Re: [qmailtoaster] protect virus
Hi everyone, I replaced the ClamAV using the scripts and everything is working fine but now every three hours I get this message from Cron: Subject: "Cron /usr/share/clamav/freshclam-sleep" Body: ERROR: Problem with internal logger (UpdateLogFile = /var/log/clamav/freshclam.log). ERROR: initialize: libfreshclam init failed. ERROR: Initialization error! I found this in /etc/cron.d/clamav-update running every three hours: ## It is ok to execute it as root; freshclam drops privileges and becomes ## user 'clamupdate' as soon as possible 0 */3 * * * root /usr/share/clamav/freshclam-sleep When I run it in cli it shows nothing but when I run "freshclam -v" I get: ERROR: /var/log/clamav/freshclam.log is locked by another process ERROR: Problem with internal logger (UpdateLogFile = /var/log/clamav/freshclam.log). ERROR: initialize: libfreshclam init failed. ERROR: Initialization error! So "lsof /var/log/clamav/freshclam.log" gives: COMMAND PID USER FD TYPE DEVICE SIZE/OFFNODE NAME freshclam 15895 clamupdate4wW REG 253,352727 8498566 /var/log/clamav/freshclam.log I guess the service clamav-freshclam locks the file and does the same thing the Cron job does, because if I stop it the freshclam command runs without errors. Finally my question is can I safely just remove the clamav-update job from Cron? Thnaks in advance. --- Em 2020-06-24 10:20, Eric Broch escreveu: > Thanks for the tests, adjusted the script and all seems to be working. Let me > know... > > On 6/24/2020 2:55 AM, ChandranManikandan wrote: > Hi Remo, > > Thanks, > I have changed the log path in fresclam.conf and permission was working fine. > > On Wed, Jun 24, 2020 at 2:18 PM Remo Mattei wrote: > sorry one more tip. The server I had an issue with simscan, then I got qq > soft limit, which I sent an email out .. eventually it will show up, I just > rerun the script (from Eric) and that fixed it. > > Remo > > On Jun 23, 2020, at 10:48 PM, Remo Mattei wrote: > > so I updated the other production servers I have and all of them had the same > freshclam issues. changed the log options and restarted > > systemctl restart clamav-freshclam.service > that worked just fine. Only one server had an issue with the simscan. > > Just my 2 cents > > On Jun 23, 2020, at 10:18 PM, Remo Mattei wrote: > > ignore the mariadb error that's on the toaststat script I fixed that nothing > to do with the upgrade :) my bet.. send it to fast! > > On Jun 23, 2020, at 10:12 PM, Remo Mattei wrote: > > You probably want to check the permissions on your simscan as well. > > chmod 4711 /var/qmail/bin/simscan > > That fixed it. > > On Jun 23, 2020, at 10:10 PM, Remo Mattei wrote: > > you need to change the permissions on this file > > chown -R clamupdate:clamupdate /var/log/freshclam.log > > freshclam > Tue Jun 23 22:06:29 2020 -> ClamAV update process started at Tue Jun 23 > 22:06:29 2020 > Tue Jun 23 22:06:29 2020 -> *Current working dir is /var/lib/clamav/ > Tue Jun 23 22:06:29 2020 -> *Querying current.cvd.clamav.net [1] > Tue Jun 23 22:06:29 2020 -> *TTL: 1497 > Tue Jun 23 22:06:29 2020 -> *fc_dns_query_update_info: Software version from > DNS: 0.102.3 > Tue Jun 23 22:06:29 2020 -> *Current working dir is /var/lib/clamav/ > Tue Jun 23 22:06:29 2020 -> *check_for_new_database_version: Local copy of > daily found: daily.cld. > Tue Jun 23 22:06:29 2020 -> *query_remote_database_version: daily.cvd version > from DNS: 25852 > Tue Jun 23 22:06:29 2020 -> daily.cld database is up to date (version: 25852, > sigs: 2757399, f-level: 63, builder: raynman) > Tue Jun 23 22:06:29 2020 -> *fc_update_database: daily.cld already > up-to-date. > Tue Jun 23 22:06:29 2020 -> *Current working dir is /var/lib/clamav/ > Tue Jun 23 22:06:29 2020 -> *check_for_new_database_version: Local copy of > main found: main.cld. > Tue Jun 23 22:06:29 2020 -> *query_remote_database_version: main.cvd version > from DNS: 59 > Tue Jun 23 22:06:29 2020 -> main.cld database is up to date (version: 59, > sigs: 4564902, f-level: 60, builder: sigmgr) > Tue Jun 23 22:06:29 2020 -> *fc_update_database: main.cld already up-to-date. > Tue Jun 23 22:06:29 2020 -> *Current working dir is /var/lib/clamav/ > Tue Jun 23 22:06:29 2020 -> *check_for_new_database_version: Local copy of > bytecode found: bytecode.cld. > Tue Jun 23 22:06:29 2020 -> *query_remote_database_version: bytecode.cvd > version from DNS: 331 > Tue Jun 23 22:06:29 2020 -> bytecode.cld database is up to date (version: > 331, sigs: 94, f-level: 63, builder: anvilleg) > Tue Jun 23 22:06:29 2020 -> *fc_update_database: bytecode.cld already > up-to-date. > r...@qmail.rm.ht: [/etc/clamd.d] > > On Jun 23, 2020, at 2:33 PM, Eric Broch wrote: > chown -R clamupdate:clamupdate -- Regards, Manikandan.C Links: -- [1] http://current.cvd.clamav.net/
Re: [qmailtoaster] SMTPS Port - Who is Failing ?
Hi David, I don't know if this can help you but I use iptables with xrecent module to limit 10 connections per minute on each port on my server: iptables -A INPUT -p tcp --dport 25 -m state --state NEW -m recent --set --name SMTP --rsource iptables -A INPUT -p tcp --dport 25 -m state --state NEW -m recent --update --seconds 60 --hitcount 10 --name SMTP --rsource -j DROP iptables -A INPUT -p tcp --dport 110 -m state --state NEW -m recent --set --name POP3 --rsource iptables -A INPUT -p tcp --dport 110 -m state --state NEW -m recent --update --seconds 60 --hitcount 10 --name POP3 --rsource -j DROP iptables -A INPUT -p tcp --dport 995 -m state --state NEW -m recent --set --name POP3S --rsource iptables -A INPUT -p tcp --dport 995 -m state --state NEW -m recent --update --seconds 60 --hitcount 10 --name POP3S --rsource -j DROP iptables -A INPUT -p tcp --dport 465 -m state --state NEW -m recent --set --name SMTPS --rsource iptables -A INPUT -p tcp --dport 465 -m state --state NEW -m recent --update --seconds 60 --hitcount 10 --name SMTPS --rsource -j DROP iptables -A INPUT -p tcp --dport 587 -m state --state NEW -m recent --set --name SUBMISSION --rsource iptables -A INPUT -p tcp --dport 587 -m state --state NEW -m recent --update --seconds 60 --hitcount 10 --name SUBMISSION --rsource -j DROP To check the blocked IPs see /proc/net/xt_recent/ The bad thing is it uses conntrack to work. --- Em 2020-04-18 07:33, David Bray escreveu: > Hi Tony, thanks > But not so much looking for a solution to block ips. > > I'm needing to identify which ips to block > > On Sat, 18 Apr 2020 at 8:19 pm, Tony White wrote: > >> Or this... >> >> -- snip -- >> #!/bin/bash >> logf="/var/log/blockip.log" >> mdate=`date +%c` >> mip=$1 >> ### must be root ### >> if [ `whoami` != "root" ]; then >> echo "" >> echo "$0 must be run as root" >> echo "" >> exit 1 >> fi; >> >> if [ $mip == "--help" ]; then >> echo "" >> echo "Help: Block single and subnet IP's" >> echo "" >> echo "blockip 130.2.1.1" >> echo "blockip 130.2.1.0/24 [1]" >> echo "" >> exit 1 >> fi; >> >> mip1=${mip:0:6}; >> # your lan range if needed or comment out >> if [ $mip1 == "192.168.1." ]; then # change ip to suit >> echo "$mdate Discarding LAN drop request for $mip1" >> $logf >> exit 1 >> fi; >> >> # whitelist special clients... >> # change the IP.ADDR.ESS to suit. >> # comment out to remove >> if [ $mip == "IP.ADDR.ESS" ] || [ $mip == "IP.ADDR.ESS" ] || [ $mip == >> "IP.ADDR.ESS" ] || [ $mip == "IP.ADDR.ESS" ] || [ >> $mip == "IP.ADDR.ESS" ] ; then >> echo "$mdate Discarding WAN drop request for $mip" >> $logf >> echo "$mdate Discarding WAN drop request for $mip" >> exit 1 >> fi; >> >> export PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin >> is_ip="grep -Ec >> '^[1-2]?