Re: [qmailtoaster] How to debug 'qq soft reject'? [SOLVED]
Interesting that when you put 'clam=no' in simcontrol that that didn't, at the very least, stop the soft rejects. On 7/20/2020 4:12 PM, Angus McIntyre wrote: Thank you to everyone who wrote with suggestions. The underlying cause of 'qq soft reject' in my case was that the clamav service had crashed and not restarted. I was able to relaunch it with: start clamav-daemon and everything started working again. Here's a summary of what I've learned: 1. If you get 'qq soft reject', the very first thing you should do is: toaststat There's a reasonable chance that the failure is caused by one of the services being down, and if so, it will show up here. 2. If that doesn't point to an obvious culprit, edit '/etc/tcprules.d/tcp.smtp' to include the option SIMSCAN_DEBUG="5". Then do: qmailctl cdb You can verify that the .cdb file has been rebuilt by checking the file dates with: ls -l /etc/tcprules.d/tcp.smtp* The file 'tcp.smtp.cdb' should be newer than 'tcp.stmp'. After editing and rebuilding, do: tail -f /var/log/qmail/smtp/current | tai64nlocal and attempt to deliver a message. The debug output will probably identify the cause of the error. Angus Eric Broch wrote on 7/20/20 3:47 PM: Angus, You must rebuild the tcp.smtp rules file to tcp.smtp.cdb, did you that? I would set SIMSCAN_DEBUG="5" Eric On 7/20/2020 1:36 PM, Angus McIntyre wrote: Thank you Finn and Remo I tried doubling the softlimit, and using Remo's configuration, but the problem remains. I'm not seeing any additional output in /var/qmail/log/smtp/current. Is that the logfile where the simscan debug output should go, or should I look for it somewhere else? I assume that it's something that simscan launches. Here's the 'smtp/current' log: @40005f15ef8c19226514 tcpserver: pid 17174 from 11.22.33.44 @40005f15ef8c192270cc tcpserver: ok 17174 s6:198.74.60.61:25 :11.22.33.44::38580 @40005f15ef932c056ab4 CHKUSER accepted sender: from remote rcpt <> : sender accepted @40005f15ef932c22d5f4 CHKUSER accepted any rcpt: from remote rcpt : accepted any recipient for this domain @40005f15ef932c22e1ac policy_check: remote u...@example.com -> local u...@otherhost.net (UNAUTHENTICATED SENDER) @40005f15ef932c22e594 policy_check: policy allows transmission @40005f15ef932e9f3034 qmail-smtpd: qq soft reject (mail server temporarily rejected message (#4.3.0)): MAILFROM: RCPTTO:u...@otherhost.net @40005f15ef932f9c8b94 tcpserver: end 17174 status 0 @40005f15ef932f9c9364 tcpserver: status: 0/100 But I can't find any logs anywhere that will tell me _what_ is failing. Thanks again for all your help. Any further suggestions would be very welcome. Angus Remo Mattei wrote on 7/20/20 2:55 PM: here is what mine looks like :allow,SIMSCAN_DEBUG="2",CHKUSER_EXTRA_MUSTAUTH_VARIABLE,BADMIMETYPE="",BADLOADERTYPE="M",CHKUSER_RCPTLIMIT="150",CHKUSER_WRONGRCPTLIMIT="10",NOP0FCHECK="1",QMAILQUEUE="/var/qmail/bin/simscan",DKQUEUE="/var/qmail/bin/qmail-queue.orig",DKVERIFY="DEGIJKfh",DKSIGN="/var/qmail/control/domainkeys/%/private” you probably want to have that out of the 127. Remo On Jul 20, 2020, at 11:52 AM, qm...@mailonly.dk wrote: Hi Angus. Have You tried to increase the softlimit in the run file ? (to get rid of the issue ;-)) Cheers, Finn Den 20-07-2020 kl. 20:01 skrev Angus McIntyre: My qmailtoaster running on CentOS 7 was behaving fine, but now seems to soft reject everything, and I'm having a hard time working out why. It doesn't seem to be a ClamAV issue: I set 'clam=no' in '/var/qmail/control/simcontrol' and restarted qmail, but I still get the rejections. I added 'SIMSCAN_DEBUG="5"' to the list of env vars in '/etc/tcprules.d/tcp.smtp', but that doesn't seem to generate any actionable debugging output anywhere that I can see. Does anyone have any suggestions for debugging this issue? I know there's been some talk of bad signatures for ClamAV recently, but I _thought_ I'd eliminated that as a possibility by turning off clam in simcontrol. If that's not the case, how would I identify (and suppress) a bad signature? Thanks, Angus - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For
