Hi Eric:I surmised from John's webpage that since I didn't have the simscan group that we could use clamav as the group owner since simscan runs as suid clamav. But to tell you the truth I don't understand what setguid does to a directory despite having read the wikipedia entry 6 times. Perhaps some group other than clamav is writing the attachment and addr slices associated with a message and qmail-queue can't read those files unless /var/qmail/simscan is setguid clamav. But I'm just happy it works.
Jeff On 5/8/2017 10:43 AM, Eric Broch wrote:
Hi Jeff:No to both questions...just wanted to know your full procedure next time this issue raises its ugly head. It seems that when it does come up the answer to it is difficult to nail down. Your's (or John's) may well solve most of them, hopefully.Anyway, I'm VERY happy that you found the solution. John Simpson's site has been very helpful to me as well.Eric On 5/8/2017 8:32 AM, Jeff Koch wrote:Hi Eric:My toaster does not have a simscan group (/etc/group). Does yours? Is that in the setup script?Jeff On 5/8/2017 1:20 AM, Eric Broch wrote:Interesting. I'm glad that this worked out for you. It's intriguing because we should have been seeing this issue in CentOS 5/6/7 for some time to the same degree as you have experience. The permissions have been the same across all these platforms.All of my installations have permissions "drwxr-x--- 2 clamav root 6 May 6 17:57 simscan/".And no other installation on the list is having issues like this..., BUT, I will keep this in mind.Did you also change clamav to be a member of the simscan group?Also, I might experiment with the changes you've made on my installations, and if it works, change the rpm install accordingly.On 5/7/2017 8:37 PM, Jeff Koch wrote:Hi Eric: The problem was the permissions and ownership of /var/qmail/simscan I had: drwxr-x--- 2 clamav root 6 May 6 17:57 simscan/ changing this to the following fixed the problem: drwxr-s--- 2 clamav clamav 6 May 6 17:57 simscan/I discovered this solution when I came across 'Simscan Troubleshooting' by John M. Simpson written in 2009 https://qmail.jms1.net/simscan/troubleshooting.shtml.Maybe I screwed something up on the Toaster install but the permissions and ownerships I had for the simscan working directory were wrong and resulted in missing message envelopes and sporadic inability of simscan to pass messages with attachments on to qmail-queue.Eric - thanks for your help and encouragement to examine everything Regards, Jeff Koch On 5/7/2017 7:25 PM, Eric Broch wrote:ftp://ftp.whitehorsetc.com/pub/qmail/CentOS7/qmt/srpms/simscan-1.4.0-0.qt.src.rpm On 5/7/2017 3:27 PM, Jeff Koch wrote:Hi Eric:I'm pretty sure there's something wrong with my simscan and the way it interacts with my server. (I did start with a CentOS 7 minimal install). Doesn't make sense that it would lose the envelope information. That info is supposed to be written to a temporary file in /var/qmail/simscan. I don't think the setup would even accept an email without mailfrom and mailto info.So, I'd like to try recompiling simscan from source. I found source code for version 1.4.0 at https://sourceforge.net/projects/simscan/ but it could be a little stale since it was last modified 10/29/2007. Is that the version you use? do you have a later patched version?Also, I'd need the configure script. Thanks, Jeff Koch On 5/6/2017 11:06 AM, Eric Broch wrote:Hmm... not sure. Not sure if you a 'c' programmer but here's the code: if ( MailFrom[0] == 0 && RcptTo[0][0] == 0 ) { if ( DebugFlag > 0 ) {fprintf(stderr, "simscan: no envelope information, deferred exit\n");} exit_clean(EXIT_454); } Looks like the 'mail from' and 'rcpt to' variables are empty. On 5/6/2017 8:58 AM, Jeff Koch wrote:Hi Eric:One other thing. What does it mean when we see 'simscan: no envelope information, deferred exit'? As