[0-9]?[0-9]\.[0-2]?[0-9]?[0-9]\.[0-2]?[0-9]?[0-9]\.[0-2]?[0-9]?[0-9](\/[0-3]?[0-9])?$'" >> >> if [ `echo $mip |eval $is_ip` != "1" ]; then >> echo "$mdate Error in IP address $mip" >> $logf >> echo "$mdate Error in IP address $mip" >> else >> iptables -I INPUT -s $mip -j DROP >> echo "iptables -I INPUT -s $mip -j DROP" >> echo "iptables -I INPUT -s $mip -j DROP" >> /etc/rc.d/rc.blockedips >> echo "$mdate now dropping all packets from $mip" >> $logf >> fi; >> -- snip -- >> >> best wishes >> Tony White >> >> On 18/4/20 8:09 pm, Tony White wrote: >> >>> Hi David, >>> Sorry try this instead... >>> >>> -- snip -- >>> #!/bin/sh >>> logf="/var/log/blacklist_ip.log" >>> mdate=`date +%c` >>> ### must be root ### >>> if [ `whoami` != "root" ]; then >>> echo "" >>> echo "$0 must be ran as root" >>> echo "" >>> exit 1 >>> fi >>> export PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin >>> is_ip="grep -Ec >>> '^[1-2]?[0-9]?[0-9]\.[0-2]?[0-9]?[0-9]\.[0-2]?[0-9]?[0-9]\.[0-2]?[0-9]?[0-9](\/[0-3]?[0-9])?$'" >>> >>> if [ `echo $1 |eval $is_ip` != "1" ]; then >>> echo "$mdate Error in IP address $1" >> $logf >>> else >>> echo "$1" >> /opt/spamdyke/etc/blacklist_ip >>> echo "$mdate now dropping all packets from $1" >> $logf >>> fi >>> --snip -- >>> >>> best wishes >>> Tony White >>> On 18/4/20 8:04 pm, Tony White wrote: >>> Hi David, Try using this little script... -- snip -- #!/bin/bash logf="/var/log/blockip.log" mdate=`date +%c` mip=$1 ### must be root ### if [ `whoami` != "root" ]; then echo "" echo "$0 must be run as root" echo "" exit 1 fi; if [ $mip == "--help" ]; then echo "" echo "Help: Block single and subnet IP's" echo "" echo "blockip 132.2.1.1" echo "blockip 132.1.0/24" echo "" exit 1 fi; -- snip -- worked for me forever... Use qtp watchall to monitor the logs a
Re: [qmailtoaster] relay on tcp.smtp.cdb
If I use port 25 the servers returns "421: Refused. You have no DNS reverse entry". I guess it's still ignoring my rules in tcp.smtp.cdb file. Could it be because I installed the qmail-1.03-3.1 from development version? Em 18/07/2019 13:41, Eric Broch escreveu: Why don't you use port 25? On 7/18/2019 8:22 AM, Leonardo Porto wrote: Eric, The first client is an APC Automatic Transfer Switch, it has no SMTP authentication method so I configured relay and it was able to send us notification messages in the old server, not anymore in the new one. The second client is a PC using Outlook Express, it has no STARTTLS support and its SSL method doesn't work, so I want to configure relay for it. I tried "my server requires authentication" (Server tab) option enabled and disabled, I tried "This /server requires/ a /secure connection/ (/SSL/)" (Advanced tab) also, both without success. Leonardo Em 18/07/2019 10:58, Eric Broch escreveu: Are you authorizing with the client? On 7/18/2019 7:51 AM, Leonardo Porto wrote: Hi everyone, My relay rules on tcp.smtp.cdb are not working after I installed a new server. Here is my /etc/tcprules.d/tcp.smtp: :allow,BADMIMETYPE="",BADLOADERTYPE="M",CHKUSER_RCPTLIMIT="50",CHKUSER_WRONGRCPTLIMIT="3",NOP0FCHECK="1",QMAILQUEUE="/var/qmail/bin/simscan",DKQUEUE="/var/qmail/bin/qmail-queue.orig",DKVERIFY="DEGIJKfh",DKSIGN="/var/qmail/control/domainkeys/%/private" 10.5.5.189:allow,RELAYCLIENT="" 187.0.147.204:allow,RELAYCLIENT="" 208.84.243.:allow,RBLSMTPD="" First line is the original from toaster installation, the other three lines I included the same way they were in the old server and I generated a new cdb file using "qmailctl cdb" command. My /var/qmail/supervise/submission/run: #!