/conf.d/README Read 1500 hostnames from the phishing whitelist Read 6730 hostnames from the phishing blacklists Config: calling custom init function SQLBlacklist Config: calling custom init function MailWatchLogging Config: calling custom init function SQLWhitelist Checking version numbers... Version number in MailScanner.conf (5.1.3) is correct. Your envelope_sender_header in spamassassin.conf is correct. MailScanner setting UID to (89) Checking for SpamAssassin errors (if you use it)... Using SpamAssassin results cache Connected to SpamAssassin cache database SpamAssassin reported no errors. Connected to Processing Attempts Database Created Processing Attempts Database successfully There are 1174 messages in the Processing Attempts Database Using locktype = posix MailScanner.conf says "Virus Scanners = clamd" Found these virus scanners installed: clamd =========================================================================== Filename Checks: Windows/DOS Executable (1 eicar.com) Other Checks: Found 1 problems Virus and Content Scanning: Starting Clamd::INFECTED::Eicar-Test-Signature :: ./1/ Clamd::INFECTED:: Eicar-Test-Signature :: ./1/eicar.com Virus Scanning: Clamd found 2 infections Infected message 1 came from 10.1.1.1 Virus Scanning: Found 2 viruses =========================================================================== Virus Scanner test reports: Clamd said "eicar.com was infected: Eicar-Test-Signature" If any of your virus scanners (clamd) are not listed there, you should check that they are installed correctly and that MailScanner is finding them correctly via its virus.scanners.conf. Config: calling custom end function SQLBlacklist Config: calling custom end function MailWatchLogging Config: calling custom end function SQLWhitelist I am now presenting problems with postfix delivery, when I activate header_checks = regexp: / etc / postfix / header_checks, the emails do not come out, but I will open another post in the list. Thanks to all who helped answer this email, without your help it would not be possible -- rickygm http://gnuforever.homelinux.com From xserverlinux at gmail.com Mon Aug 26 01:04:02 2019 From: xserverlinux at gmail.com (Rick Gutierrez) Date: Sun, 25 Aug 2019 19:04:02 -0600 Subject: postfix does not send emails Message-ID: Hi list , I have a somewhat strange situation, when I activate in postfix to filter with MailScanner, the mails are not sent and they are queue , look at the output of an email escm postfix/pickup[17442]: 43B739D782: uid=0 from= Aug 25 18:55:52 escm postfix/cleanup[17472]: 43B739D782: hold: header Received: by escm.domain.com (Postfix, from userid 0)??id 43B739D782; Sun, 25 Aug 2019 18:55:52 -0600 (CST) from local; from= to= Aug 25 18:55:52 escm postfix/cleanup[17472]: 43B739D782: message-id=<20190826005552.43B739D782 at escm.domain.com> If I remove the option in main.cf that does not go through MailScanner the mails go out without problems #header_checks = regexp:/etc/postfix/header_checks some help or advice? Another message that throws me in the log, which I think is due to permissions. MailScanner[18076]: Cannot create temporary Work Dir /var/spool/MailScanner/incoming/18076. Are the permissions and ownership of /var/spool/MailScanner/incoming correct? ls -la /var/spool/MailScanner/ total 32 drwxr-xr-x 9 root root 4096 Aug 19 17:10 . drwxr-xr-x. 9 root root 4096 Aug 19 17:02 .. drwxr-xr-x 2 root root 