Hi,
I've set up amavisd-new 2.7.0 with postfix 2.8.5 on a FreeBSD 8.2 machine and
it's been mostly a smooth ride so far. This machine will act as a mail
gateway and spam filter in front of a couple of internal mail servers. On
rare occasions (a few times a week, somewhat random) I see something weird
in my maillog however.
It looks like amavis dies here:
Oct 17 06:22:48 smtp postfix/postscreen[62226]: CONNECT from
[123.168.232.239]:2387
Oct 17 06:22:54 smtp postfix/postscreen[62226]: PASS NEW [123.168.232.239]:2387
Oct 17 06:22:54 smtp postfix/smtpd[62229]: connect from unknown[123.168.232.239]
Oct 17 06:22:55 smtp postfix/smtpd[62229]: 4E0E7E04E2:
client=unknown[123.168.232.239]
Oct 17 06:22:55 smtp postfix/cleanup[62232]: 4E0E7E04E2:
message-id=<5DBTMTXL8DKA6YXAOC@localhost.localdomain>
Oct 17 06:22:56 smtp postfix/qmgr[54022]: 4E0E7E04E2:
from=<conglomeratio...@qip.ru>, size=18026, nrcpt=1 (queue active)
Oct 17 06:22:56 smtp postfix/smtpd[62229]: disconnect from
unknown[123.168.232.239]
Oct 17 06:22:57 smtp amavis[61150]: (61150-02) (!)FWD from
<conglomeratio...@qip.ru> -> <m...@mydomain.tld>, 451 4.5.0 From MTA() during
fwd-connect (Error reading from socket: Connection reset by peer at
/usr/local/sbin/amavisd line 6814.): id=61150-02
Oct 17 06:22:57 smtp amavis[61150]: (61150-02) Blocked MTA-BLOCKED
{TempFailedInbound}, [123.168.232.239]:2387 [123.168.232.239]
<conglomeratio...@qip.ru> -> <m...@mydomain.tld>, Queue-ID: 4E0E7E04E2,
Message-ID: <5DBTMTXL8DKA6YXAOC@localhost.localdomain>, mail_id: KT9C9Ke7LxEZ,
Hits: 4.052, size: 18026, 1231 ms
Oct 17 06:22:57 smtp amavis[61150]: (61150-02) (!!)TROUBLE in process_request:
Error writing to socket: Broken pipe at /usr/local/sbin/amavisd line 6843.
Oct 17 06:22:57 smtp postfix/smtp[62233]: 4E0E7E04E2: to=<m...@mydomain.tld>,
relay=127.0.0.1[127.0.0.1]:10024, delay=2.4, delays=1.1/0/0.01/1.2, dsn=4.5.0,
status=deferred (host 127.0.0.1[127.0.0.1] said: 451 4.5.0 id=61150-02 -
Temporary MTA failure on relaying, From MTA() during fwd-connect (Error reading
from socket: Connection reset by peer at /usr/local/sbin/amavisd line 6814.):
id=61150-02 (in reply to end of DATA command))
Oct 17 06:22:57 smtp amavis[61150]: (61150-02) (!)Requesting process rundown
after fatal error
Oct 17 06:22:57 smtp amavis[61150]: (61150-02) (!)_DIE: Error writing to
socket: Broken pipe at /usr/local/sbin/amavisd line 6843.
...and then, 8 minutes later:
Oct 17 06:30:26 smtp postfix/qmgr[54022]: 4E0E7E04E2:
from=<conglomeratio...@qip.ru>, size=18026, nrcpt=1 (queue active)
Oct 17 06:30:27 smtp postfix/smtpd[62254]: connect from localhost[127.0.0.1]
Oct 17 06:30:27 smtp postfix/smtpd[62254]: D8FAAE0666:
client=localhost[127.0.0.1]
Oct 17 06:30:27 smtp postfix/cleanup[62255]: D8FAAE0666:
message-id=<5DBTMTXL8DKA6YXAOC@localhost.localdomain>
Oct 17 06:30:27 smtp postfix/smtpd[62254]: disconnect from localhost[127.0.0.1]
Oct 17 06:30:27 smtp postfix/qmgr[54022]: D8FAAE0666:
from=<conglomeratio...@qip.ru>, size=18718, nrcpt=1 (queue active)
Oct 17 06:30:27 smtp amavis[61761]: (61761-02) Passed CLEAN {RelayedInbound},
[123.168.232.239]:2387 [123.168.232.239] <conglomeratio...@qip.ru> ->
<m...@mydomain.tld>, Queue-ID: 4E0E7E04E2, Message-ID:
<5DBTMTXL8DKA6YXAOC@localhost.localdomain>, mail_id: tJ1Womdf9N4H, Hits: 4.052,
size: 18026, queued_as: D8FAAE0666, 1214 ms
Oct 17 06:30:27 smtp postfix/smtp[62252]: 4E0E7E04E2: to=<m...@mydomain.tld>,
relay=127.0.0.1[127.0.0.1]:10024, delay=453, delays=451/0.01/0.01/1.2,
dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0
Ok: queued as D8FAAE0666)
Oct 17 06:30:27 smtp postfix/qmgr[54022]: 4E0E7E04E2: removed
Oct 17 06:30:28 smtp postfix/smtp[62256]: D8FAAE0666: to=<m...@mydomain.tld>,
relay=172.16.1.129[172.16.1.129]:25, delay=0.14, delays=0.02/0/0/0.11,
dsn=2.6.0, status=sent (250 2.6.0 <5DBTMTXL8DKA6YXAOC@localhost.localdomain>
Queued mail for delivery)
Oct 17 06:30:28 smtp postfix/qmgr[54022]: D8FAAE0666: removed
...and the mail gets delivered successfully.