Re: [qmailtoaster] How to debug 'qq soft reject'? [SOLVED]
Thank you to everyone who wrote with suggestions. The underlying cause of 'qq soft reject' in my case was that the clamav service had crashed and not restarted. I was able to relaunch it with: start clamav-daemon and everything started working again. Here's a summary of what I've learned: 1. If you get 'qq soft reject', the very first thing you should do is: toaststat There's a reasonable chance that the failure is caused by one of the services being down, and if so, it will show up here. 2. If that doesn't point to an obvious culprit, edit '/etc/tcprules.d/tcp.smtp' to include the option SIMSCAN_DEBUG="5". Then do: qmailctl cdb You can verify that the .cdb file has been rebuilt by checking the file dates with: ls -l /etc/tcprules.d/tcp.smtp* The file 'tcp.smtp.cdb' should be newer than 'tcp.stmp'. After editing and rebuilding, do: tail -f /var/log/qmail/smtp/current | tai64nlocal and attempt to deliver a message. The debug output will probably identify the cause of the error. Angus Eric Broch wrote on 7/20/20 3:47 PM: Angus, You must rebuild the tcp.smtp rules file to tcp.smtp.cdb, did you that? I would set SIMSCAN_DEBUG="5" Eric On 7/20/2020 1:36 PM, Angus McIntyre wrote: Thank you Finn and Remo I tried doubling the softlimit, and using Remo's configuration, but the problem remains. I'm not seeing any additional output in /var/qmail/log/smtp/current. Is that the logfile where the simscan debug output should go, or should I look for it somewhere else? I assume that it's something that simscan launches. Here's the 'smtp/current' log: @40005f15ef8c19226514 tcpserver: pid 17174 from 11.22.33.44 @40005f15ef8c192270cc tcpserver: ok 17174 s6:198.74.60.61:25 :11.22.33.44::38580 @40005f15ef932c056ab4 CHKUSER accepted sender: from remote rcpt <> : sender accepted @40005f15ef932c22d5f4 CHKUSER accepted any rcpt: from remote rcpt : accepted any recipient for this domain @40005f15ef932c22e1ac policy_check: remote u...@example.com -> local u...@otherhost.net (UNAUTHENTICATED SENDER) @40005f15ef932c22e594 policy_check: policy allows transmission @40005f15ef932e9f3034 qmail-smtpd: qq soft reject (mail server temporarily rejected message (#4.3.0)): MAILFROM: RCPTTO:u...@otherhost.net @40005f15ef932f9c8b94 tcpserver: end 17174 status 0 @40005f15ef932f9c9364 tcpserver: status: 0/100 But I can't find any logs anywhere that will tell me _what_ is failing. Thanks again for all your help. Any further suggestions would be very welcome. Angus Remo Mattei wrote on 7/20/20 2:55 PM: here is what mine looks like :allow,SIMSCAN_DEBUG="2",CHKUSER_EXTRA_MUSTAUTH_VARIABLE,BADMIMETYPE="",BADLOADERTYPE="M",CHKUSER_RCPTLIMIT="150",CHKUSER_WRONGRCPTLIMIT="10",NOP0FCHECK="1",QMAILQUEUE="/var/qmail/bin/simscan",DKQUEUE="/var/qmail/bin/qmail-queue.orig",DKVERIFY="DEGIJKfh",DKSIGN="/var/qmail/control/domainkeys/%/private” you probably want to have that out of the 127. Remo On Jul 20, 2020, at 11:52 AM, qm...@mailonly.dk wrote: Hi Angus. Have You tried to increase the softlimit in the run file ? (to get rid of the issue ;-)) Cheers, Finn Den 20-07-2020 kl. 20:01 skrev Angus McIntyre: My qmailtoaster running on CentOS 7 was behaving fine, but now seems to soft reject everything, and I'm having a hard time working out why. It doesn't seem to be a ClamAV issue: I set 'clam=no' in '/var/qmail/control/simcontrol' and restarted qmail, but I still get the rejections. I added 'SIMSCAN_DEBUG="5"' to the list of env vars in '/etc/tcprules.d/tcp.smtp', but that doesn't seem to generate any actionable debugging output anywhere that I can see. Does anyone have any suggestions for debugging this issue? I know there's been some talk of bad signatures for ClamAV recently, but I _thought_ I'd eliminated that as a possibility by turning off clam in simcontrol. If that's not the case, how would I identify (and suppress) a bad signature? Thanks, Angus - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com - To unsubscribe, e-mail:
Re: [qmailtoaster] How to debug 'qq soft reject'?
