Mail stuck in /var/spool/postfix/hold

Remco Barendse mailscanner at barendse.to
Tue Jun 15 18:06:59 UTC 2021 

Thanks!  I checked but didn't see any apparmor errors or anything that 
relates to mail, only that MailScanner gets killed :

Jun 15 19:54:37 gw2 MailScanner: Process did not exit cleanly, returned 13 
with signal 0


Some other snippets, not sure if relevant :
Jun 15 19:52:54 gw2 MailScanner[2110]: Requeue: B66CD615E7.A430A to 
D129F61636
Jun 15 19:52:54 gw2 MailScanner[2110]: Uninfected: Delivered 8 messages
Jun 15 19:52:54 gw2 postfix/qmgr[1430]: AD5CC6163C: 
from=<fail2ban at gw2.ecem.com>, size=376, nrcpt=1 (queue active)
Jun 15 19:52:54 gw2 MailScanner[2110]: Deleted 8 messages from 
processing-database



On your website is stated :
# For use with MailScanner in /etc/apparmor.d/usr.sbin.clamd
/var/spool/MailScanner/** rw,
/var/spool/MailScanner/incoming/** rw,

Whereas the MailScanner installer adds /etc/apparmor.d/local/usr.sbin.clamd
/var/spool/MailScanner/incoming/** krw,
/var/spool/MailScanner/incoming/** ix,

But....... the include is not commented out in 
/etc/apparmor.d/usr.sbin.clamd
   # Site-specific additions and overrides. See local/README for details.
   #include <local/usr.sbin.clamd>


I tried both and uncommented that line, no dice

Mail does end up in the "hold" directory but just sits there until 
quarantined


If i add mail from quarantine back into /var/spool/postfix/hold, 
/var/log/mail.log just says this :

Jun 15 19:54:37 gw2 MailScanner[2194]: New Batch: Scanning 1 messages, 
61782 bytes
Jun 15 19:54:38 gw2 MailScanner[2527]: MailScanner Email Processor version 
5.3.4 starting...
Jun 15 19:54:38 gw2 MailScanner[2527]: Reading configuration file 
/etc/MailScanner/MailScanner.conf
Jun 15 19:54:38 gw2 MailScanner[2527]: Reading configuration file 
/etc/MailScanner/conf.d/README
Jun 15 19:54:38 gw2 MailScanner[2527]: Reading configuration file 
/etc/MailScanner/conf.d/postfix.conf
Jun 15 19:54:38 gw2 MailScanner[2527]: Read 1500 hostnames from the 
phishing whitelist
Jun 15 19:54:38 gw2 MailScanner[2527]: Read 5527 hostnames from the 
phishing blacklists
Jun 15 19:54:38 gw2 MailScanner[2527]: Using SpamAssassin results cache
Jun 15 19:54:38 gw2 MailScanner[2527]: Connected to SpamAssassin cache 
database
Jun 15 19:54:38 gw2 MailScanner[2527]: Enabling SpamAssassin 
auto-whitelist functionality...
Jun 15 19:54:38 gw2 MailScanner[2527]: Auto: Found virus scanners: clamd
Jun 15 19:54:38 gw2 MailScanner[2527]: Connected to Processing Attempts 
Database
Jun 15 19:54:38 gw2 MailScanner[2527]: Found 14 messages in the Processing 
Attempts Database
Jun 15 19:54:38 gw2 MailScanner[2527]: Using locktype = flock




On Tue, 15 Jun 2021, Thom van der Boon wrote:

> Remco,
> 
> Take a look at the syslog (cat /var/log/syslog) AppArmour logs errors there and not in the maillog
> 
> 
> Met vriendelijke groet, Mit freundlichen Grüßen, Best regards,
> 
> 
> Thom van der Boon
> E-Mail: thom at vdb.nl
> 
> __________________________________________________________________________________________________________________________________________________________________________________________________________________________________________
> Van: "Remco Barendse" <mailscanner at barendse.to>
> Aan: "MailScanner Discussion" <mailscanner at lists.mailscanner.info>
> Verzonden: Dinsdag 15 juni 2021 14:05:11
> Onderwerp: Re: Mail stuck in /var/spool/postfix/hold
> 
> I checked the log all the way up, no error messages. Just warnings
> 
> root at gw2:~# cat /var/log/mail.log | grep -i 6EC7682C7E.A8770
> Jun 15 13:57:18 gw2 MailScanner[2886]: Making attempt 2 at processing
> message 6EC7682C7E.A8770
> Jun 15 14:00:22 gw2 MailScanner[3167]: Making attempt 3 at processing
> message 6EC7682C7E.A8770
> 
> MailScanner --lint says all is OK and messages sit in
> /var/spool/postfix/hold until they are quarantined
> 
> I did a complete re-install this morning of the server, started from fresh
> install of Ubuntu 20.04 and proceeded immediately to install MailScanner
> and ran ms-config, did not install any package.
> 
> Same result....  Getting a little desperate
> 
> root at gw2:~# MailScanner --lint
> Trying to setlogsock(unix)
> 
> Reading configuration file /etc/MailScanner/MailScanner.conf
> Reading configuration file /etc/MailScanner/conf.d/README
> Reading configuration file /etc/MailScanner/conf.d/postfix.conf
> Read 1500 hostnames from the phishing whitelist
> Read 5527 hostnames from the phishing blacklists
> 
> Checking version numbers...
> Version number in MailScanner.conf (5.3.4) is correct.
> 
> Your envelope_sender_header in spamassassin.conf is correct.
> MailScanner setting GID to  (121)
> MailScanner setting UID to  (118)
> 
> Checking for SpamAssassin errors (if you use it)...
> Using SpamAssassin results cache
> Connected to SpamAssassin cache database
> config: registryboundaries: no tlds defined, need to run sa-update
> SpamAssassin reported no errors.
> Auto: Found virus scanners: clamd
> Connected to Processing Attempts Database
> Created Processing Attempts Database successfully
> There are 14 messages in the Processing Attempts Database
> Using locktype = posix
> MailScanner.conf says "Virus Scanners = auto"
> Found these virus scanners installed: clamd
> ===========================================================================
> Filename Checks: Windows/DOS Executable (1 eicar.com)
> Other Checks: Found 1 problems
> Virus and Content Scanning: Starting
> Clamd::INFECTED:: Win.Test.EICAR_HDB-1 :: ./1/eicar.com
> Virus Scanning: Clamd found 2 infections
> Infected message 1 came from 10.1.1.1
> Virus Scanning: Found 2 viruses
> ===========================================================================
> Virus Scanner test reports:
> Clamd said "eicar.com was infected: Win.Test.EICAR_HDB-1"
> 
> If any of your virus scanners (clamd)
> are not listed there, you should check that they are installed correctly
> and that MailScanner is finding them correctly via its
> virus.scanners.conf.
> 
> 
> 
> 
> 
> 
> On Mon, 14 Jun 2021, Mark Sapiro wrote:
> 
> > On 6/14/21 4:41 AM, Remco Barendse wrote:
> >>
> >>  No errors, anywhere jusst this in the log :
> >>  Jun 14 13:37:27 gw2 MailScanner[3282]: Making attempt 2 at processing
> >>  message 26A2782CA5.A6FBE
> >>
> >>  Jun 14 13:11:43 gw2 MailScanner[3081]: Connected to Processing Attempts
> >>  Database
> >>  Jun 14 13:11:43 gw2 MailScanner[3081]: Found 6 messages in the Processing
> >>  Attempts Database
> >>  Jun 14 13:11:43 gw2 MailScanner[3081]: Using locktype = flock
> >>  Jun 14 13:12:25 gw2 MailScanner[2890]: Making attempt 6 at processing
> >>  message D0D2882370.ACF37
> >>  Jun 14 13:12:25 gw2 MailScanner[2890]: Making attempt 6 at processing
> >>  message 4C5938221D.A960D
> >>  Jun 14 13:12:25 gw2 MailScanner[2890]: New Batch: Found 6 messages waiting
> >>  Jun 14 13:12:25 gw2 MailScanner[2890]: New Batch: Scanning 2 messages,
> >>  883327 bytes
> >>  Jun 14 13:12:25 gw2 MailScanner[3006]: Warning: skipping message
> >>  D0D2882370.ACF37 as it has been attempted too many times
> >>  Jun 14 13:12:25 gw2 MailScanner[3006]: Quarantined message
> >>  D0D2882370.ACF37 as it caused MailScanner to crash several times
> >>  Jun 14 13:12:25 gw2 MailScanner[3006]: Saved entire message to
> >>  /var/spool/MailScanner/quarantine/20210614/D0D2882370.ACF37
> >>  Jun 14 13:12:25 gw2 MailScanner[3081]: Warning: skipping message
> >>  4C5938221D.A960D as it has been attempted too many times
> >>  Jun 14 13:12:25 gw2 MailScanner[3081]: Quarantined message
> >>  4C5938221D.A960D as it caused MailScanner to crash several times
> >>  Jun 14 13:12:25 gw2 MailScanner[3081]: Saved entire message to
> >>  /var/spool/MailScanner/quarantine/20210614/4C5938221D.A960D
> >>  Jun 14 13:12:25 gw2 MailScanner[3081]: New Batch: Found 6 messages waiting
> >
> >
> > There should be errors logged from the earlier attempts to process the
> > messages, perhaps they are in an older, rotated log.
> >
> >
> > --
> > Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
> > San Francisco Bay Area, California    better use your sense - B. Dylan
> >
> >
> > --
> > MailScanner mailing list
> > mailscanner at lists.mailscanner.info
> > http://lists.mailscanner.info/mailman/listinfo/mailscanner
> >
> >
> 
> 
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
> 
>

More information about the MailScanner mailing list