This looks like my issue [qmailtoaster] Clamd not restarting after update from 101 to 103
https://www.mail-archive.com/qmailtoaster-list@qmailtoaster.com/msg43255.html I'll work through it soon. On Thu, May 13, 2021 at 5:53 PM Jeff Koch <jeffk...@intersessions.com> wrote: > Clamd runs quite differently when the epel version is installed > > daemon is controlled with: > > systemctl status clamd@scan > > and to get better logging > > Add SIMSCAN_DEBUG="5" to /etc/tcprules.d/tcp.smtp as in: > > > :allow,SIMSCAN_DEBUG="5",BADMIMETYPE="",BADLOADERTYPE="M",CHKUSER_RCPTLIMIT="25" > > The you'll see detailed clamdscan logging in /var/log/qmail/smtp and > submission but make sure clamdscan is running > > systemctl status clamd@scan > > we got qq soft-rejects when the kernel ran out of memory and clamav has > stopped. We found an entry in /var/log/messages: > > Nov 18 15:10:13 machine kernel: Out of memory: Kill process 803 (clamd) > score 165 or sacrifice child > > > Jeff > > On 5/13/2021 4:16 PM, Benjamin Baez wrote: > > I forgot to revisit that. I noticed that clamd never came back up after > the update. Is there a different log now? > > [root@mta01 ~]# cat /var/log/clamd/clamd.log > Sat Mar 27 11:23:30 2021 -> SelfCheck: Database status OK. > Sat Mar 27 11:33:30 2021 -> SelfCheck: Database status OK. > Sat Mar 27 11:43:30 2021 -> SelfCheck: Database status OK. > Sat Mar 27 11:53:31 2021 -> SelfCheck: Database status OK. > Sat Mar 27 11:56:20 2021 -> Waiting for all threads to finish > Sat Mar 27 11:56:23 2021 -> Shutting down the main socket. > Sat Mar 27 11:56:23 2021 -> ERROR: Can't unlink the pid file > /var/run/clamav/clamd.pid > Sat Mar 27 11:56:23 2021 -> --- Stopped at Sat Mar 27 11:56:23 2021 > Sat Mar 27 11:56:23 2021 -> Closing the main socket. > Sat Mar 27 11:56:23 2021 -> Socket file removed. > > [root@mta01 ~]# toaststat > > Status of toaster services > send: up (pid 32338) 15907 seconds > smtp: up (pid 32335) 15907 seconds > submission: up (pid 32336) 15907 seconds > send/log: up (pid 32340) 15907 seconds > smtp/log: up (pid 32339) 15907 seconds > submission/log: up (pid 32337) 15907 seconds > > systemd service: clamav-freshclam: [ OK ] > systemd service: spamd: [ OK ] > systemd service: dovecot: [ OK ] > systemd service: mariadb: [ OK ] > systemd service: httpd: [ OK ] > systemd service: named: [ OK ] > systemd service: ntpd: [ OK ] > systemd service: sshd: [ OK ] > systemd service: network: [ OK ] > systemd service: crond: [ OK ] > systemd service: acpid: [ OK ] > systemd service: atd: [ OK ] > systemd service: autofs: [ OK ] > systemd service: smartd: [ OK ] > systemd service: irqbalance: [ OK ] > > On Thu, May 13, 2021 at 1:03 PM Jeff Koch <jeffk...@intersessions.com> > wrote: > >> Did you check the clamav log? >> >> Jeff >> >> On 5/13/2021 12:30 PM, Benjamin Baez wrote: >> >> >> Hi, >> >> How do I troubleshoot this further? In the past it would be something to >> do with clamav or simscan, but don't have a lead this time. >> >> [root@mta01 ~]# tail -f /var/log/qmail/submission/current >> @40000000609d4c9217d2d2d4 tcpserver: status: 0/100 >> @40000000609d52200e3031cc tcpserver: status: 1/100 >> @40000000609d52200e39615c tcpserver: pid 1598 from 75.53.9.111 >> @40000000609d52200e3a920c tcpserver: ok 1598 >> mta01.biospectra.com:75.53.9.76:587 >> :75.53.9.111::61177 >> @40000000609d52201bf23a6c CHKUSER accepted sender: from >> <bb...@biospectra.com:bbaez:> <bb...@biospectra.com:bbaez:> remote >> <[10.16.1.123]:unknown:75.53.9.111> rcpt <> : sender accepted >> @40000000609d522027921aa4 CHKUSER relaying rcpt: from >> <bb...@biospectra.com:bbaez:> <bb...@biospectra.com:bbaez:> remote >> <[10.16.1.123]:unknown:75.53.9.111> rcpt <benba...@gmail.com> : client >> allowed to relay >> @40000000609d52202792265c policy_check: local bbaez -> remote >> benba...@gmail.com (AUTHENTICATED SENDER) >> @40000000609d522027922a44 policy_check: policy allows transmission >> @40000000609d52202925ce4c qmail-smtpd: qq soft reject (mail server >> temporarily rejected message (#4.3.0)): MAILFROM:<bb...@biospectra.com> >> RCPTTO:benba...@gmail.com >> @40000000609d52230a71f14c tcpserver: end 1598 status 0 >> @40000000609d52230a71f91c tcpserver: status: 0/100 >> >> [root@mta01 ~]# tail -f cat /var/log/maillog >> May 13 09:21:15 mta01 spamdyke[1592]: >> ERROR(load_resolver_file()@search_fs.c:753): invalid/unparsable nameserver >> found: 2600:1700:4a30:5b40::1 >> May 13 09:21:42 mta01 vpopmail[1599]: vchkpw-submission: (CRAM-MD5) login >> success bb...@biospectra.com:75.53.9.111 >> >> I don't think the IPv6 error is related but including it. >> >> Thanks! >> >> >> >
