I remember having to set that number VERY high in the run file to stop those
errors. Here is mine for /var/qmail/supervise/smtp/run
[root@mail smtp]# cat run
#!/bin/sh
QMAILDUID=`id -u vpopmail`
NOFILESGID=`id -g vpopmail`
MAXSMTPD=`cat /var/qmail/control/concurrencyincoming`
SPAMDYKE="/usr/bin/spamdyke"
SPAMDYKE_CONF="/etc/spamdyke/spamdyke.conf"
SMTPD="/var/qmail/bin/qmail-smtpd"
TCP_CDB="/etc/tcprules.d/tcp.smtp.cdb"
HOSTNAME=`hostname`
VCHKPW="/home/vpopmail/bin/vchkpw"
REQUIRE_AUTH=0
exec /usr/bin/softlimit -m 64000000 \
/usr/bin/tcpserver -v -R -H -l $HOSTNAME -x $TCP_CDB -c "$MAXSMTPD" \
-u "$QMAILDUID" -g "$NOFILESGID" 0 smtp \
$SPAMDYKE --config-file $SPAMDYKE_CONF \
$SMTPD $VCHKPW /bin/true 2>&1
I set it the same for /send/, but it was different for submission:
[root@mail submission]# cat run
#!/bin/sh
QMAILDUID=`id -u vpopmail`
NOFILESGID=`id -g vpopmail`
MAXSMTPD=`cat /var/qmail/control/concurrencyincoming`
SMTPD="/var/qmail/bin/qmail-smtpd"
TCP_CDB="/etc/tcprules.d/tcp.smtp.cdb"
HOSTNAME=`hostname`
VCHKPW="/home/vpopmail/bin/vchkpw"
export REQUIRE_AUTH=1
exec /usr/bin/softlimit -m 128000000 \
/usr/bin/tcpserver -v -R -H -l $HOSTNAME -x $TCP_CDB -c "$MAXSMTPD" \
-u "$QMAILDUID" -g "$NOFILESGID" 0 587 \
$SMTPD $VCHKPW /bin/true 2>&1
From: Angus McIntyre <[email protected]>
Reply-To: <[email protected]>
Date: Monday, July 20, 2020 at 3:36 PM
To: <[email protected]>
Subject: Re: [qmailtoaster] How to debug 'qq soft reject'?
Thank you Finn and Remo
I tried doubling the softlimit, and using Remo's configuration, but the
problem remains.
I'm not seeing any additional output in /var/qmail/log/smtp/current. Is
that the logfile where the simscan debug output should go, or should I
look for it somewhere else?
I assume that it's something that simscan launches. Here's the
'smtp/current' log:
@400000005f15ef8c19226514 tcpserver: pid 17174 from 11.22.33.44
@400000005f15ef8c192270cc tcpserver: ok 17174 s6:198.74.60.61:25
:11.22.33.44::38580
@400000005f15ef932c056ab4 CHKUSER accepted sender: from
<[email protected]::> remote
<mail-qt1-f169.google.com:unknown:11.22.33.44> rcpt <> : sender accepted
@400000005f15ef932c22d5f4 CHKUSER accepted any rcpt: from
<[email protected]::> remote
<mail-qt1-f169.google.com:unknown:11.22.33.44> rcpt <[email protected]>
: accepted any recipient for this domain
@400000005f15ef932c22e1ac policy_check: remote [email protected] -> local
[email protected] (UNAUTHENTICATED SENDER)
@400000005f15ef932c22e594 policy_check: policy allows transmission
@400000005f15ef932e9f3034 qmail-smtpd: qq soft reject (mail server
temporarily rejected message (#4.3.0)): MAILFROM:<[email protected]>
RCPTTO:[email protected]
@400000005f15ef932f9c8b94 tcpserver: end 17174 status 0
@400000005f15ef932f9c9364 tcpserver: status: 0/100
But I can't find any logs anywhere that will tell me _what_ is failing.
Thanks again for all your help. Any further suggestions would be very
welcome.
Angus
Remo Mattei wrote on 7/20/20 2:55 PM:
here is what mine looks like
:allow,SIMSCAN_DEBUG="2",CHKUSER_EXTRA_MUSTAUTH_VARIABLE,BADMIMETYPE="",BADLOADERTYPE="M",CHKUSER_RCPTLIMIT="150",CHKUSER_WRONGRCPTLIMIT="10",NOP0FCHECK="1",QMAILQUEUE="/var/qmail/bin/simscan",DKQUEUE="/var/qmail/bin/qmail-queue.orig",DKVERIFY="DEGIJKfh",DKSIGN="/var/qmail/control/domainkeys/%/privateā
you probably want to have that out of the 127.
Remo
On Jul 20, 2020, at 11:52 AM, [email protected] wrote:
Hi Angus.
Have You tried to increase the softlimit in the run file ? (to get rid of the
issue ;-))
Cheers,
Finn
Den 20-07-2020 kl. 20:01 skrev Angus McIntyre:
My qmailtoaster running on CentOS 7 was behaving fine, but now seems to soft
reject everything, and I'm having a hard time working out why.
It doesn't seem to be a ClamAV issue: I set 'clam=no' in
'/var/qmail/control/simcontrol' and restarted qmail, but I still get the
rejections.
I added 'SIMSCAN_DEBUG="5"' to the list of env vars in
'/etc/tcprules.d/tcp.smtp', but that doesn't seem to generate any actionable
debugging output anywhere that I can see.
Does anyone have any suggestions for debugging this issue? I know there's been
some talk of bad signatures for ClamAV recently, but I _thought_ I'd eliminated
that as a possibility by turning off clam in simcontrol. If that's not the
case, how would I identify (and suppress) a bad signature?
Thanks,
Angus
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