in the following:2017-05-06 09:45:11.691723500 simscan: checking attachment image003.png against .bat 2017-05-06 09:45:11.691723500 simscan: checking attachment image003.png against .pif 2017-05-06 09:45:11.691724500 simscan: cdb looking up version attach 2017-05-06 09:45:11.691724500 simscan: runned_scanners is attach: 1.4.02017-05-06 09:45:11.691725500 simscan: found 1.4.0 2017-05-06 09:45:11.691725500 simscan: calling clamdscan2017-05-06 09:45:11.728577500 simscan: clamdscan: /var/qmail/simscan/1494081910.545549.2165: OK2017-05-06 09:45:11.728632500 simscan: clamdscan:2017-05-06 09:45:11.728633500 simscan: clamdscan: ----------- SCAN SUMMARY -----------2017-05-06 09:45:11.728672500 simscan: clamdscan: Infected files: 02017-05-06 09:45:11.728684500 simscan: clamdscan: Time: 0.034 sec (0 m 0 s) 2017-05-06 09:45:11.728961500 simscan: cdb looking up version clamav 2017-05-06 09:45:11.728975500 simscan: runned_scanners is attach: 1.4.0 clamav: 0.99.2/m:2017-05-06 09:45:11.728976500 simscan: found 0.99.2/m:2017-05-06 09:45:11.728977500 simscan: normal clamdscan return code: 02017-05-06 09:45:11.728998500 simscan: done, execing qmail-queue 2017-05-06 09:45:11.758794500 simscan: qmail-queue exited 02017-05-06 09:45:12.076061500 simscan: no envelope information, deferred exit2017-05-06 09:45:12.076219500 simscan: exit error code: 54 Jeff On 5/6/2017 10:21 AM, Eric Broch wrote:[root]#ls -ld /var/qmail/simscan drwxr-x--- 4 clamav root 64 Apr 20 14:18 /var/qmail/simscan [root]# ls -ld /var/qmail/simscan/*drwxr-x--- 2 clamav root 39 Dec 23 01:26 /var/qmail/simscan/1482481568.945036.3336 drwxr-x--- 2 clamav root 73 Dec 23 01:34 /var/qmail/simscan/1482482077.257292.3618yum reinstall simscan On 5/5/2017 12:16 PM, Jeff Koch wrote:Hi Eric:What do your permissions look like for /var/qmail/simscan and it's subdirectories ?Also, we installed everthing from the QMT install script. What's the procedure for removing and reinstalling simscan?Thanks for your help. Jeff On 5/5/2017 1:42 PM, Eric Broch wrote:It does look like a permission's issue. Try these steps with restart and reload of qmail between each step1) Check permissions on your queue, visibly (mine below <queue perms>).2) Check /var/qmail/bin permissions (mine below <qmail bin perms>).3) Remove and reinstall simscan4) Try running one of the good queue repair tools like qfixq, qmail_repair.py. With these make absolutely sure qmail is OFF, and that there are NO straggling send processes.<queue perms> [root]# ls -ld /var/qmail/queue drwxr-x--- 11 qmailq qmail 109 Apr 20 09:49 /var/qmail/queue [root]# ls -l /var/qmail/q* total 16 drwx------ 2 qmails qmail 6 Apr 20 09:49 bounce drwx------ 25 qmails qmail 4096 Apr 20 09:49 info drwx------ 2 qmailq qmail 6 May 5 08:34 intd drwx------ 25 qmails qmail 4096 Apr 20 09:49 local drwxr-x--- 2 qmailq qmail 48 Apr 20 12:58 lock drwxr-x--- 25 qmailq qmail 4096 Apr 20 09:49 mess drwx------ 2 qmailq qmail 6 May 5 08:34 pid drwx------ 25 qmails qmail 4096 Apr 20 09:49 remote drwxr-x--- 2 qmailq qmail 6 May 5 08:34 todo [root]# ls -l /var/qmail/q*/* /var/qmail/queue/bounce: total 0 /var/qmail/queue/info: total 0 drwx------ 2 qmails qmail 6 May 3 03:21 0 drwx------ 2 qmails qmail 6 May 3 04:52 1 drwx------ 2 qmails qmail 6 Apr 20 09:49 10 drwx------ 2 qmails qmail 6 Apr 20 09:49 11 drwx------ 2 qmails qmail 6 Apr 21 06:06 12 drwx------ 2 qmails qmail 6 Apr 20 09:49 13 drwx------ 2 qmails qmail 6 May 5 03:31 14 drwx------ 2 qmails qmail 6 Apr 20 09:49 15 drwx------ 2 qmails qmail 6 Apr 20 09:49 16 drwx------ 2 qmails qmail 6 Apr 20 09:49 17 drwx------ 2 qmails qmail 6 May 3 04:52 18 drwx------ 2 qmails qmail 6 May 5 08:34 19 drwx------ 2 qmails qmail 6 May 1 03:42 2 drwx------ 2 qmails qmail 6 May 4 03:47 20 drwx------ 2 qmails qmail 6 Apr 20 09:49 21 drwx------ 2 qmails qmail 6 Apr 20 09:49 22 drwx------ 2 qmails