Re: [qmailtoaster] Fwd: qq soft reject after updating packages end of March 2021

Thu, 13 May 2021 17:53:17 -0700 

Clamd runs quite differently when the epel version is installed

daemon is controlled with:

systemctl status clamd@scan

and to get better logging

Add SIMSCAN_DEBUG="5" to /etc/tcprules.d/tcp.smtp as in:

:allow,SIMSCAN_DEBUG="5",BADMIMETYPE="",BADLOADERTYPE="M",CHKUSER_RCPTLIMIT="25"
The you'll see detailed clamdscan logging in /var/log/qmail/smtp and submission but make sure clamdscan is running 

systemctl status clamd@scan
we got qq soft-rejects when the kernel ran out of memory and clamav has stopped. We found an entry in /var/log/messages:
Nov 18 15:10:13 machine kernel: Out of memory: Kill process 803 (clamd) score 165 or sacrifice child 


Jeff

On 5/13/2021 4:16 PM, Benjamin Baez wrote:
I forgot to revisit that.  I noticed that clamd never came back up after the update.  Is there a different log now? 

[root@mta01 ~]# cat /var/log/clamd/clamd.log
Sat Mar 27 11:23:30 2021 -> SelfCheck: Database status OK.
Sat Mar 27 11:33:30 2021 -> SelfCheck: Database status OK.
Sat Mar 27 11:43:30 2021 -> SelfCheck: Database status OK.
Sat Mar 27 11:53:31 2021 -> SelfCheck: Database status OK.
Sat Mar 27 11:56:20 2021 -> Waiting for all threads to finish
Sat Mar 27 11:56:23 2021 -> Shutting down the main socket.
Sat Mar 27 11:56:23 2021 -> ERROR: Can't unlink the pid file /var/run/clamav/clamd.pid 
Sat Mar 27 11:56:23 2021 -> --- Stopped at Sat Mar 27 11:56:23 2021
Sat Mar 27 11:56:23 2021 -> Closing the main socket.
Sat Mar 27 11:56:23 2021 -> Socket file removed.

[root@mta01 ~]# toaststat

Status of toaster services
send: up (pid 32338) 15907 seconds
smtp: up (pid 32335) 15907 seconds
submission: up (pid 32336) 15907 seconds
send/log: up (pid 32340) 15907 seconds
smtp/log: up (pid 32339) 15907 seconds
submission/log: up (pid 32337) 15907 seconds

systemd service:         clamav-freshclam:       [  OK  ]
systemd service:                    spamd:       [  OK  ]
systemd service:                  dovecot:       [  OK  ]
systemd service:                  mariadb:       [  OK  ]
systemd service:                    httpd:       [  OK  ]
systemd service:                    named:       [  OK  ]
systemd service:                     ntpd:       [  OK  ]
systemd service:                     sshd:       [  OK  ]
systemd service:                  network:       [  OK  ]
systemd service:                    crond:       [  OK  ]
systemd service:                    acpid:       [  OK  ]
systemd service:                      atd:       [  OK  ]
systemd service:                   autofs:       [  OK  ]
systemd service:                   smartd:       [  OK  ]
systemd service:               irqbalance:       [  OK  ]
On Thu, May 13, 2021 at 1:03 PM Jeff Koch <[email protected] <mailto:[email protected]>> wrote: 

    Did you check the clamav log?

    Jeff

    On 5/13/2021 12:30 PM, Benjamin Baez wrote:


    Hi,

    How do I troubleshoot this further?  In the past it would be
    something to do with clamav or simscan, but don't have a lead
    this time.

    [root@mta01 ~]# tail -f /var/log/qmail/submission/current
    @40000000609d4c9217d2d2d4 tcpserver: status: 0/100
    @40000000609d52200e3031cc tcpserver: status: 1/100
    @40000000609d52200e39615c tcpserver: pid 1598 from 75.53.9.111
    @40000000609d52200e3a920c tcpserver: ok 1598
    mta01.biospectra.com:75.53.9.76:587 :75.53.9.111::61177
    @40000000609d52201bf23a6c CHKUSER accepted sender: from
    <[email protected]:bbaez:>
    <mailto:[email protected]:bbaez:> remote
    <[10.16.1.123]:unknown:75.53.9.111> rcpt <> : sender accepted
    @40000000609d522027921aa4 CHKUSER relaying rcpt: from
    <[email protected]:bbaez:>
    <mailto:[email protected]:bbaez:> remote
    <[10.16.1.123]:unknown:75.53.9.111> rcpt <[email protected]
    <mailto:[email protected]>> : client allowed to relay
    @40000000609d52202792265c policy_check: local bbaez -> remote
    [email protected] <mailto:[email protected]> (AUTHENTICATED SENDER)
    @40000000609d522027922a44 policy_check: policy allows transmission
    @40000000609d52202925ce4c qmail-smtpd: qq soft reject (mail
    server temporarily rejected message (#4.3.0)):
    MAILFROM:<[email protected] <mailto:[email protected]>>
    RCPTTO:[email protected] <mailto:rcptto%[email protected]>
    @40000000609d52230a71f14c tcpserver: end 1598 status 0
    @40000000609d52230a71f91c tcpserver: status: 0/100

    [root@mta01 ~]# tail -f cat  /var/log/maillog
    May 13 09:21:15 mta01 spamdyke[1592]:
    ERROR(load_resolver_file()@search_fs.c:753): invalid/unparsable
    nameserver found: 2600:1700:4a30:5b40::1
    May 13 09:21:42 mta01 vpopmail[1599]: vchkpw-submission:
    (CRAM-MD5) login success [email protected]:75.53.9.111
    <mailto:[email protected]:75.53.9.111>

    I don't think the IPv6 error is related but including it.

    Thanks!

Reply via email to