I remember having to set that number VERY high in the run file to stop those errors. Here is mine for /var/qmail/supervise/smtp/run [root@mail smtp]# cat run #!/bin/sh QMAILDUID=`id -u vpopmail` NOFILESGID=`id -g vpopmail` MAXSMTPD=`cat /var/qmail/control/concurrencyincoming` SPAMDYKE="/usr/bin/spamdyke" SPAMDYKE_CONF="/etc/spamdyke/spamdyke.conf" SMTPD="/var/qmail/bin/qmail-smtpd" TCP_CDB="/etc/tcprules.d/tcp.smtp.cdb" HOSTNAME=`hostname` VCHKPW="/home/vpopmail/bin/vchkpw" REQUIRE_AUTH=0 exec /usr/bin/softlimit -m 6400 \ /usr/bin/tcpserver -v -R -H -l $HOSTNAME -x $TCP_CDB -c "$MAXSMTPD" \ -u "$QMAILDUID" -g "$NOFILESGID" 0 smtp \ $SPAMDYKE --config-file $SPAMDYKE_CONF \ $SMTPD $VCHKPW /bin/true 2>&1 I set it the same for /send/, but it was different for submission: [root@mail submission]# cat run #!/bin/sh QMAILDUID=`id -u vpopmail` NOFILESGID=`id -g vpopmail` MAXSMTPD=`cat /var/qmail/control/concurrencyincoming` SMTPD="/var/qmail/bin/qmail-smtpd" TCP_CDB="/etc/tcprules.d/tcp.smtp.cdb" HOSTNAME=`hostname` VCHKPW="/home/vpopmail/bin/vchkpw" export REQUIRE_AUTH=1 exec /usr/bin/softlimit -m 12800 \ /usr/bin/tcpserver -v -R -H -l $HOSTNAME -x $TCP_CDB -c "$MAXSMTPD" \ -u "$QMAILDUID" -g "$NOFILESGID" 0 587 \ $SMTPD $VCHKPW /bin/true 2>&1 From: Angus McIntyre Reply-To: Date: Monday, July 20, 2020 at 3:36 PM To: Subject: Re: [qmailtoaster] How to debug 'qq soft reject'? Thank you Finn and Remo I tried doubling the softlimit, and using Remo's configuration, but the problem remains. I'm not seeing any additional output in /var/qmail/log/smtp/current. Is that the logfile where the simscan debug output should go, or should I look for it somewhere else? I assume that it's something that simscan launches. Here's the 'smtp/current' log: @40005f15ef8c19226514 tcpserver: pid 17174 from 11.22.33.44 @40005f15ef8c192270cc tcpserver: ok 17174 s6:198.74.60.61:25 :11.22.33.44::38580 @40005f15ef932c056ab4 CHKUSER accepted sender: from remote rcpt <> : sender accepted @40005f15ef932c22d5f4 CHKUSER accepted any rcpt: from remote rcpt : accepted any recipient for this domain @40005f15ef932c22e1ac policy_check: remote u...@example.com -> local u...@otherhost.net (UNAUTHENTICATED SENDER) @40005f15ef932c22e594 policy_check: policy allows transmission @40005f15ef932e9f3034 qmail-smtpd: qq soft reject (mail server temporarily rejected message (#4.3.0)): MAILFROM: RCPTTO:u...@otherhost.net @40005f15ef932f9c8b94 tcpserver: end 17174 status 0 @40005f15ef932f9c9364 tcpserver: status: 0/100 But I can't find any logs anywhere that will tell me _what_ is failing. Thanks again for all your help. Any further suggestions would be very welcome. Angus Remo Mattei wrote on 7/20/20 2:55 PM: here is what mine looks like :allow,SIMSCAN_DEBUG="2",CHKUSER_EXTRA_MUSTAUTH_VARIABLE,BADMIMETYPE="",BADLOADERTYPE="M",CHKUSER_RCPTLIMIT="150",CHKUSER_WRONGRCPTLIMIT="10",NOP0FCHECK="1",QMAILQUEUE="/var/qmail/bin/simscan",DKQUEUE="/var/qmail/bin/qmail-queue.orig",DKVERIFY="DEGIJKfh",DKSIGN="/var/qmail/control/domainkeys/%/private” you probably want to have that out of the 127. Remo On Jul 20, 2020, at 11:52 AM, qm...