4096 Jan 27 2019 archive drwxrwx--- 36 root mtagroup 760 Aug 21 18:34 incoming drwxr-xr-x 2 root root 4096 Jan 27 2019 milterin drwxr-xr-x 2 root root 4096 Jan 27 2019 milterout drwxr-xr-x 5 postfix nginx 4096 Aug 21 10:37 quarantine drwxrwx--- 36 root mtagroup 4096 Aug 21 18:34 ramdisk_store drwxr-xr-x 2 postfix postfix 4096 Aug 19 17:04 spamassassin -- rickygm http://gnuforever.homelinux.com From xserverlinux at gmail.com Mon Aug 26 01:07:17 2019 From: xserverlinux at gmail.com (Rick Gutierrez) Date: Sun, 25 Aug 2019 19:07:17 -0600 Subject: constant restart In-Reply-To: <4120cb0c-3876-4a58-0ce5-39ae1fdf1e6e@msapiro.net> References: <1221639257.486050.1566269100833.JavaMail.zimbra@vdb.nl> <18d972ce-d924-6878-8f75-8f84a74489b9@msapiro.net> <829862930.498250.1566365442962.JavaMail.zimbra@vdb.nl> <4120cb0c-3876-4a58-0ce5-39ae1fdf1e6e@msapiro.net> Message-ID: El mi?., 21 ago. 2019 a las 9:42, Mark Sapiro () escribi?: > > Clamd should either use a unix socket or a tcp socket, not both. > > For a unix socket, clamd.conf should have > > LocalSocket /var/run/clamd.scan/clamd.sock > FixStaleSocket true > LocalSocketGroup clamscan > LocalSocketMode 666 > > and should not define TCPSocket or TCPAddr > > and MailScanner should have > > Clamd Socket = /var/run/lamd.scan/clamd.sock > > For a TCP socket, clamd.conf should have > > TCPSocket 3310 > TCPAddr 127.0.0.1 > > and not define LocalSocket, FixStaleSocket, LocalSocketGroup or > LocalSocketMode > > and MailScanner should have > > Clamd Port = 3310 > Clamd Socket = 127.0.0.1 > > In your case, if you have TCPSocket and TCPAddr defined in clamd.conf, I > think just removing them may fix the issue. > Mark this I will schedule to do my tests, I only have a doubt with this, when activating by tcp I think it could be slower and you can feel the impact on large volumes of mail traffic, if I am wrong I hope I am corrected. -- rickygm http://gnuforever.homelinux.com From mark at msapiro.net Mon Aug 26 01:20:28 2019 From: mark at msapiro.net (Mark Sapiro) Date: Sun, 25 Aug 2019 18:20:28 -0700 Subject: constant restart In-Reply-To: References: <1221639257.486050.1566269100833.JavaMail.zimbra@vdb.nl> <18d972ce-d924-6878-8f75-8f84a74489b9@msapiro.net> <829862930.498250.1566365442962.JavaMail.zimbra@vdb.nl> <4120cb0c-3876-4a58-0ce5-39ae1fdf1e6e@msapiro.net> Message-ID: <2dd4356e-563e-d956-1ce2-c132c75a2f34@msapiro.net> On 8/25/19 6:07 PM, Rick Gutierrez wrote: > > Mark this I will schedule to do my tests, I only have a doubt with > this, when activating by tcp I think it could be slower and you can > feel the impact on large volumes of mail traffic, if I am wrong I hope > I am corrected. I don't think there will be any significant difference between communicating with clamd via a TCP vs. a unix socket. The bulk of the time should be in the clamd process itself, not in communication. Normally, there is less overhead in communicating via a unix socket, but I don't think this is going to be significant, Anyway, I was suggesting you configure clamd and MailScanner to use a unix socket and not TCP. It seemed your issue might have been that MailScanner was trying to use the unix socket but clamd was listening on a TCP port. -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From mark at msapiro.net Mon Aug 26 01:31:55 2019 From: mark at msapiro.net (Mark Sapiro) Date: Sun, 25 Aug 2019 18:31:55 -0700 Subject: postfix does not send