> On Aug 10, 2020, at 11:29 AM, Diego Piñon Conde <[email protected]> wrote: > > Thank you to all the guys who help me to reestablish my toaster, especially > to Eric, Remo and Philip. > No problems > > Do you think the real culprit off this mess was dspam? > > I use DSPAM on my side for years never had any issues > if yes, do you think it is recommended to make a purge/clean of this db time > to time? Or this was just a strange case? > I run a cron job on my side to clean/purge > > At this stage spamdike was the only who use dspam isn't? Disabling spamdike > could have allowed local queued emails to flow normally while the error was > resolved? > > Again, thank you Eric for your invaluable and selfless help and your great > work with qmailtoaster. > Hopefully that helps answer your questions.
Ciao > El 08/08/2020 a las 06:45 p. m., Eric Broch escribió: >> I'm not sure what to say at this point, maybe run the attached script. >> >> All it does is reinstall the relevant packages and change the permissions >> appropriately >> >> If that doesn't work, I saw Remo's offer for a Zoom session and their's >> always the ClamAV users' list. >> >> I'd be interested to know the problem. >> >> Eric >> >> On 8/8/2020 12:01 PM, Diego Piñon Conde wrote: >>> sure! >>> >>> root 6126 1.0 0.0 112812 964 pts/1 S+ 14:59 0:00 >>> grep --color=auto clam >>> clamupd+ 30315 0.0 0.2 130376 4028 ? Ss 12:00 0:00 >>> /usr/bin/freshclam -d --foreground=true >>> >>> >>> El 08/08/2020 a las 02:38 p. m., Eric Broch escribió: >>>> can you do this >>>> >>>> # ps aux |grep clam >>>> >>>> and post output >>>> >>>> On 8/8/2020 11:28 AM, Diego Piñon Conde wrote: >>>>> sorry for the delay Eric!, I was travelling to home... >>>>> >>>>> Job for [email protected] <mailto:[email protected]> failed because the >>>>> control process exited with error code. See "systemctl status >>>>> [email protected] <mailto:[email protected]>" and "journalctl -xe" for >>>>> details. >>>>> >>>>> Did not start... >>>>> >>>>> systemctl status [email protected] <mailto:[email protected]> >>>>> ● [email protected] <mailto:[email protected]> - clamd scanner (scan) >>>>> daemon >>>>> Loaded: loaded (/usr/lib/systemd/system/[email protected]; enabled; >>>>> vendor preset: disabled) >>>>> Active: failed (Result: start-limit) since Sat 2020-08-08 14:15:23 >>>>> -03; 3min 28s ago >>>>> Docs: man:clamd(8) >>>>> man:clamd.conf(5) >>>>> https://www.clamav.net/documents/ >>>>> <https://www.clamav.net/documents/> >>>>> Process: 4316 ExecStart=/usr/sbin/clamd -c /etc/clamd.d/%i.conf >>>>> (code=exited, status=1/FAILURE) >>>>> >>>>> Aug 08 14:15:23 pegasus systemd[1]: Failed to start clamd scanner (scan) >>>>> daemon. >>>>> Aug 08 14:15:23 pegasus systemd[1]: Unit [email protected] >>>>> <mailto:[email protected]> entered failed state. >>>>> Aug 08 14:15:23 pegasus systemd[1]: [email protected] >>>>> <mailto:[email protected]> failed. >>>>> Aug 08 14:15:23 pegasus systemd[1]: [email protected] >>>>> <mailto:[email protected]> holdoff time over, scheduling restart. >>>>> Aug 08 14:15:23 pegasus systemd[1]: Stopped clamd scanner (scan) daemon. >>>>> Aug 08 14:15:23 pegasus systemd[1]: start request repeated too quickly >>>>> for [email protected] <mailto:[email protected]> >>>>> Aug 08 14:15:23 pegasus systemd[1]: Failed to start clamd scanner (scan) >>>>> daemon. >>>>> Aug 08 14:15:23 pegasus systemd[1]: Unit [email protected] >>>>> <mailto:[email protected]> entered failed state. >>>>> Aug 08 14:15:23 pegasus systemd[1]: [email protected] >>>>> <mailto:[email protected]> failed. >>>>> Hint: Some lines were ellipsized, use -l to show in full. >>>>> >>>>> journalctl -xe >>>>> >>>>> -- The result is failed. >>>>> Aug 08 14:15:23 pegasus systemd[1]: Unit [email protected] >>>>> <mailto:[email protected]> entered failed state. >>>>> Aug 