qmail 6 May 4 03:47 3 drwx------ 2 qmails qmail 6 May 5 08:34 4 drwx------ 2 qmails qmail 6 May 2 04:49 5 drwx------ 2 qmails qmail 6 May 1 07:21 6 drwx------ 2 qmails qmail 6 Apr 23 03:23 7 drwx------ 2 qmails qmail 6 May 2 04:49 8 drwx------ 2 qmails qmail 6 Apr 20 13:02 9 /var/qmail/queue/intd: total 0 /var/qmail/queue/local: total 0 drwx------ 2 qmails qmail 6 May 3 03:21 0 drwx------ 2 qmails qmail 6 May 3 04:52 1 drwx------ 2 qmails qmail 6 Apr 20 09:49 10 drwx------ 2 qmails qmail 6 Apr 20 09:49 11 drwx------ 2 qmails qmail 6 Apr 21 06:06 12 drwx------ 2 qmails qmail 6 Apr 20 09:49 13 drwx------ 2 qmails qmail 6 May 5 03:31 14 drwx------ 2 qmails qmail 6 Apr 20 09:49 15 drwx------ 2 qmails qmail 6 Apr 20 09:49 16 drwx------ 2 qmails qmail 6 Apr 20 09:49 17 drwx------ 2 qmails qmail 6 May 3 04:52 18 drwx------ 2 qmails qmail 6 May 5 08:34 19 drwx------ 2 qmails qmail 6 May 1 03:42 2 drwx------ 2 qmails qmail 6 May 4 03:47 20 drwx------ 2 qmails qmail 6 Apr 20 09:49 21 drwx------ 2 qmails qmail 6 Apr 20 09:49 22 drwx------ 2 qmails qmail 6 May 4 03:47 3 drwx------ 2 qmails qmail 6 May 5 08:34 4 drwx------ 2 qmails qmail 6 May 2 04:49 5 drwx------ 2 qmails qmail 6 May 1 07:21 6 drwx------ 2 qmails qmail 6 Apr 23 03:23 7 drwx------ 2 qmails qmail 6 May 2 04:49 8 drwx------ 2 qmails qmail 6 Apr 20 09:49 9 /var/qmail/queue/lock: total 4 -rw------- 1 qmails qmail 0 Apr 20 09:49 sendmutex -rw-r--r-- 1 qmailr qmail 1024 Apr 27 06:08 tcpto prw--w--w- 1 qmails qmail 0 May 5 08:34 trigger /var/qmail/queue/mess: total 0 drwxr-x--- 2 qmailq qmail 6 May 3 03:21 0 drwxr-x--- 2 qmailq qmail 6 May 3 04:52 1 drwxr-x--- 2 qmailq qmail 6 Apr 20 09:49 10 drwxr-x--- 2 qmailq qmail 6 Apr 20 09:49 11 drwxr-x--- 2 qmailq qmail 6 Apr 21 06:06 12 drwxr-x--- 2 qmailq qmail 6 Apr 20 09:49 13 drwxr-x--- 2 qmailq qmail 6 May 5 03:31 14 drwxr-x--- 2 qmailq qmail 6 Apr 20 09:49 15 drwxr-x--- 2 qmailq qmail 6 Apr 20 09:49 16 drwxr-x--- 2 qmailq qmail 6 Apr 20 09:49 17 drwxr-x--- 2 qmailq qmail 6 May 3 04:52 18 drwxr-x--- 2 qmailq qmail 6 May 5 08:34 19 drwxr-x--- 2 qmailq qmail 6 May 1 03:42 2 drwxr-x--- 2 qmailq qmail 6 May 4 03:47 20 drwxr-x--- 2 qmailq qmail 6 Apr 20 09:49 21 drwxr-x--- 2 qmailq qmail 6 Apr 20 09:49 22 drwxr-x--- 2 qmailq qmail 6 May 4 03:47 3 drwxr-x--- 2 qmailq qmail 6 May 5 08:34 4 drwxr-x--- 2 qmailq qmail 6 May 2 04:49 5 drwxr-x--- 2 qmailq qmail 6 May 1 07:21 6 drwxr-x--- 2 qmailq qmail 6 Apr 23 03:23 7 drwxr-x--- 2 qmailq qmail 6 May 2 04:49 8 drwxr-x--- 2 qmailq qmail 6 Apr 20 13:02 9 /var/qmail/queue/pid: total 0 /var/qmail/queue/remote: total 0 drwx------ 2 qmails qmail 6 Apr 20 09:49 0 drwx------ 2 qmails qmail 6 Apr 20 09:49 1 drwx------ 2 qmails qmail 6 Apr 20 09:49 10 drwx------ 2 qmails qmail 6 Apr 20 09:49 11 drwx------ 2 qmails qmail 6 Apr 20 09:49 12 drwx------ 2 qmails qmail 6 Apr 20 09:49 13 drwx------ 2 qmails qmail 6 Apr 20 09:49 14 drwx------ 2 qmails qmail 6 Apr 20 09:49 15 drwx------ 2 qmails qmail 6 Apr 20 09:49 16 drwx------ 2 qmails qmail 6 Apr 20 09:49 17 drwx------ 2 qmails qmail 6 Apr 20 09:49 18 drwx------ 2 qmails qmail 6 Apr 20 13:10 19 drwx------ 2 qmails qmail 6 Apr 20 09:49 2 drwx------ 2 qmails qmail 6 Apr 20 09:49 20 drwx------ 2 qmails qmail 6 Apr 20 09:49 21 drwx------ 2 qmails qmail 6 Apr 20 09:49 22 drwx------ 2 qmails qmail 6 Apr 20 09:49 3 drwx------ 2 qmails qmail 6 Apr 20 09:49 4 drwx------ 2 qmails qmail 6 Apr 20 09:49 5 drwx------ 2 qmails qmail 6 Apr 20 09:49 6 drwx------ 2 qmails qmail 6 Apr 20 09:49 7 drwx------ 2 qmails qmail 6 Apr 20 09:49 8 drwx------ 2 qmails qmail 6 Apr 20 13:02 9 /var/qmail/queue/todo: total 0 </queue perms> <qmail bin perms> [root]# ls -l /var/qmail/bin total 1444 -rwxr-xr-x 1 root qmail 14480 Apr 20 09:49 bouncesaying -rwxr-xr-x 1 root qmail 31184 Apr 20 09:49 condredirect -rwxr-xr-x 1 root qmail 1087 Apr 20 