emails In-Reply-To: References: Message-ID: <12f0bc3b-f734-79a0-8bef-e66a615536aa@msapiro.net> On 8/25/19 6:04 PM, Rick Gutierrez wrote: > Hi list , I have a somewhat strange situation, when I activate in > postfix to filter with MailScanner, the mails are not sent and they > are queue , ... > If I remove the option in main.cf that does not go through > MailScanner the mails go out without problems > > #header_checks = regexp:/etc/postfix/header_checks > > some help or advice? How is MailScanner configured. If Postfix is configured to hold incoming mail, MailScanner must be configured with MTA = postfix Incoming Queue Dir = /var/spool/postfix/hold Outgoing Queue Dir = /var/spool/postfix/incoming If you want to use the new milter option, you need Incoming Queue Dir = /var/spool/MailScanner/milterin Outgoing Queue Dir = /var/spool/MailScanner/milterout MTA = msmail and you need to remove the header_checks from main.cf. These configuration settings are mutually exclusive. -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From yuwang at cs.fsu.edu Mon Aug 26 01:49:06 2019 From: yuwang at cs.fsu.edu (yuwang) Date: Sun, 25 Aug 2019 21:49:06 -0400 Subject: constant restart In-Reply-To: References: <1221639257.486050.1566269100833.JavaMail.zimbra@vdb.nl> <18d972ce-d924-6878-8f75-8f84a74489b9@msapiro.net> <829862930.498250.1566365442962.JavaMail.zimbra@vdb.nl> <4120cb0c-3876-4a58-0ce5-39ae1fdf1e6e@msapiro.net> Message-ID: <5156e834dc445c7a358605d38e85937b@cs.fsu.edu> FYI, I have clamd listens on both unix socket and tcp port 3310. I can communicate to both manually using nc and socat. Clamd manual says it can listen to both. > > Mark this I will schedule to do my tests, I only have a doubt with > this, when activating by tcp I think it could be slower and you can > feel the impact on large volumes of mail traffic, if I am wrong I hope > I am corrected. > > > -- > rickygm > > http://gnuforever.homelinux.com From yuwang at cs.fsu.edu Mon Aug 26 01:55:25 2019 From: yuwang at cs.fsu.edu (yuwang) Date: Sun, 25 Aug 2019 21:55:25 -0400 Subject: postfix does not send emails In-Reply-To: References: Message-ID: <39b6856dedbad47f594becdb00b3eb97@cs.fsu.edu> Rick, Again it's ownership issue. Make sure postfix owns: ls -l /var/spool/MailScanner drwxr-xr-x. 2 root root 4096 Jan 27 2019 archive drwxrwx--- 47 postfix mtagroup 980 Aug 25 21:50 incoming drwxr-xr-x. 2 root root 4096 Jan 27 2019 milterin drwxr-xr-x. 2 root root 4096 Jan 27 2019 milterout drwxr-xr-x. 34 postfix mtagroup 4096 Aug 25 03:23 quarantine drwxrwx---. 37 postfix mtagroup 4096 Aug 24 03:14 ramdisk_store drwxr-xr-x. 2 postfix root 4096 Oct 15 2018 spamassassin James On 2019-08-25 21:04, Rick Gutierrez wrote: > Hi list , I have a somewhat strange situation, when I activate in > postfix to filter with MailScanner, the mails are not sent and they > are queue , > > look at the output of an email > > escm postfix/pickup[17442]: 43B739D782: uid=0 from= > Aug 25 18:55:52 escm postfix/cleanup[17472]: 43B739D782: hold: header > Received: by escm.domain.com (Postfix, from userid 0)??id 43B739D782; > Sun, 25 Aug 2019 18:55:52 -0600 (CST) from local; > from= to= > Aug 25 18:55:52 escm postfix/cleanup[17472]: 43B739D782: > message-id=<20190826005552.43B739D782 at escm.domain.com> > > If I remove the option in main.cf that does not go through > MailScanner the mails go out without problems > > #header_checks = regexp:/etc/postfix/header_checks > > some help or advice? > > Another message that throws me in the log, which I think is due to > permissions. > > MailScanner[18076]: Cannot create temporary Work Dir > /var/spool/MailScanner/incoming/18076. Are the permissions and > ownership of /var/spool/MailScanner/incoming correct? > > ls -la /var/spool/MailScanner/ > total 32 > drwxr-xr-x 9 root root 4096 Aug 19 17:10 . > drwxr-xr-x. 9 root root 4096 Aug 19 17:02 .. > drwxr-xr-x 2 root root 4096 Jan 27 2019 archive > drwxrwx--- 36 root mtagroup 760 Aug 21 18:34 incoming > drwxr-xr-x 2 root root 4096 Jan 27 2019 milterin > drwxr-xr-x 2 root root 4096 Jan 27 2019 milterout > drwxr-xr-x 5 postfix nginx 4096 Aug 21 10:37 quarantine > drwxrwx--- 36 root mtagroup 4096 Aug 21 18:34 ramdisk_store > drwxr-xr-x 2 postfix postfix 4096 Aug 19 17:04 spamassassin > > > > -- > rickygm > > http://gnuforever.homelinux.com From xserverlinux at gmail.com Mon Aug 26 03:08:19 2019 From: xserverlinux at gmail.com (Rick Gutierrez) Date: Sun, 25 Aug 2019 21:08:19 -0600 Subject: postfix does not send emails In-Reply-To: <12f0bc3b-f734-79a0-8bef-e66a615536aa@msapiro.net> References: <12f0bc3b-f734-79a0-8bef-e66a615536aa@msapiro.net> Message-ID: El dom., 25 ago. 2019 a las 19:32, Mark Sapiro () escribi?: > > > How is MailScanner configured. If Postfix is configured to hold incoming > mail, MailScanner must be configured with > > MTA = postfix > Incoming Queue Dir = /var/spool/postfix/hold > Outgoing Queue Dir = /var/spool/postfix/incoming MailScanner.conf MTA = postfix Incoming Queue Dir = /var/spool/postfix/hold Outgoing Queue Dir = /var/spool/postfix/incoming > > If you want to use the new milter option, you need > > Incoming Queue Dir = /var/spool/MailScanner/milterin > Outgoing Queue Dir = /var/spool/MailScanner/milterout > MTA = msmail > > and you need to remove the header_checks from main.cf. > > These configuration settings are mutually exclusive. > ok I made the change with these new options, but I don't see MailScanner scan the outgoing email Aug 25 21:05:11 escm MailScanner[27745]: /var/spool/MailScanner/milterout is not owned by user 89 ! Aug 25 21:05:11 escm postfix/pickup[27566]: B21469D788: uid=0 from= Aug 25 21:05:11 escm postfix/cleanup[27642]: B21469D788: message-id=<20190826030511.B21469D788 at escm.domain.com> Aug 25 21:05:11 escm postfix/qmgr[27567]: B21469D788: from=, size=478, nrcpt=1 (queue active) Aug 25 21:05:11 escm MailScanner[27753]: MailScanner Email Processor version 5.1.3 starting... Aug 25 21:05:11 escm MailScanner[27753]: Reading configuration file /etc/MailScanner/MailScanner.conf Aug 25 21:05:11 escm postfix/smtp[27644]: B21469D788: to=, relay=173.230.136.12[173.230.136.12]:25, delay=0.26, delays=0.07/0/0.12/0.07, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as ADC7CCC362) -- rickygm http://gnuforever.homelinux.com From xserverlinux at gmail.com Mon Aug 26 03:10:57 2019 From: xserverlinux at gmail.com (Rick Gutierrez) Date: Sun, 25 Aug 2019 21:10:57 -0600 Subject: postfix does not send emails In-Reply-To: <39b6856dedbad47f594becdb00b3eb97@cs.fsu.edu> References: <39b6856dedbad47f594becdb00b3eb97@cs.fsu.edu> Message-ID: El dom., 25 ago. 2019 a las 19:55, yuwang () escribi?: > > Rick, > > Again it's ownership issue. Make sure postfix owns: > > ls -l /var/spool/MailScanner > > drwxr-xr-x. 2 root root 4096 Jan 27 2019 archive > drwxrwx--- 47 postfix mtagroup 980 Aug 25 21:50 incoming > drwxr-xr-x. 2 root root 4096 Jan 27 2019 milterin > drwxr-xr-x. 2 root root 4096 Jan 27 2019 milterout > drwxr-xr-x. 34 postfix mtagroup 4096 Aug 25 03:23 quarantine > drwxrwx---. 