@mailonly.dk wrote: Hi Angus. Have You tried to increase the softlimit in the run file ? (to get rid of the issue ;-)) Cheers, Finn Den 20-07-2020 kl. 20:01 skrev Angus McIntyre: My qmailtoaster running on CentOS 7 was behaving fine, but now seems to soft reject everything, and I'm having a hard time working out why. It doesn't seem to be a ClamAV issue: I set 'clam=no' in '/var/qmail/control/simcontrol' and restarted qmail, but I still get the rejections. I added 'SIMSCAN_DEBUG="5"' to the list of env vars in '/etc/tcprules.d/tcp.smtp', but that doesn't seem to generate any actionable debugging output anywhere that I can see. Does anyone have any suggestions for debugging this issue? I know there's been some talk of bad signatures for ClamAV recently, but I _thought_ I'd eliminated that as a possibility by turning off clam in simcontrol. If that's not the case, how would I identify (and suppress) a bad signature? Thanks, Angus - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
Re: [qmailtoaster] How to debug 'qq soft reject'?
Angus, You must rebuild the tcp.smtp rules file to tcp.smtp.cdb, did you that? I would set SIMSCAN_DEBUG="5" Eric On 7/20/2020 1:36 PM, Angus McIntyre wrote: Thank you Finn and Remo I tried doubling the softlimit, and using Remo's configuration, but the problem remains. I'm not seeing any additional output in /var/qmail/log/smtp/current. Is that the logfile where the simscan debug output should go, or should I look for it somewhere else? I assume that it's something that simscan launches. Here's the 'smtp/current' log: @40005f15ef8c19226514 tcpserver: pid 17174 from 11.22.33.44 @40005f15ef8c192270cc tcpserver: ok 17174 s6:198.74.60.61:25 :11.22.33.44::38580 @40005f15ef932c056ab4 CHKUSER accepted sender: from remote rcpt <> : sender accepted @40005f15ef932c22d5f4 CHKUSER accepted any rcpt: from remote rcpt : accepted any recipient for this domain @40005f15ef932c22e1ac policy_check: remote u...@example.com -> local u...@otherhost.net (UNAUTHENTICATED SENDER) @40005f15ef932c22e594 policy_check: policy allows transmission @40005f15ef932e9f3034 qmail-smtpd: qq soft reject (mail server temporarily rejected message (#4.3.0)): MAILFROM: RCPTTO:u...@otherhost.net @40005f15ef932f9c8b94 tcpserver: end 17174 status 0 @40005f15ef932f9c9364 tcpserver: status: 0/100 But I can't find any logs anywhere that will tell me _what_ is failing. Thanks again for all your help. Any further suggestions would be very welcome. Angus Remo Mattei wrote on 7/20/20 2:55 PM: here is what mine looks like :allow,SIMSCAN_DEBUG="2",CHKUSER_EXTRA_MUSTAUTH_VARIABLE,BADMIMETYPE="",BADLOADERTYPE="M",CHKUSER_RCPTLIMIT="150",CHKUSER_WRONGRCPTLIMIT="10",NOP0FCHECK="1",QMAILQUEUE="/var/qmail/bin/simscan",DKQUEUE="/var/qmail/bin/qmail-queue.orig",DKVERIFY="DEGIJKfh",DKSIGN="/var/qmail/control/domainkeys/%/private” you probably want to have that out of the 127. Remo On Jul 20, 2020, at 11:52 AM, qm...@mailonly.dk wrote: Hi Angus. Have You tried to increase the softlimit in the run file ? (to get rid of the issue ;-)) Cheers, Finn Den 20-07-2020 kl. 20:01 skrev Angus McIntyre: My qmailtoaster running on CentOS 7 was behaving fine, but now seems to soft reject everything, and I'm having a hard time working out why. It doesn't seem to be a ClamAV issue: I set 'clam=no' in '/var/qmail/control/simcontrol' and restarted qmail, but I still get the rejections. I added 'SIMSCAN_DEBUG="5"' to the list of env vars in '/etc/tcprules.d/tcp.smtp', but that doesn't seem to generate any actionable debugging output anywhere that I can see. Does anyone have any suggestions for debugging this issue? I know there's been some talk of bad signatures for ClamAV recently, but I _thought_ I'd eliminated that as a possibility by turning off clam in simcontrol. If that's not the case, how would I identify (and suppress) a bad signature? Thanks, Angus - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
Re: [qmailtoaster] How to debug 'qq soft reject'?