09:49 config-fast -rwxr-xr-x 1 root qmail 126 Apr 20 09:49 datemail -rwxr-xr-x 1 root qmail 928 Apr 20 09:49 dh_key -rwxr-xr-x 1 root qmail 114 Apr 20 09:49 elq -rwxr-xr-x 1 root qmail 14480 Apr 20 09:49 except -rwxr-xr-x 1 root qmail 31152 Apr 20 09:49 forward -rwxr-xr-x 1 root qmail 26824 Apr 20 09:49 instcheck -rwxr-xr-x 1 root qmail 26920 Apr 20 09:49 maildir2mbox -rwxr-xr-x 1 root qmail 14504 Apr 20 09:49 maildirmake -rwxr-xr-x 1 root qmail 22856 Apr 20 09:49 maildirwatch -rwxr-xr-x 1 root qmail 179 Apr 20 09:49 mailsubj -rwxr-xr-x 1 root qmail 8259 Apr 20 09:49 makecert.sh -rwxr-xr-x 1 root qmail 115 Apr 20 09:49 pinq -rwxr-xr-x 1 root qmail 18824 Apr 20 09:49 predate -rwxr-xr-x 1 root qmail 18760 Apr 20 09:49 preline -rwxr-xr-x 1 root qmail 115 Apr 20 09:49 qail -rwxr-xr-x 1 root qmail 18728 Apr 20 09:49 qbiff-rwxr-xr-x 1 root qmail 18672 Apr 20 09:49 qmail-badloadertypes-rwxr-xr-x 1 root qmail 18672 Apr 20 09:49 qmail-badmimetypes -rwx--x--x 1 root qmail 14680 Apr 20 09:49 qmail-clean -rws--x--x 1 qmailq qmail 52096 Apr 20 09:49 qmail-dk -rwx--x--x 1 root qmail 10416 Apr 20 09:49 qmail-getpw -rwxr-xr-x 1 root qmail 51728 Apr 20 09:49 qmail-inject -rwx--x--x 1 root qmail 64120 Apr 20 09:49 qmail-local -rwx------ 1 root qmail 22848 Apr 20 09:49 qmail-lspawn -rwx------ 1 root qmail 18672 Apr 20 09:49 qmail-newmrh -rwx------ 1 root qmail 14576 Apr 20 09:49 qmail-newu -rwx--x--x 1 root qmail 22904 Apr 20 09:49 qmail-pw2u -rwxr-xr-x 1 root qmail 18744 Apr 20 09:49 qmail-qmqpc -rwxr-xr-x 1 root qmail 22832 Apr 20 09:49 qmail-qmqpd -rwxr-xr-x 1 root qmail 31032 Apr 20 09:49 qmail-qmtpd -rwxr-xr-x 1 root qmail 22776 Apr 20 09:49 qmail-qread -rwxr-xr-x 1 root qmail 371 Apr 20 09:49 qmail-qstatlrwxrwxrwx 1 root root 23 Apr 20 12:58 qmail-queue -> /var/qmail/bin/qmail-dk-rws--x--x 1 qmailq qmail 27040 Apr 20 09:49 qmail-queue.orig -rwx--x--x 1 root qmail 56080 Apr 20 09:49 qmail-remote -rwx--x--x 1 root qmail 56080 Feb 6 2015 qmail-remote.orig -rwx--x--x 1 root qmail 18704 Apr 20 09:49 qmail-rspawn -rwx--x--x 1 root qmail 59936 Apr 20 09:49 qmail-send -rwxr-xr-x 1 root qmail 22816 Apr 20 09:49 qmail-showctl -rwxr-xr-x 1 root qmail 205680 Apr 20 09:49 qmail-smtpd -rwx------ 1 root qmail 10424 Apr 20 09:49 qmail-start -rwxr-xr-x 1 root qmail 14512 Apr 20 09:49 qmail-tcpok -rwxr-xr-x 1 root qmail 14544 Apr 20 09:49 qmail-tcpto -rwxr-xr-x 1 root qmail 31152 Apr 20 09:49 qreceipt -rwxr-xr-x 1 root qmail 14568 Apr 20 09:49 qsmhook -rwxr-xr-x 1 root qmail 14576 Apr 20 09:49 sendmail -rws--x--x 1 clamav root 34774 Apr 6 2016 simscan -rwsr-xr-x 1 root root 24461 Apr 6 2016 simscanmk -rwxr-xr-x 1 root qmail 35528 Apr 20 09:49 spfquery -rwx--x--x 1 root qmail 10504 Apr 20 09:49 splogger -rwxr-xr-x 1 root qmail 31152 Apr 20 09:49 srsfilter -rwxr-xr-x 1 root qmail 26864 Apr 20 09:49 tcp-env -rwxr-xr-x 1 root root 618 Dec 24 2013 update-simscan </qmail bin perms> On 5/5/2017 10:29 AM, Jeff Koch wrote:Hi Eric:simscan debugging log seems to be showing the problem but I'll need your help figuring out what to do about it. Here's a copy of simscan log entries showing the 451 'qq soft reject' errors. I have clamav disabled in simscan but you can see that simscan is still taking apart the attachments.Keep in mind that not all emails with attachments are having the soft reject issue. Here are two examples where attachments generated a soft reject and one example where it didn't.I googled 'exit error code: 71' and found some references going back to 2006-7 discussing group permissions on /var/qmail/simscan and umask issues and the simscan-1.4.0-umask.patch that was supposed to correct this problem.Any idea what I should do to fix this problem on my server? Thanks, Jeff Koch Example One - showing 451 qq soft reject2017-05-05 11:08:35.407367500 simscan: checking attachment textfile1 against .pif 2017-05-05 