37 postfix mtagroup 4096 Aug 24 03:14 ramdisk_store > drwxr-xr-x. 2 postfix root 4096 Oct 15 2018 spamassassin > of the entire directory? -- rickygm http://gnuforever.homelinux.com From xserverlinux at gmail.com Mon Aug 26 03:12:05 2019 From: xserverlinux at gmail.com (Rick Gutierrez) Date: Sun, 25 Aug 2019 21:12:05 -0600 Subject: constant restart In-Reply-To: <2dd4356e-563e-d956-1ce2-c132c75a2f34@msapiro.net> References: <1221639257.486050.1566269100833.JavaMail.zimbra@vdb.nl> <18d972ce-d924-6878-8f75-8f84a74489b9@msapiro.net> <829862930.498250.1566365442962.JavaMail.zimbra@vdb.nl> <4120cb0c-3876-4a58-0ce5-39ae1fdf1e6e@msapiro.net> <2dd4356e-563e-d956-1ce2-c132c75a2f34@msapiro.net> Message-ID: El dom., 25 ago. 2019 a las 19:20, Mark Sapiro () escribi?: > > > I don't think there will be any significant difference between > communicating with clamd via a TCP vs. a unix socket. The bulk of the > time should be in the clamd process itself, not in communication. > > Normally, there is less overhead in communicating via a unix socket, but > I don't think this is going to be significant, > > Anyway, I was suggesting you configure clamd and MailScanner to use a > unix socket and not TCP. It seemed your issue might have been that > MailScanner was trying to use the unix socket but clamd was listening on > a TCP port. > ok -- rickygm http://gnuforever.homelinux.com From xserverlinux at gmail.com Mon Aug 26 03:18:04 2019 From: xserverlinux at gmail.com (Rick Gutierrez) Date: Sun, 25 Aug 2019 21:18:04 -0600 Subject: constant restart In-Reply-To: <5156e834dc445c7a358605d38e85937b@cs.fsu.edu> References: <1221639257.486050.1566269100833.JavaMail.zimbra@vdb.nl> <18d972ce-d924-6878-8f75-8f84a74489b9@msapiro.net> <829862930.498250.1566365442962.JavaMail.zimbra@vdb.nl> <4120cb0c-3876-4a58-0ce5-39ae1fdf1e6e@msapiro.net> <5156e834dc445c7a358605d38e85937b@cs.fsu.edu> Message-ID: El dom., 25 ago. 2019 a las 19:49, yuwang () escribi?: > > FYI, I have clamd listens on both unix socket and tcp port 3310. I can > communicate to both manually using nc and socat. Clamd manual says it > can listen to both. thanks for the info -- rickygm http://gnuforever.homelinux.com From yuwang at cs.fsu.edu Mon Aug 26 11:42:22 2019 From: yuwang at cs.fsu.edu (yuwang) Date: Mon, 26 Aug 2019 07:42:22 -0400 Subject: postfix does not send emails In-Reply-To: References: <39b6856dedbad47f594becdb00b3eb97@cs.fsu.edu> Message-ID: <51d3533627cea30b142faa7773fdda2b@cs.fsu.edu> The whole 'incoming' directory. chown -R postfix /var/spool/MailScanner/incoming/ On 2019-08-25 23:10, Rick Gutierrez wrote: > El dom., 25 ago. 2019 a las 19:55, yuwang () > escribi?: >> >> Rick, >> >> Again it's ownership issue. Make sure postfix owns: >> >> ls -l /var/spool/MailScanner >> >> drwxr-xr-x. 2 root root 4096 Jan 27 2019 archive >> drwxrwx--- 47 postfix mtagroup 980 Aug 25 21:50 incoming >> drwxr-xr-x. 2 root root 4096 Jan 27 2019 milterin >> drwxr-xr-x. 2 root root 4096 Jan 27 2019 milterout >> drwxr-xr-x. 34 postfix mtagroup 4096 Aug 25 03:23 quarantine >> drwxrwx---. 