/bin/sh QMAILDUID=`id -u vpopmail` NOFILESGID=`id -g vpopmail` MAXSMTPD=`cat /var/qmail/control/concurrencyincoming` SMTPD="/var/qmail/bin/qmail-smtpd" TCP_CDB="/etc/tcprules.d/tcp.smtp.cdb" HOSTNAME=`hostname` VCHKPW="/home/vpopmail/bin/vchkpw" export SMTPAUTH="!" exec /usr/bin/softlimit -m 12800 \ /usr/bin/tcpserver -v -R -H -l $HOSTNAME -x $TCP_CDB -c "$MAXSMTPD" \ -u "$QMAILDUID" -g "$NOFILESGID" 0 587 \ $SMTPD $VCHKPW /bin/true 2>&1 But I still can't relay from those two clients throught port 587, the server asks for authentication. Any clues?
Re: [qmailtoaster] roundcube password plugin
Yeah I saw about it too but I did not try yet... I will try both and post the instructions. Thanks Em 22/01/2019 12:15, Eric Broch escreveu: Here's another plugin that I've found, it logs into qmailadmin: http://www.davidc.net/miscellany/qmailadmin-plugin-roundcube On 1/22/2019 6:59 AM, Leonardo - IW Telecom wrote: Eric, I found the same page and I am thinking to do exactly you said. Do you use roundcube or recommend another driver for password plugin? Thanks. Em 22/01/2019 11:37, Eric Broch escreveu: Leonardo, I've never used vpopmaild, but...Have a look here: https://qmail.jms1.net/vpopmail/vpopmaild.shtml I think you can tailor the location of the run script to match the current qmail configuration in /var/qmail/supervise/ Eric On 1/22/2019 6:17 AM, Leonardo Porto wrote: Hi everyone, I am using Roundcube with my new qmailtoaster centos7 installation. But I did not installed it using yum, I downloaded it from roundcube website and run installation script, I guess it is the same result. I trying to use the password plugin, it seems its default db driver does not work with qmail/vpopmail, so I tryed vpopmaild. I run vpopmaild in command line using tcpserver and succefully changed the password in roundcube - I could see it working in command line. Now I suppose I have to create supervise files for vpopmaild... is that the usual method? Or you guys use something else? Thanks. Leonardo. -- Eric Broch White Horse Technical Consulting (WHTC) -- Eric Broch White Horse Technical Consulting (WHTC)
Re: [qmailtoaster] roundcube password plugin
Eric, I found the same page and I am thinking to do exactly you said. Do you use roundcube or recommend another driver for password plugin? Thanks. Em 22/01/2019 11:37, Eric Broch escreveu: Leonardo, I've never used vpopmaild, but...Have a look here: https://qmail.jms1.net/vpopmail/vpopmaild.shtml I think you can tailor the location of the run script to match the current qmail configuration in /var/qmail/supervise/ Eric On 1/22/2019 6:17 AM, Leonardo Porto wrote: Hi everyone, I am using Roundcube with my new qmailtoaster centos7 installation. But I did not installed it using yum, I downloaded it from roundcube website and run installation script, I guess it is the same result. I trying to use the password plugin, it seems its default db driver does not work with qmail/vpopmail, so I tryed vpopmaild. I run vpopmaild in command line using tcpserver and succefully changed the password in roundcube - I could see it working in command line. Now I suppose I have to create supervise files for vpopmaild... is that the usual method? Or you guys use something else? Thanks. Leonardo. -- Eric Broch White Horse Technical Consulting (WHTC)