Thank you Finn and Remo I tried doubling the softlimit, and using Remo's configuration, but the problem remains. I'm not seeing any additional output in /var/qmail/log/smtp/current. Is that the logfile where the simscan debug output should go, or should I look for it somewhere else? I assume that it's something that simscan launches. Here's the 'smtp/current' log: @40005f15ef8c19226514 tcpserver: pid 17174 from 11.22.33.44 @40005f15ef8c192270cc tcpserver: ok 17174 s6:198.74.60.61:25 :11.22.33.44::38580 @40005f15ef932c056ab4 CHKUSER accepted sender: from remote rcpt <> : sender accepted @40005f15ef932c22d5f4 CHKUSER accepted any rcpt: from remote rcpt : accepted any recipient for this domain @40005f15ef932c22e1ac policy_check: remote u...@example.com -> local u...@otherhost.net (UNAUTHENTICATED SENDER) @40005f15ef932c22e594 policy_check: policy allows transmission @40005f15ef932e9f3034 qmail-smtpd: qq soft reject (mail server temporarily rejected message (#4.3.0)): MAILFROM: RCPTTO:u...@otherhost.net @40005f15ef932f9c8b94 tcpserver: end 17174 status 0 @40005f15ef932f9c9364 tcpserver: status: 0/100 But I can't find any logs anywhere that will tell me _what_ is failing. Thanks again for all your help. Any further suggestions would be very welcome. Angus Remo Mattei wrote on 7/20/20 2:55 PM: here is what mine looks like :allow,SIMSCAN_DEBUG="2",CHKUSER_EXTRA_MUSTAUTH_VARIABLE,BADMIMETYPE="",BADLOADERTYPE="M",CHKUSER_RCPTLIMIT="150",CHKUSER_WRONGRCPTLIMIT="10",NOP0FCHECK="1",QMAILQUEUE="/var/qmail/bin/simscan",DKQUEUE="/var/qmail/bin/qmail-queue.orig",DKVERIFY="DEGIJKfh",DKSIGN="/var/qmail/control/domainkeys/%/private” you probably want to have that out of the 127. Remo On Jul 20, 2020, at 11:52 AM, qm...@mailonly.dk wrote: Hi Angus. Have You tried to increase the softlimit in the run file ? (to get rid of the issue ;-)) Cheers, Finn Den 20-07-2020 kl. 20:01 skrev Angus McIntyre: My qmailtoaster running on CentOS 7 was behaving fine, but now seems to soft reject everything, and I'm having a hard time working out why. It doesn't seem to be a ClamAV issue: I set 'clam=no' in '/var/qmail/control/simcontrol' and restarted qmail, but I still get the rejections. I added 'SIMSCAN_DEBUG="5"' to the list of env vars in '/etc/tcprules.d/tcp.smtp', but that doesn't seem to generate any actionable debugging output anywhere that I can see. Does anyone have any suggestions for debugging this issue? I know there's been some talk of bad signatures for ClamAV recently, but I _thought_ I'd eliminated that as a possibility by turning off clam in simcontrol. If that's not the case, how would I identify (and suppress) a bad signature? Thanks, Angus - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
Re: [qmailtoaster] How to debug 'qq soft reject'?