08 14:15:23 pegasus systemd[1]: [email protected] >>>>> <mailto:[email protected]> failed. >>>>> Aug 08 14:15:23 pegasus systemd[1]: [email protected] >>>>> <mailto:[email protected]> holdoff time over, scheduling restart. >>>>> Aug 08 14:15:23 pegasus systemd[1]: Stopped clamd scanner (scan) daemon. >>>>> -- Subject: Unit [email protected] <mailto:[email protected]> has >>>>> finished shutting down >>>>> -- Defined-By: systemd >>>>> -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel >>>>> <http://lists.freedesktop.org/mailman/listinfo/systemd-devel> >>>>> -- >>>>> -- Unit [email protected] <mailto:[email protected]> has finished >>>>> shutting down. >>>>> Aug 08 14:15:23 pegasus systemd[1]: start request repeated too quickly >>>>> for [email protected] <mailto:[email protected]> >>>>> Aug 08 14:15:23 pegasus systemd[1]: Failed to start clamd scanner (scan) >>>>> daemon. >>>>> -- Subject: Unit [email protected] <mailto:[email protected]> has failed >>>>> -- Defined-By: systemd >>>>> -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel >>>>> <http://lists.freedesktop.org/mailman/listinfo/systemd-devel> >>>>> -- >>>>> -- Unit [email protected] <mailto:[email protected]> has failed. >>>>> -- >>>>> >>>>> >>>>> El 08/08/2020 a las 12:26 p. m., Eric Broch escribió: >>>>>> Diego >>>>>> >>>>>> Please try this new configuration file... >>>>>> >>>>>> Attached is a new scan.conf (scan.conf.test). >>>>>> >>>>>> put it into your directory /etc/clamd.d >>>>>> >>>>>> # mv /etc/clamd.d/scan.conf /etc/clamd.d/scan.conf.bak >>>>>> >>>>>> # mv /etc/clamd.d/scan.conf.test /etc/clamd.d/scan.conf >>>>>> >>>>>> # systemctl start clamd@scan >>>>>> >>>>>> Eric >>>>>> >>>>>> >>>>>> >>>>>> On 8/8/2020 9:01 AM, Diego Piñon Conde wrote: >>>>>>> El 08/08/2020 a las 11:53 a. m., Eric Broch escribió: >>>>>>>> Do this >>>>>>>> >>>>>>>> # systemctl stop clamav-freshclam >>>>>>>> >>>>>>>> # freshclam (post output) >>>>>>>> >>>>>>>> # systemctl start clamav-freshclam >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> On 8/8/2020 8:42 AM, Diego Piñon Conde wrote: >>>>>>>>> El 08/08/2020 a las 11:24 a. m., Eric Broch escribió: >>>>>>>>>> Also look in freshclam log (/var/log/clamav/freshclam.log) >>>>>>>>>> >>>>>>>>>> # tail -n 20 /var/log/clamav/freshclam.log >>>>>>>>>> >>>>>>>>>> post output here >>>>>>>>>> >>>>>>>>>> On 8/8/2020 8:16 AM, Eric Broch wrote: >>>>>>>>>>> You can start simscan now, but keep clam=no in simcontrol until we >>>>>>>>>>> can get clamd@scan started. >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> On 8/8/2020 6:40 AM, Diego Piñon Conde wrote: >>>>>>>>>>>> I went to sleep at 2 in the morning with 2700 messages in local >>>>>>>>>>>> queue, now I can say is 0. >>>>>>>>>>>> >>>>>>>>>>>> All thanks to all of you! >>>>>>>>>>>> >>>>>>>>>>>> dspam_clean -s -p -u ended at 8:21 I guess because at that time is >>>>>>>>>>>> the last error for dspam. I keep searching the mail log for more >>>>>>>>>>>> errors. >>>>>>>>>>>> >>>>>>>>>>>> Aug 8 08:21:37 pegasus dspam[17546]: query error: Deadlock found >>>>>>>>>>>> when trying to get lock; try restarting transaction: see >>>>>>>>>>>> sql.errors for more details >>>>>>>>>>>> Aug 8 08:21:37 pegasus dspam[17546]: bailing on error -2 >>>>>>>>>>>> Aug 8 08:21:37 pegasus dspam[17546]: received invalid result >>>>>>>>>>>> (!DSR_ISSPAM && !DSR_ISINNOCENT): -2 >>>>>>>>>>>> >>>>>>>>>>>> clamd@scan still refuse to start, but I'm really don't sure I >>>>>>>>>>>> wanna use it. Virus db update takes forever and kill my server for >>>>>>>>>>>> at least 20 minutes, at least with clamAV version. I didn't get >>>>>>>>>>>> to test with the EPEL version... >>>>>>>>>>>> >>>>>>>>>>>> Is this the time for enable simscan Eric? Yesterday replace >>>>>>>>>>>> simscan with qmail-queue in /etc/tcprules.d/tcp.smtp >>>>>>>>>>>> >>>>>>>>>>>> El 07/08/2020 a las 11:08 p. m., Eric Broch escribió: >>>>>>>>>>>>> good! >>>>>>>>>>>>> >>>>>>>>>>>>> you can run instead: >>>>>>>>>>>>> >>>>>>>>>>>>> # dspam_clean -s -p -u >>>>>>>>>>>>> >>>>>>>>>>>>> for all users >>>>>>>>>>>>> >>>>>>>>>>>>> or >>>>>>>>>>>>> >>>>>>>>>>>>> dspam_clean -s -p -u [email protected] <mailto:[email protected]> >>>>>>>>>>>>> [email protected] <mailto:[email protected]> ... [email protected] >>>>>>>>>>>>> <mailto:[email protected]> >>>>>>>>>>>>> for the users you choose. >>>>>>>>>>>>> >>>>>>>>>>>>> This will also purge the database. >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> On 8/7/2020 8:01 PM, Diego Piñon Conde wrote: >>>>>>>>>>>>>> /purge-4.1.sql finally ends with no message >>>>>>>>>>>>>> >>>>>>>>>>>>>> El vie., 7 ago. 2020 a las 19:28, Eric Broch >>>>>>>>>>>>>> (<[email protected] <mailto:[email protected]>>) >>>>>>>>>>>>>> escribió: >>>>>>>>>>>>>> optimize dspam also... >>>>>>>>>>>>>> >>>>>>>>>>>>>> # mysql -u dspam -p dspam < >>>>>>>>>>>>>> /usr/share/dspam/sql-scripts/mysql/purge-4.1.sql >>>>>>>>>>>>>> >>>>>>>>>>>>>> On 8/7/2020 4:24 PM, Eric Broch wrote: >>>>>>>>>>>>>>> what's this yield >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> # ls -la /var/log/clamd >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> On 8/7/2020 4:19 PM, Diego Piñon Conde wrote: >>>>>>>>>>>>>>>> Same error >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> systemctl start clamd@scan >>>>>>>>>>>>>>>> Job for [email protected] <mailto:[email protected]> failed >>>>>>>>>>>>>>>> because a timeout was exceeded. See "systemctl status >>>>>>>>>>>>>>>> [email protected] <mailto:[email protected]>" and >>>>>>>>>>>>>>>> "journalctl -xe" for details. >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> El vie., 7 ago. 2020 a las 19:08, Eric Broch >>>>>>>>>>>>>>>> (<[email protected] <mailto:[email protected]>>) >>>>>>>>>>>>>>>> escribió: >>>>>>>>>>>>>>>> run the following and try to restart clamd@scan >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> curl -o /etc/clamd.d/scan.conf >>>>>>>>>>>>>>>> https://raw.githubusercontent.com/qmtoaster/scripts/master/scan.conf >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> <https://raw.githubusercontent.com/qmtoaster/scripts/master/scan.conf> >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> On 8/7/2020 4:05 PM, Diego Piñon Conde wrote: >>>>>>>>>>>>>>>>> systemctl start clamd@scan Job for >>>>>>>>>>>>>>>>> [email protected] <mailto:[email protected]> failed because >>>>>>>>>>>>>>>>> a timeout was exceeded. See "systemctl status >>>>>>>>>>>>>>>>> [email protected] <mailto:[email protected]>" and >>>>>>>>>>>>>>>>> "journalctl -xe" for details. >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> Did Not start >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> El vie., 7 ago. 2020 a las 18:44, Eric Broch >>>>>>>>>>>>>>>>> (<[email protected] <mailto:[email protected]>>) >>>>>>>>>>>>>>>>> escribió: >>>>>>>>>>>>>>>>> don't stop it. allow it to go until it starts. sometimes it >>>>>>>>>>>>>>>>> takes quite a while. >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> On 8/7/2020 3:39 PM, Diego Piñon Conde wrote: >>>>>>>>>>>>>>>>>> systemctl start clamd@scan >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> freeze and do nothing >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> # ls -ld /var/log/dspam >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> drwxrwx--- 2 dspam mail 81 Feb 18 03:57 /var/log/dspam >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> # ls -la /var/log/dspam >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> total 10256 >>>>>>>>>>>>>>>>>> drwxrwx--- 2 dspam mail 81 Feb 18 03:57 . >>>>>>>>>>>>>>>>>> drwxr-xr-x. 16 root root 4096 Aug 7 17:53 .. >>>>>>>>>>>>>>>>>> -rw-r--r-- 1 dspam mail 0 