Google didn't turn up anything useful on why amavis dies and I've checked
my configuration but I can't find anything obvious that is wrong. I guess
it all comes down to that I don't know how to interpret these error messages.
So, can someone explain to me what's going on and tell me if I should be
worried or not? :-)
My configuration is quite simple. I've attached it below for reference.
## Postconf -n from Postfix:
command_directory = /usr/local/sbin
config_directory = /usr/local/etc/postfix
content_filter = smtp-amavis:[127.0.0.1]:10024
daemon_directory = /usr/local/libexec/postfix
data_directory = /var/db/postfix
debug_peer_level = 2
disable_vrfy_command = yes
html_directory = /usr/local/share/doc/postfix
local_recipient_maps =
local_transport = error:local mail delivery is disabled
mail_owner = postfix
mailq_path = /usr/local/bin/mailq
manpage_directory = /usr/local/man
message_size_limit = 40960000
mydestination =
mydomain = mydomain.tld
myhostname = smtp.mydomain.tld
mynetworks = 127.0.0.0/8, 172.16.1.129/32
mynetworks_style = host
myorigin = $mydomain
newaliases_path = /usr/local/bin/newaliases
parent_domain_matches_subdomains = debug_peer_list smtpd_access_maps
postscreen_dnsbl_action = enforce
postscreen_dnsbl_sites = zen.spamhaus.org bl.spamcop.net
postscreen_greet_action = enforce
queue_directory = /var/spool/postfix
readme_directory = /usr/local/share/doc/postfix
relay_domains = hash:/usr/local/etc/postfix/relay_domains
relay_recipient_maps = hash:/usr/local/etc/postfix/relay_recipients
sample_directory = /usr/local/etc/postfix
sendmail_path = /usr/local/sbin/sendmail
setgid_group = maildrop
smtpd_banner = $myhostname ESMTP $mail_name
smtpd_data_restrictions = reject_unauth_pipelining
smtpd_helo_required = yes
smtpd_recipient_restrictions = reject_invalid_hostname
reject_non_fqdn_hostname reject_non_fqdn_sender
reject_non_fqdn_recipient reject_unknown_sender_domain
reject_unknown_recipient_domain permit_mynetworks
reject_unauth_destination check_helo_access
hash:/usr/local/etc/postfix/helo_checks
transport_maps = hash:/usr/local/etc/postfix/transport
unknown_local_recipient_reject_code = 550
## amavis stuff from master.cf:
smtp-amavis unix - - n - 2 smtp
-o smtp_data_done_timeout=1200
-o smtp_send_xforward_command=yes
-o smtp_tls_note_starttls_offer=no
127.0.0.1:10025 inet n - n - - smtpd
-o content_filter=
-o smtpd_delay_reject=no
-o smtpd_client_restrictions=permit_mynetworks,reject
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o smtpd_data_restrictions=reject_unauth_pipelining
-o smtpd_end_of_data_restrictions=
-o smtpd_restriction_classes=
-o mynetworks=127.0.0.0/8
-o smtpd_error_sleep_time=0
-o smtpd_soft_error_limit=1001
-o smtpd_hard_error_limit=1000
-o smtpd_client_connection_count_limit=0
-o smtpd_client_connection_rate_limit=0
-o
receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_milters
-o local_header_rewrite_clients=
-o smtpd_milters=
-o local_recipient_maps=
-o relay_recipient_maps=
## What I've changed in amavisd.conf:
diff -u amavisd.conf-dist amavisd.conf
--- amavisd.conf-dist 2011-08-22 22:51:32.000000000 +0200
+++ amavisd.conf 2011-10-13 12:50:17.000000000 +0200
@@ -17,7 +17,7 @@
$daemon_user = 'vscan'; # (no default; customary: vscan or amavis), -u
$daemon_group = 'vscan'; # (no default; customary: vscan or amavis), -g
-$mydomain = 'example.com'; # a convenient default for other settings
+$mydomain = 'mydomain.tld'; # a convenient default for other settings