here is what mine looks like :allow,SIMSCAN_DEBUG="2",CHKUSER_EXTRA_MUSTAUTH_VARIABLE,BADMIMETYPE="",BADLOADERTYPE="M",CHKUSER_RCPTLIMIT="150",CHKUSER_WRONGRCPTLIMIT="10",NOP0FCHECK="1",QMAILQUEUE="/var/qmail/bin/simscan",DKQUEUE="/var/qmail/bin/qmail-queue.orig",DKVERIFY="DEGIJKfh",DKSIGN="/var/qmail/control/domainkeys/%/private” you probably want to have that out of the 127. Remo > On Jul 20, 2020, at 11:52 AM, qm...@mailonly.dk wrote: > > Hi Angus. > > Have You tried to increase the softlimit in the run file ? (to get rid of the > issue ;-)) > > Cheers, > Finn > > Den 20-07-2020 kl. 20:01 skrev Angus McIntyre: >> My qmailtoaster running on CentOS 7 was behaving fine, but now seems to soft >> reject everything, and I'm having a hard time working out why. >> It doesn't seem to be a ClamAV issue: I set 'clam=no' in >> '/var/qmail/control/simcontrol' and restarted qmail, but I still get the >> rejections. >> I added 'SIMSCAN_DEBUG="5"' to the list of env vars in >> '/etc/tcprules.d/tcp.smtp', but that doesn't seem to generate any actionable >> debugging output anywhere that I can see. >> Does anyone have any suggestions for debugging this issue? I know there's >> been some talk of bad signatures for ClamAV recently, but I _thought_ I'd >> eliminated that as a possibility by turning off clam in simcontrol. If >> that's not the case, how would I identify (and suppress) a bad signature? >> Thanks, >> Angus >> - >> To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com >> For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com > > - > To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com > For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com > - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
Re: [qmailtoaster] How to debug 'qq soft reject'?
Hi Angus. Have You tried to increase the softlimit in the run file ? (to get rid of the issue ;-)) Cheers, Finn Den 20-07-2020 kl. 20:01 skrev Angus McIntyre: My qmailtoaster running on CentOS 7 was behaving fine, but now seems to soft reject everything, and I'm having a hard time working out why. It doesn't seem to be a ClamAV issue: I set 'clam=no' in '/var/qmail/control/simcontrol' and restarted qmail, but I still get the rejections. I added 'SIMSCAN_DEBUG="5"' to the list of env vars in '/etc/tcprules.d/tcp.smtp', but that doesn't seem to generate any actionable debugging output anywhere that I can see. Does anyone have any suggestions for debugging this issue? I know there's been some talk of bad signatures for ClamAV recently, but I _thought_ I'd eliminated that as a possibility by turning off clam in simcontrol. If that's not the case, how would I identify (and suppress) a bad signature? Thanks, Angus - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
Re: [qmailtoaster] How to debug 'qq soft reject'?