Feb 18 03:57 sql.errors >>>>>>>>>>>>>>>>>> -rw-rw---- 1 vpopmail mail 10493507 Feb 18 01:53 >>>>>>>>>>>>>>>>>> sql.errors-20200218 >>>>>>>>>>>>>>>>>> -rw------- 1 dspam mail 0 Feb 18 03:57 >>>>>>>>>>>>>>>>>> sql.errors-20200218.gz >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> El vie., 7 ago. 2020 a las 18:31, Eric Broch >>>>>>>>>>>>>>>>>> (<[email protected] <mailto:[email protected]>>) >>>>>>>>>>>>>>>>>> escribió: >>>>>>>>>>>>>>>>>> What's the output of the following commands? >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> # ls -ld /var/log/dspam >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> and >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> # ls -la /var/log/dspam >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> On 8/7/2020 2:46 PM, Diego Piñon Conde wrote: >>>>>>>>>>>>>>>>>>> This is the only weird message i can repeated times see >>>>>>>>>>>>>>>>>>> from now >>>>>>>>>>>>>>>>>>> [00 ]Aug 7 17:40:54 pegasus dspam[19962]: Unable to open >>>>>>>>>>>>>>>>>>> file for writing: /var/log/dspam/sql.errors: Permission >>>>>>>>>>>>>>>>>>> denied >>>>>>>>>>>>>>>>>>> [00]Aug 7 17:40:55 pegasus dspam[19962]: bailing on error >>>>>>>>>>>>>>>>>>> -2 >>>>>>>>>>>>>>>>>>> [00]Aug 7 17:40:55 pegasus dspam[19962]: received invalid >>>>>>>>>>>>>>>>>>> result (!DSR_ISSPAM && !DSR_ISINNOCENT): -2 >>>>>>>>>>>>>>>>>>> [00]Aug 7 17:40:55 pegasus dspam[19962]: process_message >>>>>>>>>>>>>>>>>>> returned error -5. delivering. >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> I 'm still looking >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> El vie., 7 ago. 2020 a las 17:06, Philip Nix Guru >>>>>>>>>>>>>>>>>>> (<[email protected] <mailto:[email protected]>>) escribió: >>>>>>>>>>>>>>>>>>> Hello >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> a bit hard to debug without checking system >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> if you got multitail >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> create a file with : >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> multitail -Z red,black,inverse -T -S -x "%m %u@%h %f (%t) >>>>>>>>>>>>>>>>>>> [%l]" \ >>>>>>>>>>>>>>>>>>> -m 0 -n 49 -cS qmail-send -l "qmlog -f send" \ >>>>>>>>>>>>>>>>>>> -m 0 -n 49 -cS qmail-smtp3 -em "policy_check" -em >>>>>>>>>>>>>>>>>>> "CHKUSER" -em "simscan" -em "spamdyke" -em "qmail-smtpd: " >>>>>>>>>>>>>>>>>>> -l "qmlog -f smtp" \ >>>>>>>>>>>>>>>>>>> -m 0 -n 49 -cS qmtspamassassin -ev "prefork" -ev >>>>>>>>>>>>>>>>>>> "(connection from localhost)" -l "tail -f /var/log/maillog" >>>>>>>>>>>>>>>>>>> \ >>>>>>>>>>>>>>>>>>> # -m 0 -n 49 -cS qmail-smtp -em "policy_check" -em >>>>>>>>>>>>>>>>>>> "CHKUSER" -em "simscan" -em "spamdyke" -em "qmail-smtpd: " >>>>>>>>>>>>>>>>>>> -em "spf-reject" -l "qmlog -f submission" \ >>>>>>>>>>>>>>>>>>> # -m 0 -n 49 -cS qmtspamassassin -ev "prefork" -ev >>>>>>>>>>>>>>>>>>> "(connection from localhost)" -l "tail -f /var/log/maillog" >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> and just sh it, and check if you see anything >>>>>>>>>>>>>>>>>>> weird/strange, delay ... >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> in the mail transaction >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> The amount of messages in the local queue is still >>>>>>>>>>>>>>>>>>>> descending but I don't know why so slow! >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> El vie., 7 ago. 2020 a las 15:48, Philip Nix Guru >>>>>>>>>>>>>>>>>>>> (<[email protected] <mailto:[email protected]>>) escribió: >>>>>>>>>>>>>>>>>>>> Hello >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> But the mail does get delivered just with a very long >>>>>>>>>>>>>>>>>>>> delay ? >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> and you disabled clamd but it still running ? >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> Check a delivered mail, look at the headers, make sure >>>>>>>>>>>>>>>>>>>> clamd is really not running >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> anything suspicous in /var/log/clamd/clamd.log ? >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> qmHandle -s shows what ? >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> On 8/7/20 8:34 PM, Diego Piñon Conde wrote: >>>>>>>>>>>>>>>>>>>>> 2 hs has passed and the local queue has 3530 msg (it was >>>>>>>>>>>>>>>>>>>>> 3700 at some point). Beside clamd that it is still >>>>>>>>>>>>>>>>>>>>> running and time to time take 100% cpu usage (I don't >>>>>>>>>>>>>>>>>>>>> understand why because qmailtoaster it's supoust that not >>>>>>>>>>>>>>>>>>>>> use it anymore), cpu usage is normally below 20% and >>>>>>>>>>>>>>>>>>>>> memory is the same. So why does it take so long to >>>>>>>>>>>>>>>>>>>>> deliver local msg! >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> I'm in UTC -3, so probably all of you are snoring. I will >>>>>>>>>>>>>>>>>>>>> keep working til qmailtoaster works normally, I hope when >>>>>>>>>>>>>>>>>>>>> you wake up you can give me a hand. >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> I will really appreciate that. Thanks in advance! >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> El vie., 7 ago. 2020 a las 12:29, Philip Nix Guru >>>>>>>>>>>>>>>>>>>>> (<[email protected] <mailto:[email protected]>>) escribió: >>>>>>>>>>>>>>>>>>>>> Hello >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> what you could start by doing is disabling >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> idle-timeout-secs=xx in /etc/spamdyke/spamdyke.conf >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> just comment the line >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> check in a few hours if your TIMEOUT drastically decreased >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> then you can adapt the idle-timeout delay >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> If not then, we can check other things >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> Cheers >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> On 8/7/20 4:40 PM, Diego Piñon Conde wrote: >>>>>>>>>>>>>>>>>>>>>> Hi Philip >>>>>>>>>>>>>>>>>>>>>> this is the tail of /var/log/maillog >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> Aug 7 11:31:01 pegasus spamdyke[2968]: TIMEOUT from: >>>>>>>>>>>>>>>>>>>>>> [email protected] >>>>>>>>>>>>>>>>>>>>>> <mailto:[email protected]> to: >>>>>>>>>>>>>>>>>>>>>> [email protected] >>>>>>>>>>>>>>>>>>>>>> <mailto:[email protected]> origin_ip: >>>>>>>>>>>>>>>>>>>>>> 209.85.215.175 origin_rdns: mail-pg1-f175.google.com >>>>>>>>>>>>>>>>>>>>>> <http://mail-pg1-f175.google.com/> auth: (unknown) >>>>>>>>>>>>>>>>>>>>>> encryption: TLS reason: TIMEOUT >>>>>>>>>>>>>>>>>>>>>> Aug 7 11:31:03 pegasus spamdyke[2970]: TIMEOUT from: >>>>>>>>>>>>>>>>>>>>>> [email protected] >>>>>>>>>>>>>>>>>>>>>> <mailto:[email protected]> to: >>>>>>>>>>>>>>>>>>>>>> [email protected] <mailto:[email protected]> >>>>>>>>>>>>>>>>>>>>>> origin_ip: 209.167.231.144 origin_rdns: >>>>>>>>>>>>>>>>>>>>>> mail01.messages.sonicwall.com >>>>>>>>>>>>>>>>>>>>>> <http://mail01.messages.sonicwall.com/> auth: (unknown) >>>>>>>>>>>>>>>>>>>>>> encryption: TLS reason: TIMEOUT >>>>>>>>>>>>>>>>>>>>>> Aug 7 11:31:03 pegasus spamdyke[2969]: TIMEOUT from: >>>>>>>>>>>>>>>>>>>>>> v-cjcdika_pmnlhikcme_gmicmlkp_gmicmlk...@bounce.info.bancopatagonia.com.ar >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> <mailto:v-cjcdika_pmnlhikcme_gmicmlkp_gmicmlk...