# $MYHOME = '/var/amavis'; # a convenient default for other settings, -H
$TEMPBASE = "$MYHOME/tmp"; # working directory, needs to exist, -T
@@ -46,7 +46,7 @@
$enable_dkim_verification = 1; # enable DKIM signatures verification
$enable_dkim_signing = 1; # load DKIM signing code, keys defined by dkim_key
-@local_domains_maps = ( [".$mydomain"] ); # list of all local domains
+@local_domains_maps = read_hash("/usr/local/etc/postfix/relay_domains");
@mynetworks = qw( 127.0.0.0/8 [::1] [FE80::]/10 [FEC0::]/10
10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 );
@@ -90,9 +90,9 @@
auth_required_release => 0, # do not require secret_id for amavisd-release
};
-$sa_tag_level_deflt = 2.0; # add spam info headers if at, or above that level
-$sa_tag2_level_deflt = 6.2; # add 'spam detected' headers at that level
-$sa_kill_level_deflt = 6.9; # triggers spam evasive actions (e.g. blocks mail)
+$sa_tag_level_deflt = undef; # add spam info headers if at, or above that
level
+$sa_tag2_level_deflt = 5.0; # add 'spam detected' headers at that level
+$sa_kill_level_deflt = 6.0; # triggers spam evasive actions (e.g. blocks mail)
$sa_dsn_cutoff_level = 10; # spam level beyond which a DSN is not sent
$sa_crediblefrom_dsn_cutoff_level = 18; # likewise, but for a likely valid From
# $sa_quarantine_cutoff_level = 25; # spam level beyond which quarantine is off
@@ -112,11 +112,11 @@
# $timestamp_fmt_mysql = 1; # if using MySQL *and* msgs.time_iso is TIMESTAMP;
# defaults to 0, which is good for non-MySQL or if msgs.time_iso is CHAR(16)
-$virus_admin = "virusalert\@$mydomain"; # notifications recip.
+$virus_admin = "it\@$mydomain"; # notifications recip.
-$mailfrom_notify_admin = "virusalert\@$mydomain"; # notifications sender
-$mailfrom_notify_recip = "virusalert\@$mydomain"; # notifications sender
-$mailfrom_notify_spamadmin = "spam.police\@$mydomain"; # notifications sender
+$mailfrom_notify_admin = "it\@$mydomain"; # notifications sender
+$mailfrom_notify_recip = "it\@$mydomain"; # notifications sender
+$mailfrom_notify_spamadmin = "it\@$mydomain"; # notifications sender
$mailfrom_to_quarantine = ''; # null return path; uses original sender if undef
@addr_extension_virus_maps = ('virus');
@@ -145,14 +145,14 @@
# OTHER MORE COMMON SETTINGS (defaults may suffice):
-# $myhostname = 'host.example.com'; # must be a fully-qualified domain name!
+$myhostname = 'smtp.mydomain.tld'; # must be a fully-qualified domain name!
# $notify_method = 'smtp:[127.0.0.1]:10025';
# $forward_method = 'smtp:[127.0.0.1]:10025'; # set to undef with milter!
# $final_virus_destiny = D_DISCARD;
# $final_banned_destiny = D_DISCARD;
-# $final_spam_destiny = D_PASS; #!!! D_DISCARD / D_REJECT
+$final_spam_destiny = D_DISCARD; #!!! D_DISCARD / D_REJECT
# $final_bad_header_destiny = D_PASS;
# $bad_header_quarantine_method = undef;
@@ -371,10 +371,10 @@
# settings for the SAVAPI3.conf: ArchiveScan=1, HeurLevel=2, MailboxScan=1
# ### http://www.clamav.net/
-# ['ClamAV-clamd',
-# \&ask_daemon, ["CONTSCAN {}\n", "/var/run/clamav/clamd.sock"],
-# qr/\bOK$/m, qr/\bFOUND$/m,
-# qr/^.*?: (?!Infected Archive)(.*) FOUND$/m ],
+['ClamAV-clamd',
+ \&ask_daemon, ["CONTSCAN {}\n", "/var/run/clamav/clamd.sock"],
+ qr/\bOK$/m, qr/\bFOUND$/m,
+ qr/^.*?: (?!Infected Archive)(.*) FOUND$/m ],
# # NOTE: run clamd under the same user as amavisd, or run it under its own
# # uid such as clamav, add user clamav to the amavis group, and then add
# # AllowSupplementaryGroups to clamd.conf;
--
Joel