37 postfix mtagroup 4096 Aug 24 03:14 ramdisk_store >> drwxr-xr-x. 2 postfix root 4096 Oct 15 2018 spamassassin >> > > of the entire directory? > > > > > -- > rickygm > > http://gnuforever.homelinux.com From xserverlinux at gmail.com Mon Aug 26 15:08:21 2019 From: xserverlinux at gmail.com (Rick Gutierrez) Date: Mon, 26 Aug 2019 09:08:21 -0600 Subject: postfix does not send emails In-Reply-To: <51d3533627cea30b142faa7773fdda2b@cs.fsu.edu> References: <39b6856dedbad47f594becdb00b3eb97@cs.fsu.edu> <51d3533627cea30b142faa7773fdda2b@cs.fsu.edu> Message-ID: El lun., 26 ago. 2019 a las 5:42, yuwang () escribi?: > > The whole 'incoming' directory. > > chown -R postfix /var/spool/MailScanner/incoming/ > > > change the permissions and the mails still don't come out, using the MailScanner as a milter I don't see that it analyzes the outgoing mails , I went back to the previous form with postfix Aug 26 09:04:30 escm postfix/pickup[1016]: 378969D760: uid=0 from= Aug 26 09:04:30 escm postfix/cleanup[1029]: 378969D760: hold: header Received: by escm.domain.com (Postfix, from userid 0)??id 378969D760; Mon, 26 Aug 2019 09:04:30 -0600 (CST) from local; from= to= Aug 26 09:04:30 escm postfix/cleanup[1029]: 378969D760: message-id=<20190826150430.378969D760 at escm.domain.com> queue 8D7649D758! 452 Mon Aug 26 09:01:51 root at escm.domain.com ricardo at domain.com E89369D75B! 25667 Mon Aug 26 09:03:23 root at localhost root at localhost -- rickygm http://gnuforever.homelinux.com From mailinglists at feedmebits.nl Fri Aug 30 11:26:07 2019 From: mailinglists at feedmebits.nl (Maarten) Date: Fri, 30 Aug 2019 13:26:07 +0200 Subject: Been getting a whole lot of these lately Message-ID: <010ab09b0f6864a4f4d46036dba7c0f0@feedmebits.nl> I have been getting a whole lot of these lately: Aug 26 21:11:03 supernova MailScanner[3972]: Virus Scanning: Denial Of Service attack is in message 7020BA9E8.A8534 Aug 26 21:11:03 supernova MailScanner[4748]: Virus Scanning: Denial Of Service attack is in message F2872186B5.A74A0 Aug 26 21:11:03 supernova MailScanner[4227]: Virus Scanning: Denial Of Service attack is in message B4FC0A9E3.A9C74 Aug 26 21:11:04 supernova MailScanner[4449]: Virus Scanning: Denial Of Service attack is in message 8CFA787BA.A87FA Aug 26 21:11:05 supernova MailScanner[3558]: Virus Scanning: Denial Of Service attack is in message 081851F362.A77AF Aug 26 21:16:34 supernova MailScanner[4748]: Virus Scanning: Denial Of Service attack is in message 8E3B1A9ED.AAB0A Aug 26 21:16:34 supernova MailScanner[4227]: Virus Scanning: Denial Of Service attack is in message 0093146B0.A4AC3 Aug 26 21:16:34 supernova MailScanner[3972]: Virus Scanning: Denial Of Service attack is in message C0378A9E9.A88CD Aug 26 21:16:34 supernova MailScanner[4449]: Virus Scanning: Denial Of Service attack is in message 4F7847DD3.A71ED Aug 26 21:26:41 supernova MailScanner[3972]: Virus Scanning: Denial Of Service attack is in message 32A5FA9E7.AB984 Aug 26 21:26:44 supernova MailScanner[4449]: Virus Scanning: Denial Of Service attack is in message 1D0521878A.A6398 Aug 26 21:26:51 supernova MailScanner[4748]: Virus Scanning: Denial Of Service attack is in message E84D4A9E1.A828D Aug 26 21:32:08 supernova MailScanner[4449]: Virus Scanning: Denial Of Service attack is in message 2192F87A8.A7EF2 Aug 26 21:32:09 supernova MailScanner[3972]: Virus Scanning: Denial Of Service attack is in message 0119DA9E2.A7498 Aug 26 21:32:10 supernova MailScanner[4748]: Virus Scanning: Denial Of Service attack is in message D3CACA9EC.AA2B8 Aug 26 21:38:10 supernova MailScanner[4748]: Virus Scanning: Denial Of Service attack is in message 4669E622A.A7B30 Aug 26 21:38:10 supernova MailScanner[4449]: Virus Scanning: Denial Of Service attack is in message 7CD3D20377.A7366 Aug 30 12:56:38 supernova MailScanner[17638]: Virus Scanning: Denial Of Service attack is in message E709B20EE3.AF891 Aug 30 12:56:45 supernova MailScanner[17814]: Virus Scanning: Denial Of Service attack is in message 40E2C20F00.A0394 Aug 30 12:56:50 supernova MailScanner[13313]: Virus Scanning: Denial Of Service attack is in message 7ADFC20377.A10DA Aug 30 12:56:51 supernova MailScanner[2564]: Virus Scanning: Denial Of Service attack is in message CE27B20F08.A07E2 Aug 30 12:56:55 supernova MailScanner[30687]: Virus Scanning: Denial Of Service attack is in message 165002036A.A3DB9 When the "Subject: Virus Detected" message arrives I see they are mostly system mails one of my services, however also happened to several emails from a list. When this happens I see that the system has run out of memory and is killing processes. After I reboot the system everything is fine again, it's my vps for personal usage so not very heavily used. It's got 5G ram and 1 vCPU so that should be more any enough for low volume usage. I have never had any problems in the past. Only recently updated from SL7.6 to SL7.7, must be something in that update causing problems. Anyone else been having any problems with getting Denial of Service Attach messages? Also does anyone know if these selinux contexts have to be allowed for MailScanner to function properly? #============= mscan_t ============== allow mscan_t antivirus_t:process signal; allow mscan_t sysfs_t:dir read; --> Don't see why MailScanner is trying to read something in sysfs From mailinglists at feedmebits.nl Fri Aug 30 11:37:39 2019 From: mailinglists at feedmebits.nl (Maarten) Date: Fri, 30 Aug 2019 13:37:39 +0200 Subject: Been getting a whole lot of these lately In-Reply-To: <010ab09b0f6864a4f4d46036dba7c0f0@feedmebits.nl> References: <010ab09b0f6864a4f4d46036dba7c0f0@feedmebits.nl> Message-ID: Today when this happened the system didn't run out of memory but got got close to running out of memory. So seems these "Denial of Service attacks" are eating alot of memory. On 2019-08-30 13:26, Maarten wrote: > I have been getting a whole lot of these lately: > > Aug 26 21:11:03 supernova MailScanner[3972]: Virus Scanning: Denial Of > Service attack is in message 7020BA9E8.A8534 > Aug 26 21:11:03 supernova MailScanner[4748]: Virus Scanning: Denial Of > Service attack is in message F2872186B5.A74A0 > Aug 26 21:11:03 supernova MailScanner[4227]: Virus Scanning: Denial Of > Service attack is in message B4FC0A9E3.A9C74 > Aug 26 21:11:04 supernova MailScanner[4449]: Virus Scanning: Denial Of > Service attack is in message 8CFA787BA.A87FA > Aug 26 21:11:05 supernova MailScanner[3558]: Virus Scanning: Denial Of > Service attack is in message 081851F362.A77AF > Aug 26 21:16:34 supernova MailScanner[4748]: Virus Scanning: Denial Of > Service attack is in message 8E3B1A9ED.AAB0A > Aug 26 21:16:34 supernova MailScanner[4227]: Virus Scanning: Denial Of > Service attack is in message 0093146B0.A4AC3 > Aug 26 21:16:34 supernova MailScanner[3972]: Virus Scanning: Denial Of > Service attack is in message C0378A9E9.A88CD > Aug 26 21:16:34 supernova MailScanner[4449]: Virus Scanning: Denial Of > Service attack is in message 4F7847DD3.A71ED > Aug 26 