Hello Mark,
> It is hard to say without seeing logs. If there is a specific message
> that is causing it, this facilitates debugging: run 'amavisd debug'
> and see what happens when such message comes in. You may
> notice such a message if it is hanging on the MTA queue and is
> retried every now and then.
I have come across some other threads in the mailing list that
resemble my problem, though I haven't found anything exactly like it.
I have run 'amavisd debug-sa > ~/amavisd_log 2>&1 &' and analyzed the
output when one of the processes goes wild. However, it doesn't seem
like there was anything wrong in the debug log, except for SA not
being able to open the auto-whitelist (which I fixed). That wasn't the
problem though.
When I have to 'kill -9' the process, it leaves an email in the tmp/
folder. It seems to be one message that keeps getting retried and
causing the amavisd process to go wild. It is an undeliverable mail
message that is trying to be sent back to the sender. It contains a
jpg image and Postfix has added some lines about an error not being
able to write to the queue, like so:
host xx.xxx.x.xxx[xx.xxx.x.xxx] said: 451 Error: queue
file write error (in reply to end of DATA command)
In the maillog every time I come across this situation, the process
gives a warning: WARN: MIME::Parser error: part did not end with
expected boundary. I didn't think it was such a big deal since it was
a warning, but it seems to happen every time this occurs.
> If it is not a specific message that is causing it, my first guess
> is that SA is trying to do Bayes auto-expiry. If having bayes
> on a bdb backend, the SA auto-expiry should better be disabled
> and run explicitly from cron every now and then (e.g. each night).
> Better still, switch Bayes from berkeley db to SQL.
I have disabled Bayes filtering for SA to test this, however I still
ended up with a bad process.
> Now, what next? If running SA older than 3.0.4, be aware
> there is a DoS possibility with older versions, which would
> probably behave like you described.
It doesn't appear to be a DoS attack as it is the same message retried
and causing the same symptoms. Any ideas on what to do now? Your help
is appreciated.
Adriel
-------------------------------------------------------
SF.Net email is Sponsored by the Better Software Conference & EXPO
September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices
Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA
Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf
_______________________________________________
AMaViS-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/