11:08:35.407368500 simscan: checking attachment textfile2 against .mp3 2017-05-05 11:08:35.407374500 simscan: checking attachment textfile2 against .src 2017-05-05 11:08:35.407375500 simscan: checking attachment textfile2 against .bat 2017-05-05 11:08:35.407375500 simscan: checking attachment textfile2 against .pif 2017-05-05 11:08:35.407376500 simscan: cdb looking up version attach 2017-05-05 11:08:35.407376500 simscan: runned_scanners is attach: 1.4.02017-05-05 11:08:35.407377500 simscan: found 1.4.0 2017-05-05 11:08:35.407377500 simscan: clamdscan disabled2017-05-05 11:08:35.407378500 simscan: done, execing qmail-queue 2017-05-05 11:08:35.408635500 simscan: error writing msg to qmail-queue error: 322017-05-05 11:08:35.408812500 simscan: exit error code: 712017-05-05 11:08:35.408991500 qmail-smtpd: qq soft reject (mail server temporarily rejected message (#4.3.0)): MAILFROM:<[email protected]> RCPTTO:[email protected]Example Two - showing 451 qq soft reject2017-05-05 11:08:45.623775500 simscan: checking attachment ficha de inscripcion logistica de .xlsx against .bat 2017-05-05 11:08:45.623776500 simscan: checking attachment ficha de inscripcion logistica de .xlsx against .pif 2017-05-05 11:08:45.623778500 simscan: checking attachment FICHA DE .xlsx against .mp3 2017-05-05 11:08:45.623779500 simscan: checking attachment ficha de i.xlsx against .src 2017-05-05 11:08:45.623779500 simscan: checking attachment ficha de .xlsx against .bat 2017-05-05 11:08:45.623780500 simscan: checking attachment ficha de .xlsx against .pif 2017-05-05 11:08:45.623780500 simscan: cdb looking up version attach 2017-05-05 11:08:45.623785500 simscan: runned_scanners is attach: 1.4.02017-05-05 11:08:45.623785500 simscan: found 1.4.0 2017-05-05 11:08:45.623786500 simscan: clamdscan disabled2017-05-05 11:08:45.623807500 simscan: done, execing qmail-queue 2017-05-05 11:08:45.625205500 simscan: error writing msg to qmail-queue error: 322017-05-05 11:08:45.625526500 simscan: exit error code: 712017-05-05 11:08:45.625718500 qmail-smtpd: qq soft reject (mail server temporarily rejected message (#4.3.0)): MAILFROM:<[email protected]> RCPTTO:[email protected]Example Three - attachments but no error2017-05-05 11:08:53.901311500 simscan: checking attachment textfile2 against .bat 2017-05-05 11:08:53.901312500 simscan: checking attachment textfile2 against .pif 2017-05-05 11:08:53.901312500 simscan: checking attachment textfile3 against .mp3 2017-05-05 11:08:53.901313500 simscan: checking attachment textfile3 against .src 2017-05-05 11:08:53.901313500 simscan: checking attachment textfile3 against .bat 2017-05-05 11:08:53.901314500 simscan: checking attachment textfile3 against .pif 2017-05-05 11:08:53.901316500 simscan: cdb looking up version attach 2017-05-05 11:08:53.901317500 simscan: runned_scanners is attach: 1.4.02017-05-05 11:08:53.901317500 simscan: found 1.4.0 2017-05-05 11:08:53.901318500 simscan: clamdscan disabled2017-05-05 11:08:53.901339500 simscan: done, execing qmail-queue2017-05-05 11:08:53.918481500 simscan: qmail-queue exited 0 On 5/4/2017 1:35 AM, Eric Broch wrote:Spamdyke was not interfering with my logging when I tested, but then again I wasn't getting any errors.It's interesting that you see a spamd connection and spamc (spam=no) is turned off with simcontrol.Also, did you check /var/log/qmail/smtp/current? This is where you should see simscan logging.On 5/3/2017 9:38 PM, Jeff Koch wrote:HI Eric: Here's what I have in tcp.smtp: :allow,BADMIMETYPE="",BADLOADERTYPE="M",CHKUSER_RCPTLIMIT="100",CHKUSER_WRONGRCPTLIMIT="10",NOP0FCHECK="1",QMAILQUEUE="/var/qmail/bin/simscan",DKQUEUE="/var/qmail/bin/qmail-queue.orig",DKVERIFY="DEGIJKfh",DKSIGN="/var/qmail/control/domainkeys/%/private" and here's what I have in /var/qmai/control/simcontrol :clam=yes,spam=no,spam_hits=12,attach=.mp3:.src:.bat:.pifand I know simscan is working because I see the clamav entries in /var/log/maillog. Note: we need to have clamav running because the email is going to real people. But when clamav was turned off there no simscan logging either.Here's what I have in /var/qmail/supervise/smtp/run #!