@bounce.info.bancopatagonia.com.ar> >>>>>>>>>>>>>>>>>>>>>> to: [email protected] >>>>>>>>>>>>>>>>>>>>>> <mailto:[email protected]> origin_ip: >>>>>>>>>>>>>>>>>>>>>> 192.156.219.80 origin_rdns: >>>>>>>>>>>>>>>>>>>>>> mail7756.info.bancopatagonia.com.ar >>>>>>>>>>>>>>>>>>>>>> <http://mail7756.info.bancopatagonia.com.ar/> auth: >>>>>>>>>>>>>>>>>>>>>> (unknown) encryption: TLS reason: TIMEOUT >>>>>>>>>>>>>>>>>>>>>> Aug 7 11:31:06 pegasus spamdyke[2974]: TIMEOUT from: >>>>>>>>>>>>>>>>>>>>>> bounce-10710_html-121882056-2177875-6399888-...@bounce.mail.bbva.com.ar >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> <mailto:bounce-10710_html-121882056-2177875-6399888-...@bounce.mail.bbva.com.ar> >>>>>>>>>>>>>>>>>>>>>> to: [email protected] >>>>>>>>>>>>>>>>>>>>>> <mailto:[email protected]> origin_ip: >>>>>>>>>>>>>>>>>>>>>> 13.111.6.12 origin_rdns: mta.mail.bbva.com.ar >>>>>>>>>>>>>>>>>>>>>> <http://mta.mail.bbva.com.ar/> auth: (unknown) >>>>>>>>>>>>>>>>>>>>>> encryption: TLS reason: TIMEOUT >>>>>>>>>>>>>>>>>>>>>> Aug 7 11:31:24 pegasus vpopmail[3225]: >>>>>>>>>>>>>>>>>>>>>> vchkpw-submission: (PLAIN) login success >>>>>>>>>>>>>>>>>>>>>> [email protected]:10.10.10.8 >>>>>>>>>>>>>>>>>>>>>> <mailto:[email protected]:10.10.10.8> >>>>>>>>>>>>>>>>>>>>>> Aug 7 11:31:27 pegasus spamdyke[3004]: TIMEOUT from: >>>>>>>>>>>>>>>>>>>>>> [email protected] >>>>>>>>>>>>>>>>>>>>>> <mailto:[email protected]> to: >>>>>>>>>>>>>>>>>>>>>> [email protected] >>>>>>>>>>>>>>>>>>>>>> <mailto:[email protected]> origin_ip: >>>>>>>>>>>>>>>>>>>>>> 91.211.241.9 origin_rdns: pmta41009.emsmtp.com >>>>>>>>>>>>>>>>>>>>>> <http://pmta41009.emsmtp.com/> auth: (unknown) >>>>>>>>>>>>>>>>>>>>>> encryption: TLS reason: TIMEOUT >>>>>>>>>>>>>>>>>>>>>> Aug 7 11:31:32 pegasus spamdyke[3006]: TIMEOUT from: >>>>>>>>>>>>>>>>>>>>>> [email protected] >>>>>>>>>>>>>>>>>>>>>> <mailto:[email protected]> to: >>>>>>>>>>>>>>>>>>>>>> [email protected] >>>>>>>>>>>>>>>>>>>>>> <mailto:[email protected]> origin_ip: >>>>>>>>>>>>>>>>>>>>>> 40.107.76.91 origin_rdns: >>>>>>>>>>>>>>>>>>>>>> mail-eopbgr760091.outbound.protection.outlook.com >>>>>>>>>>>>>>>>>>>>>> <http://mail-eopbgr760091.outbound.protection.outlook.com/> >>>>>>>>>>>>>>>>>>>>>> auth: (unknown) encryption: TLS reason: TIMEOUT >>>>>>>>>>>>>>>>>>>>>> Aug 7 11:31:34 pegasus spamdyke[3050]: TIMEOUT from: >>>>>>>>>>>>>>>>>>>>>> [email protected] >>>>>>>>>>>>>>>>>>>>>> <mailto:[email protected]> to: >>>>>>>>>>>>>>>>>>>>>> [email protected] >>>>>>>>>>>>>>>>>>>>>> <mailto:[email protected]> origin_ip: >>>>>>>>>>>>>>>>>>>>>> 190.210.19.10 origin_rdns: webmail.provinciaseguros.com >>>>>>>>>>>>>>>>>>>>>> <http://webmail.provinciaseguros.com/> auth: (unknown) >>>>>>>>>>>>>>>>>>>>>> encryption: TLS reason: TIMEOUT >>>>>>>>>>>>>>>>>>>>>> Aug 7 11:31:38 pegasus spamdyke[3074]: TIMEOUT from: >>>>>>>>>>>>>>>>>>>>>> [email protected] >>>>>>>>>>>>>>>>>>>>>> <mailto:[email protected]> to: >>>>>>>>>>>>>>>>>>>>>> [email protected] >>>>>>>>>>>>>>>>>>>>>> <mailto:[email protected]> origin_ip: >>>>>>>>>>>>>>>>>>>>>> 209.85.210.45 origin_rdns: mail-ot1-f45.google.com >>>>>>>>>>>>>>>>>>>>>> <http://mail-ot1-f45.google.com/> auth: (unknown) >>>>>>>>>>>>>>>>>>>>>> encryption: TLS reason: TIMEOUT >>>>>>>>>>>>>>>>>>>>>> Aug 7 11:31:42 pegasus spamdyke[3158]: TIMEOUT from: >>>>>>>>>>>>>>>>>>>>>> [email protected] >>>>>>>>>>>>>>>>>>>>>> <mailto:[email protected]> to: >>>>>>>>>>>>>>>>>>>>>> [email protected] >>>>>>>>>>>>>>>>>>>>>> <mailto:[email protected]> origin_ip: >>>>>>>>>>>>>>>>>>>>>> 200.41.224.100 origin_rdns: mail.mardelplata.gov.ar >>>>>>>>>>>>>>>>>>>>>> <http://mail.mardelplata.gov.ar/> auth: (unknown) >>>>>>>>>>>>>>>>>>>>>> encryption: (none) reason: TIMEOUT >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> I've checked scan.conf and logverbose = yes >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> El vie., 7 ago. 2020 a las 11:27, Philip Nix Guru >>>>>>>>>>>>>>>>>>>>>> (<[email protected] <mailto:[email protected]>>) escribió: >>>>>>>>>>>>>>>>>>>>>> Hello >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> can you check if you got any >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> TIMEOUT in /var/log/maillog log file >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> since you did your update >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> Check also your scan.conf file >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> /etc/clamd.d/scan.conf >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> Enable Log (verbose) , >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> LogVerbose yes >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> On 8/7/20 4:12 PM, Diego Piñon Conde wrote: >>>>>>>>>>>>>>>>>>>>>>> Hi all >>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>> I'm running qmail toaster on CentOS 7. >>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>> Because I had problems with freshclam (terrible slow db >>>>>>>>>>>>>>>>>>>>>>> update), yesterday I changed clamAV to Epel version. >>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>> I don't know if it's relevant, but after that local >>>>>>>>>>>>>>>>>>>>>>> delivery was too slow. >>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>> Local queue was increasing in size and every email >>>>>>>>>>>>>>>>>>>>>>> received by clients was received 5 or 6 times. >>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>> I thinked maybe clamd it's the culprit, so I've changed >>>>>>>>>>>>>>>>>>>>>>> clamd=no in simcontrol and did qmailctl cdb but nothing >>>>>>>>>>>>>>>>>>>>>>> has changed. >>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>> My knowledge is limited and I will appreciate any help >>>>>>>>>>>> >>>>>>>>>>>> --------------------------------------------------------------------- >>>>>>>>>>>> To unsubscribe, e-mail: >>>>>>>>>>>> [email protected] >>>>>>>>>>>> <mailto:[email protected]> For >>>>>>>>>>>> additional commands, e-mail: >>>>>>>>>>>> [email protected] >>>>>>>>>>>> <mailto:[email protected]>sorry, i didn't >>>>>>>>>>>> send it to the list >>>>>>>>> >>>>>>>>> here it is... >>>>>>>>> >>>>>>>>> Sat Aug 8 10:39:30 2020 -> download_complete_callback: Download >>>>>>>>> complete for database : >>>>>>>>> /var/lib/clamav/tmp.a7a50/clamav-3329f7f83f3cf3a1d4e511ecbf21cf06.tmp-daily.cld >>>>>>>>> Sat Aug 8 10:39:30 2020 -> download_complete_callback: >>>>>>>>> fc_context->bTestDatabases : 1 >>>>>>>>> Sat Aug 8 10:39:30 2020 -> download_complete_callback: >>>>>>>>> fc_context->bBytecodeEnabled : 1 >>>>>>>>> Sat Aug 8 10:39:30 2020 -> Testing database: >>>>>>>>> '/var/lib/clamav/tmp.a7a50/clamav-3329f7f83f3cf3a1d4e511ecbf21cf06.tmp-daily.cld' >>>>>>>>> ... >>>>>>>>> Sat Aug 8 10:39:31 2020 -> Loading signatures from >>>>>>>>> /var/lib/clamav/tmp.a7a50/clamav-3329f7f83f3cf3a1d4e511ecbf21cf06.tmp-daily.cld >>>>>>>>> Sat Aug 8 10:40:01 2020 -> Properly loaded 3835881 signatures from >>>>>>>>> /var/lib/clamav/tmp.a7a50/clamav-3329f7f83f3cf3a1d4e511ecbf21cf06.tmp-daily.cld >>>>>>>>> Sat Aug 8 10:40:05 2020 -> Database test passed. >>>>>>>>> Sat Aug 8 10:40:05 2020 -> daily.cld updated (version: 25898, sigs: >>>>>>>>> 3807234, f-level: 63, builder: raynman) >>>>>>>>> Sat Aug 8 10:40:06 2020 -> fc_update_database: daily.cld updated. >>>>>>>>> Sat Aug 8 10:40:06 2020 -> Current working dir is /var/lib/clamav/ >>>>>>>>> Sat Aug 8 10:40:06 2020 -> check_for_new_database_version: Local >>>>>>>>> copy of main found: main.cld. >>>>>>>>> Sat Aug 8 10:40:06 2020 -> query_remote_database_version: main.cvd >>>>>>>>> version from DNS: 59 >>>>>>>>> Sat Aug 8 10:40:06 2020 -> main.cld database is up to date (version: >>>>>>>>> 59, sigs: 4564902, f-level: 60, builder: sigmgr) >>>>>>>>> Sat Aug 8 10:40:06 2020 -> fc_update_database: main.cld already >>>>>>>>> up-to-date. >>>>>>>>> Sat Aug 8 10:40:06 2020 -> Current working dir is /var/lib/clamav/ >>>>>>>>> Sat Aug 8 10:40:06 2020 -> check_for_new_database_version: Local >>>>>>>>> copy of bytecode found: bytecode.cld. >>>>>>>>> Sat Aug 8 10:40:06 2020 -> query_remote_database_version: >>>>>>>>> bytecode.cvd version from DNS: 331 >>>>>>>>> Sat Aug 8 10:40:06 2020 -> bytecode.cld database is up to date >>>>>>>>> (version: 331, sigs: 94, f-level: 63, builder: anvilleg) >>>>>>>>> Sat Aug 8 10:40:06 2020 -> fc_update_database: bytecode.cld already >>>>>>>>> up-to-date. >>>>>>>>> Sat Aug 8 10:40:06 2020 -> -------------------------------------- >>>>>>>>> --------------------------------------------------------------------- >>>>>>>>> To unsubscribe, e-mail: >>>>>>>>> [email protected] >>>>>>>>> <mailto:[email protected]> For >>>>>>>>> additional commands, e-mail: [email protected] >>>>>>>>> <mailto:[email protected]>Done >>>>>>> >>>>>>> Sat Aug 8 11:59:26 2020 -> ClamAV update process started at Sat Aug 8 >>>>>>> 11:59:26 2020 >>>>>>> Sat Aug 8 11:59:26 2020 -> *Current working dir is /var/lib/clamav/ >>>>>>> Sat Aug 8 11:59:26 2020 -> *Querying current.cvd.clamav.net >>>>>>> Sat Aug 8 11:59:26 2020 -> *TTL: 1715 >>>>>>> Sat Aug 8 11:59:26 2020 -> *fc_dns_query_update_info: Software version >>>>>>> from DNS: 0.102.4 >>>>>>> Sat Aug 8 11:59:26 2020 -> *Current working dir is /var/lib/clamav/ >>>>>>> Sat Aug 8 11:59:26 2020 -> *check_for_new_database_version: Local copy >>>>>>> of daily found: daily.cld. >>>>>>> Sat Aug 8 11:59:26 2020 -> *query_remote_database_version: daily.cvd >>>>>>> version from DNS: 25898 >>>>>>> Sat Aug 8 11:59:26 2020 -> daily.cld database is up to date (version: >>>>>>> 25898, sigs: 3807234, f-level: 63, builder: raynman) >>>>>>> Sat Aug 8 11:59:26 2020 -> *fc_update_database: daily.cld already >>>>>>> up-to-date. >>>>>>> Sat Aug 8 11:59:26 2020 -> *Current working dir is /var/lib/clamav/ >>>>>>> Sat Aug 8 11:59:26 2020 -> *check_for_new_database_version: Local copy >>>>>>> of main found: main.cld. >>>>>>> Sat Aug 8 11:59:26 2020 -> *query_remote_database_version: main.cvd >>>>>>> version from DNS: 59 >>>>>>> Sat Aug 8 11:59:26 2020 -> main.cld database is up to date (version: >>>>>>> 59, sigs: 4564902, f-level: 60, builder: sigmgr) >>>>>>> Sat Aug 8 11:59:26 2020 -> *fc_update_database: main.cld already >>>>>>> up-to-date. >>>>>>> Sat Aug 8 11:59:26 2020 -> *Current working dir is /var/lib/clamav/ >>>>>>> Sat Aug 8 11:59:26 2020 -> *check_for_new_database_version: Local copy >>>>>>> of bytecode found: bytecode.cld. >>>>>>> Sat Aug 8 11:59:26 2020 -> *query_remote_database_version: >>>>>>> bytecode.cvd version from DNS: 331 >>>>>>> Sat Aug 8 11:59:26 2020 -> bytecode.cld database is up to date >>>>>>> (version: 331, sigs: 94, f-level: 63, builder: anvilleg) >>>>>>> Sat Aug 8 11:59:26 2020 -> *fc_update_database: bytecode.cld already >>>>>>> up-to-date. >>>>>>> >>>>>>> >>>>>>> --------------------------------------------------------------------- >>>>>>> To unsubscribe, e-mail: [email protected] >>>>>>> <mailto:[email protected]> For additional >>>>>>> commands, e-mail: [email protected] >>>>>>> <mailto:[email protected]>--------------------------------------------------------------------- >>>>>>> To unsubscribe, e-mail: [email protected] >>>>>>> <mailto:[email protected]> For additional >>>>>>> commands, e-mail: [email protected] >>>>>>> <mailto:[email protected]>--------------------------------------------------------------------- >>>>>>> To unsubscribe, e-mail: [email protected] >>>>>>> <mailto:[email protected]> For additional >>>>>>> commands, e-mail: [email protected] >>>>>>> <mailto:[email protected]>--------------------------------------------------------------------- >>>>>>> To unsubscribe, e-mail: [email protected] >>>>>>> For additional commands, e-mail: [email protected]