Hi Remo Thanks for the fast response. Here's what I have in '/etc/tcprules.d/tcp.smtp': 127.:allow,RELAYCLIENT="",SIMSCAN_DEBUG="5",RBLSMTPD="",NOP0FCHECK="1" :allow,BADMIMETYPE="",BADLOADERTYPE="M",CHKUSER_RCPTLIMIT="50",CHKUSER_WRONGRCPTLIMIT="10",NOP0FCHECK="1",QMAILQUEUE="/var/qmail/bin/simscan",DKQUEUE="/var/qmail/bin/qmail-queue.orig",DKVERIFY="DEGIJKfh",DKSIGN="/var/qmail/control/domainkeys/%/private" I haven't seen any extra debug output in /var/log/qmail/smtp/current which is where I was expecting to see it. But perhaps I'm looking in the wrong place? Angus Remo Mattei wrote on 7/20/20 2:20 PM: Ok I just tested and updated the /etc/tcprules.d/tcp.smtp looks like the old way I used to was not working anymore. so here is the steps: :allow,SIMSCAN_DEBUG="2”,CHKUSER_EXTRA_ then run qmailctl cdb That should do it On Jul 20, 2020, at 11:03 AM, Remo Mattei wrote: Angus, I notice this as well and I rerun the Eric’s script and all comes back to normal, I have had not time to debug this yet. Remo On Jul 20, 2020, at 11:01 AM, Angus McIntyre wrote: My qmailtoaster running on CentOS 7 was behaving fine, but now seems to soft reject everything, and I'm having a hard time working out why. It doesn't seem to be a ClamAV issue: I set 'clam=no' in '/var/qmail/control/simcontrol' and restarted qmail, but I still get the rejections. I added 'SIMSCAN_DEBUG="5"' to the list of env vars in '/etc/tcprules.d/tcp.smtp', but that doesn't seem to generate any actionable debugging output anywhere that I can see. Does anyone have any suggestions for debugging this issue? I know there's been some talk of bad signatures for ClamAV recently, but I _thought_ I'd eliminated that as a possibility by turning off clam in simcontrol. If that's not the case, how would I identify (and suppress) a bad signature? Thanks, Angus - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com -- https://raingod.com/ - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
Re: [qmailtoaster] How to debug 'qq soft reject'?
Ok I just tested and updated the /etc/tcprules.d/tcp.smtp looks like the old way I used to was not working anymore. so here is the steps: :allow,SIMSCAN_DEBUG="2”,CHKUSER_EXTRA_ then run qmailctl cdb That should do it > On Jul 20, 2020, at 11:03 AM, Remo Mattei wrote: > > Angus, I notice this as well and I rerun the Eric’s script and all comes back > to normal, I have had not time to debug this yet. > > Remo > >> On Jul 20, 2020, at 11:01 AM, Angus McIntyre wrote: >> >> My qmailtoaster running on CentOS 7 was behaving fine, but now seems to soft >> reject everything, and I'm having a hard time working out why. >> >> It doesn't seem to be a ClamAV issue: I set 'clam=no' in >> '/var/qmail/control/simcontrol' and restarted qmail, but I still get the >> rejections. >> >> I added 'SIMSCAN_DEBUG="5"' to the list of env vars in >> '/etc/tcprules.d/tcp.smtp', but that doesn't seem to generate any actionable >> debugging output anywhere that I can see. >> >> Does anyone have any suggestions for debugging this issue? I know there's >> been some talk of bad signatures for ClamAV recently, but I _thought_ I'd >> eliminated that as a possibility by turning off clam in simcontrol. If >> that's not the case, how would I identify (and suppress) a bad signature? >> >> Thanks, >> >> Angus >> >> >> - >> To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com >> For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com >> > > > - > To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com > For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com > - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
Re: [qmailtoaster] How to debug 'qq soft reject'?
you need to add that to the run file SIMSCAN_DEBUG=3 or SIMSCAN_DEBUG=5 Remo > On Jul 20, 2020, at 11:01 AM, Angus McIntyre wrote: > > My qmailtoaster running on CentOS 7 was behaving fine, but now seems to soft > reject everything, and I'm having a hard time working out why. > > It doesn't seem to be a ClamAV issue: I set 'clam=no' in > '/var/qmail/control/simcontrol' and restarted qmail, but I still get the > rejections. > > I added 'SIMSCAN_DEBUG="5"' to the list of env vars in > '/etc/tcprules.d/tcp.smtp', but that doesn't seem to generate any actionable > debugging output anywhere that I can see. > > Does anyone have any suggestions for debugging this issue? I know there's > been some talk of bad signatures for ClamAV recently, but I _thought_ I'd > eliminated that as a possibility by turning off clam in simcontrol. If that's > not the case, how would I identify (and suppress) a bad signature? > > Thanks, > > Angus > > > - > To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com > For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com >
Re: [qmailtoaster] How to debug 'qq soft reject'?