/bin/sh SIMSCAN_DEBUG=5 export SIMSCAN_DEBUG QMAILDUID=`id -u vpopmail` NOFILESGID=`id -g vpopmail` MAXSMTPD=`cat /var/qmail/control/concurrencyincoming` SPAMDYKE="/usr/bin/spamdyke" SPAMDYKE_CONF="/etc/spamdyke/spamdyke.conf" SMTPD="/var/qmail/bin/qmail-smtpd" TCP_CDB="/etc/tcprules.d/tcp.smtp.cdb" HOSTNAME=`hostname` VCHKPW="/home/vpopmail/bin/vchkpw" REQUIRE_AUTH=0 exec /usr/bin/softlimit -m 128000000 \/usr/bin/tcpserver -v -R -H -l $HOSTNAME -x $TCP_CDB -c "$MAXSMTPD" \-u "$QMAILDUID" -g "$NOFILESGID" 0 smtp \ $SPAMDYKE --config-file $SPAMDYKE_CONF \ $SMTPD $VCHKPW /bin/true 2>&1and I ran qmailctl - stop - cdb - start (Note: The HOSTNAME entry is exactly as shown 'hostname' - we did not change it to the actual hostnameIn the /var/log/maillog we see no entries that reference 'simscan' - is that the log that the debug logging should appear in?In this log we see entries referencing 'spamdyke', spamd, clamd, vpopmail (vchkpw-smtp) but none that says 'simscan' ** remember we have clamav running:May 3 22:28:47 server spamdyke[26952]: ALLOWED from:................... May 3 22:31:40 server spamd[2772]: spamd: connection.............. May 3 22:31:52 server clamd[661]: /var/qmail............................. May 3 22:25:55 server vpopmail[26673]: vchkpw-smtp: vpopmail user.........................and were are still seeing DENIED_OTHER 451 rejects like this:May 3 22:32:20 server spamdyke[27401]: DENIED_OTHER from: 3294909110062131b4b02-b17122-5f62f91568cf4aa2ad5adb71f8f94...@mg.expediaxxx.com to: [email protected] origin_ip: 135.84.xxx.10 origin_rdns: gears217-10.expediaxxx.com auth: (unknown) encryption: TLS reason: 451_mail_server_temporarily_rejected_message_(#4.3.0)As you can see we do have spamdyke running. Could that be interfering with the logging?Jeff On 5/3/2017 10:09 AM, Eric Broch wrote:Did you turn simscan on in tcp.smtp: QMAILQUEUE=/var/qmail/bin/simscan and stop/cdb/start qmail? On 5/2/2017 9:08 PM, Jeff Koch wrote:HI Eric:I turned on simscan debugging but I don't see any 'simscan' logging in /var/log/maillog or /var/log/qmail/smtpJeff On 5/2/2017 12:27 AM, Eric Broch wrote:I wonder if you have a permissions issue somewhere?You could now change /var/qmail/supervise/smtp/run script to debug simscan by adding the following settingsSIMSCAN_DEBUG=5 export SIMSCAN_DEBUG and in tcp.smtp change QMAILQUEUE=/var/qmail/bin/simscan and in simcontrol change to :clam=no, spam=no and qmailctl stop/cdb/start and see what the log produces. You should (hopefully) see the reason for the failure. On 5/1/2017 8:59 PM, Jeff Koch wrote:Hi Eric: Here are the results of this tests. See below: On 4/30/2017 1:08 AM, Eric Broch wrote:No effect - still seeing spamdyke DENIED_OTHER - 451_mail_server_temporarily_rejected_message_(#4.3.0)Also,My plan was that you would change things a step at a time (and check between steps whether qq soft rejects persisted) in this order:Step 1) Increase softlimit in smtp run file (stop/start/cdb qmail) to 128000000No effect - 451_mail_server_temporarily_rejected_message_(#4.3.0)Step 2) Change /var/qmail/control/simcontrol settings from:clam=yes,spam=yes,spam_hits=12,attach=.mp3:.src:.bat:.pif to :clam=no,spam=no this stops clamd, spamc, and ripmime. stop/start/cdb qmail.So far it looks good. I've let the server run for 20 minutes and I don't see any 'DENIED_OTHER' or 451's nor do we see any qq soft rejects in /var/qmail/log/smtp/current.Step 3) Revert /var/qmail/control/simcontrol settings and change /etc/tcprules.d/tcp.smtpQMAILQUEUE="/var/qmail/bin/simscan" to QMAILQUEUE="/var/qmail/bin/qmail-queue.orig" stop/start/cdb