21:26:41 supernova MailScanner[3972]: Virus Scanning: Denial Of > Service attack is in message 32A5FA9E7.AB984 > Aug 26 21:26:44 supernova MailScanner[4449]: Virus Scanning: Denial Of > Service attack is in message 1D0521878A.A6398 > Aug 26 21:26:51 supernova MailScanner[4748]: Virus Scanning: Denial Of > Service attack is in message E84D4A9E1.A828D > Aug 26 21:32:08 supernova MailScanner[4449]: Virus Scanning: Denial Of > Service attack is in message 2192F87A8.A7EF2 > Aug 26 21:32:09 supernova MailScanner[3972]: Virus Scanning: Denial Of > Service attack is in message 0119DA9E2.A7498 > Aug 26 21:32:10 supernova MailScanner[4748]: Virus Scanning: Denial Of > Service attack is in message D3CACA9EC.AA2B8 > Aug 26 21:38:10 supernova MailScanner[4748]: Virus Scanning: Denial Of > Service attack is in message 4669E622A.A7B30 > Aug 26 21:38:10 supernova MailScanner[4449]: Virus Scanning: Denial Of > Service attack is in message 7CD3D20377.A7366 > Aug 30 12:56:38 supernova MailScanner[17638]: Virus Scanning: Denial > Of Service attack is in message E709B20EE3.AF891 > Aug 30 12:56:45 supernova MailScanner[17814]: Virus Scanning: Denial > Of Service attack is in message 40E2C20F00.A0394 > Aug 30 12:56:50 supernova MailScanner[13313]: Virus Scanning: Denial > Of Service attack is in message 7ADFC20377.A10DA > Aug 30 12:56:51 supernova MailScanner[2564]: Virus Scanning: Denial Of > Service attack is in message CE27B20F08.A07E2 > Aug 30 12:56:55 supernova MailScanner[30687]: Virus Scanning: Denial > Of Service attack is in message 165002036A.A3DB9 > > When the "Subject: Virus Detected" message arrives I see they are > mostly system mails one of my services, however also > happened to several emails from a list. When this happens I see that > the system has run out of memory and is killing > processes. After I reboot the system everything is fine again, it's my > vps for personal usage so not very heavily used. > It's got 5G ram and 1 vCPU so that should be more any enough for low > volume usage. I have never had any problems in > the past. Only recently updated from SL7.6 to SL7.7, must be something > in that update causing problems. Anyone else > been having any problems with getting Denial of Service Attach > messages? > > Also does anyone know if these selinux contexts have to be allowed for > MailScanner to function properly? > > #============= mscan_t ============== > allow mscan_t antivirus_t:process signal; > allow mscan_t sysfs_t:dir read; --> Don't see why MailScanner is > trying to read something in sysfs From mailscanner at replies.cyways.com Sat Aug 31 20:51:55 2019 From: mailscanner at replies.cyways.com (Peter H. Lemieux) Date: Sat, 31 Aug 2019 16:51:55 -0400 Subject: Disarmed mail and spam checks Message-ID: <6b8289aa-02f1-6159-43c1-6945a376272a@replies.cyways.com> I have my configuration set to deliver mail with Disarmed tags. However it appears this arrangement exempts the message from spam processing. I have a spam blacklist rule that should block a particular sender, but these messages still come through with the {Disarmed} tag. I scanned the directives in MailScanner.conf, but didn't see how to handle this situation. The only relevant thing I found online was this https://www.howtoforge.com/community/threads/mailscanner-and-spam-check-after-disarming-harmful-message.77624/ a posting of the same problem with no replies. Any suggestions? Thanks! Peter