Angus, I notice this as well and I rerun the Eric’s script and all comes back to normal, I have had not time to debug this yet. Remo > On Jul 20, 2020, at 11:01 AM, Angus McIntyre wrote: > > My qmailtoaster running on CentOS 7 was behaving fine, but now seems to soft > reject everything, and I'm having a hard time working out why. > > It doesn't seem to be a ClamAV issue: I set 'clam=no' in > '/var/qmail/control/simcontrol' and restarted qmail, but I still get the > rejections. > > I added 'SIMSCAN_DEBUG="5"' to the list of env vars in > '/etc/tcprules.d/tcp.smtp', but that doesn't seem to generate any actionable > debugging output anywhere that I can see. > > Does anyone have any suggestions for debugging this issue? I know there's > been some talk of bad signatures for ClamAV recently, but I _thought_ I'd > eliminated that as a possibility by turning off clam in simcontrol. If that's > not the case, how would I identify (and suppress) a bad signature? > > Thanks, > > Angus > > > - > To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com > For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com > - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
[qmailtoaster] How to debug 'qq soft reject'?
My qmailtoaster running on CentOS 7 was behaving fine, but now seems to soft reject everything, and I'm having a hard time working out why. It doesn't seem to be a ClamAV issue: I set 'clam=no' in '/var/qmail/control/simcontrol' and restarted qmail, but I still get the rejections. I added 'SIMSCAN_DEBUG="5"' to the list of env vars in '/etc/tcprules.d/tcp.smtp', but that doesn't seem to generate any actionable debugging output anywhere that I can see. Does anyone have any suggestions for debugging this issue? I know there's been some talk of bad signatures for ClamAV recently, but I _thought_ I'd eliminated that as a possibility by turning off clam in simcontrol. If that's not the case, how would I identify (and suppress) a bad signature? Thanks, Angus - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
Re: [qmailtoaster] DKIM on CentOS 8
Thanks for the quick response, but this is a little ambiguous. Do you mean: 1. CentOS 8 + qmailtoaster is stable enough that you were planning to convert your existing mailserver ('my system') to C8, or 2. CentOS 8 is stable enough that you were planning to convert all your qmailtoaster install scripts ('my system') to C8? If it's (1), that sounds like a recommendation for doing new installs on CentOS 8; if it's (2), that sounds like I should wait. Thanks for any clarification, Angus Eric Broch wrote on 7/20/20 9:17 AM: I was going to convert my system over to it, just haven't gotten around to it yet. On 7/20/2020 7:10 AM, Angus McIntyre wrote: What's the status of qmailtoaster on CentOS 8? Is it stable enough that you'd recommend new installs to be built on CentOS 8, or should we stay with the tried and tested CentOS 7? Thanks, Angus Eric Broch wrote on 7/19/20 11:02 PM: https://lxadm.com/Generating_DKIM_key_with_openssl On 7/19/2020 7:36 PM, Remo Mattei wrote: Hello guys, I am building a new box, has anyone installed and configure the DKIM ? Looks like the docs are only on CentOS 7 and the gen is for the lib which is not on CentOS 8 Thanks, Remo - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
Re: [qmailtoaster] DKIM on CentOS 8
I was going to convert my system over to it, just haven't gotten around to it yet. On 7/20/2020 7:10 AM, Angus McIntyre wrote: What's the status of qmailtoaster on CentOS 8? Is it stable enough that you'd recommend new installs to be built on CentOS 8, or should we stay with the tried and tested CentOS 7? Thanks, Angus Eric Broch wrote on 7/19/20 11:02 PM: https://lxadm.com/Generating_DKIM_key_with_openssl On 7/19/2020 7:36 PM, Remo Mattei wrote: Hello guys, I am building a new box, has anyone installed and configure the DKIM ? Looks like the docs are only on CentOS 7 and the gen is for the lib which is not on CentOS 8 Thanks, Remo - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
Re: [qmailtoaster] DKIM on CentOS 8
What's the status of qmailtoaster on CentOS 8? Is it stable enough that you'd recommend new installs to be built on CentOS 8, or should we stay with the tried and tested CentOS 7? Thanks, Angus Eric Broch wrote on 7/19/20 11:02 PM: https://lxadm.com/Generating_DKIM_key_with_openssl On 7/19/2020 7:36 PM, Remo Mattei wrote: Hello guys, I am building a new box, has anyone installed and configure the DKIM ? Looks like the docs are only on CentOS 7 and the gen is for the lib which is not on CentOS 8 Thanks, Remo - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com