qmail.It is interesting that spamd seems to be running. That is probably because we use 'spamc' in a maildrop filter that also develops a spamassassin score prior to dropping the message into the user's mailbox. If the score is over the threshold the filter diverts the message to the domain's spam user's mailbox. I'm also now getting detailed spam analysis information in the /var/log/maillog. I wasn't seeing that before.I should point out that this is the same procedure and setup we've used successfully for almost ten years with Bill's Toaster. With the Bill's Toaster setup the spamassassin logs were logged separately at /var/log/spamd/. Is it possible that two instances of spamassassin are conflicting with each otherThe issue does seem to be related to simscan - even with spam and clam disabled in simscan we were getting 451 rejects / DENIED_OTHERPlease let me know what you think. JeffOnce we get this stop we can start adding things in one at a time with simscan in debug mode to find out where the problem is.Eric On 4/29/2017 10:26 PM, Eric Broch wrote:Sorry, Jeff, change QMAILQUEUE="/var/qmail/bin/qmail-queue QMAILQUEUE="/var/qmail/bin/qmail-queue.origqmail-queue is a link to qmail-dk so use qmail-queue.origEric On 4/29/2017 10:01 PM, Jeff Koch wrote:Hi Eric:no indication of segfaults in /var/log/messages or dmesgsoftlimit is set at 100000000 (100MB)changed clam and spam to 'no' and did qmailctl stop, cdb, startchanged This was the contents of tcp.smtp: :allow,BADMIMETYPE="",BADLOADERTYPE="M",CHKUSER_RCPTLIMIT="100",CHKUSER_WRONGRCPTLIMIT="10",NOP0FCHECK="1",QMAILQUEUE="/var/qmail/bin/simscan",DKQUEUE="/var/qmail/bin/qmail-queue.orig",DKVERIFY="DEGIJKfh",DKSIGN="/var/qmail/control/domainkeys/%/private" changed to: :allow,BADMIMETYPE="",BADLOADERTYPE="M",CHKUSER_RCPTLIMIT="100",CHKUSER_WRONGRCPTLIMIT="10",NOP0FCHECK="1",QMAILQUEUE="/var/qmail/bin/qmail-queue",DKQUEUE="/var/qmail/bin/qmail-queue.orig",DKVERIFY="DEGIJKfh",DKSIGN="/var/qmail/control/domainkeys/%/private" and then did qmailctl stop, cdb, start Now the /var/log/maillog is showing many:DENIED_OTHER from: [email protected] to: [email protected] origin_ip: 98.130.1.xx8 origin_rdns: mail1103.opentransfer.com auth: (unknown) encryption: (none) reason: 554_qmail-dk:_Cannot_sign_message_due_to_invalid_message_syntax._(#5.3.0)and /var/log/qmail/smtpqmail-smtpd: qq hard reject (qmail-dk: Cannot sign message due to invalid message syntax. (#5.3.0)): MAILFROM:<323792861003aa0d40b02-b17119-1eec421bc9e947029e3ec865f716e...@mg.mailer.cxxxxtickets.com> RCPTTO:[email protected]This seems weird. Not sure why the server would be trying to sign a message that is coming to a local recipient. I could see it signing a message being sent or relayed but not received for a local recipientJeff On 4/29/2017 2:02 PM, Eric Broch wrote:Jeff, In summary...DENIED_OTHER: The connection was rejected by qmail (or another downstream filter), not spamdyke.|REASON| will contain the rejection message given by qmail (or other downstream filter).REASON: 451_mail_server_temporarily_rejected_message_(#4.3.0).Check /var/log/messages for segfault Check /var/qmail/supervise/smtp/run softlimit Try this:Edit /var/qmail/control/simcontrol and set the following to 'no':clam=no,spam=no # qmailctl stop # qmailctl cdb # qmailctl start Let me know. If that doesn't work edit /etc/tcprules.d/tcp.smtp change QMAILQUEUE="/var/qmail/bin/simscan" to QMAILQUEUE="/var/qmail/bin/qmail-queue" Eric On 4/29/2017 11:23 AM, Jeff Koch wrote:Hi Erin:Thanks, we found the tcp.smtp file at /etc/trcrules.d and pointed spamdyke there. So that's fixed.We also pointed the certificate file to /var/qmail/control/servercert.pem and cleared those errors.However, we are still seeing qq soft rejects in /var/log/qmail/smtp/current. They seem to be related to the matching spamdyke log entries in /var/log/maillog. Example:Apr 29 11:05:46 server clamd[661]: /var/qmail/simscan/1493481946.217350.3912/msg.1493481946.217350.3912:OKApr 29 11:05:46 server clamd[661]: /var/qmail/simscan/1493481946.217350.3912/addr.1493481946.217350.3912:OKApr 29 11:05:46 server clamd[661]: /var/qmail/simscan/1493481946.217350.3912/textfile1: OK Apr 29 11:05:46 server clamd[661]: /var/qmail/simscan/1493481946.217350.3912/2c7fdfebf8050265e8b51bd3c2ea58f0: OKApr 29 11:05:46 server spamdyke[3905]: DENIED_OTHER from: [email protected] to: yyyy.yyy@idfim portadora.com origin_ip: 67.211.215.94 origin_rdns: km61.pokemailing.com auth: (unknown) encryption: (no ne) reason: 451_mail_server_temporarily_rejected_message_(#4.3.0)I put the clamd log entries above so you could that clamd passed the message OK. However does anybody know what 'DENIED OTHER" means or figure out from the message why spamdyke rejected the message?Jeff Koch On 4/29/2017 1:18 AM, Eric Broch wrote:Hi Jeff,Do you know why spamdyke would be looking in /home/vpopmail/etc for anything ? I've never heard of this before.Spamdyke's configuration directory is a link in /etc: /etc/spamdyke -> ../opt/spamdyke/etc.Here's my spamdyke configuration: 'cat /etc/spamdyke/spamdyke.conf'<spamdyke.conf> #dns-blacklist-entry=zombie.dnsbl.sorbs.net #dns-blacklist-entry=dul.dnsbl.sorbs.net #dns-blacklist-entry=bogons.cymru.com dns-blacklist-entry=zen.spamhaus.org dns-blacklist-entry=bl.spamcop.net graylist-dir=/var/spamdyke/graylist graylist-level=none graylist-max-secs=2678400 graylist-min-secs=180 greeting-delay-secs=2 header-blacklist-entry=From:*>,*<* idle-timeout-secs=60 ip-blacklist-file=/etc/spamdyke/blacklist_ipip-in-rdns-keyword-blacklist-file=/etc/spamdyke/blacklist_keywords ip-in-rdns-keyword-whitelist-file=/etc/spamdyke/whitelist_keywordsip-whitelist-file=/etc/spamdyke/whitelist_ip qmail-rcpthosts-file=/var/qmail/control/rcpthosts#qmail-rcpthosts-file=/var/qmail/control/qmail-morercpthosts-cdblog-level=info max-recipients=50 #policy-url=http://my.policy.explanation.url/ rdns-blacklist-file=/etc/spamdyke/blacklist_rdns rdns-whitelist-file=/etc/spamdyke/whitelist_rdnsrecipient-blacklist-file=/etc/spamdyke/blacklist_recipients recipient-whitelist-file=/etc/spamdyke/whitelist_recipientsreject-empty-rdns #reject-ip-in-cc-rdns reject-sender=no-mx reject-unresolvable-rdnssender-blacklist-file=/etc/spamdyke/blacklist_senders sender-whitelist-file=/etc/spamdyke/whitelist_senders tls-certificate-file=/var/qmail/control/servercert.pemtls-level=smtp </spamdyke.conf>And, how did you make your certificate and where did you put it?Let me know if that helps. Eric On 4/28/2017 6:26 PM, Jeff Koch wrote:Apr 28 09:52:29 server spamdyke[20476]: ERROR: unable to open file for searching /home/vpopmail/etc/open-smtp: No such file or directory Apr 28 09:52:32 server spamdyke[20476]: ERROR: unable to load or decrypt SSL/TLS private key from file: /home/vpopmail/spamdyke/server_domain_net.key : A protocol or library failure occurred, error:0B080074:lib(11):func(128):reason(116) Apr 28 09:52:32 server spamdyke[20476]: ERROR: incorrect SSL/TLS private key password or SSL/TLS certificate/privatekey mismatch/home/vpopmail/spamdyke/server_domain_net.key : A protocol or library failure occurred, error:140A80B1:lib(20):func(168):reason(177)-- Eric Broch White Horse Technical Consulting (WHTC)-- Eric Broch White Horse Technical Consulting (WHTC)-- Eric Broch White Horse Technical Consulting (WHTC)-- Eric Broch White Horse Technical Consulting (WHTC)-- Eric Broch White Horse Technical Consulting (WHTC)-- Eric Broch White Horse Technical Consulting (WHTC)-- Eric Broch White Horse Technical Consulting (WHTC)-- Eric Broch White Horse Technical Consulting (WHTC)-- Eric Broch White Horse Technical Consulting (WHTC)-- Eric Broch White Horse Technical Consulting (WHTC)
