PDA

View Full Version : Maildrop error: Unable to open filter file, errno=13


voltron81
28th October 2009, 15:53
Hi guys,
Is 15 minutes that my email server, realized with ISPConfig and roundcube, is not working properly.

In the mail.log file I can see:
maildrop[4182]: Unable to open filter file, errno=13.
...
status=deferred (temporary failure. Command output: /usr/bin/maildrop: Unable to open filter file, errno=13.

Do you know what is going on?
I tried to reboot the server and also just postfix, but nothing happen...
Thanks

Michele

till
28th October 2009, 16:04
Please check if there is a .mailfilter file in /var/vmail or /home/vmail depending on where your emails are stored.

voltron81
28th October 2009, 16:20
Thanks Till for your answer.
I've a master-master replication of dbispconfig (just the tables regarding the email) and /var/vmail.
It was working fine.
Now from the main server I've this problem, but if I switch off it, the other server is working without problem.

In both servers I've .mailfilter, the same file in both and with this permission:
-rw------- 1 root root 1710 2009-10-28 10:26 .mailfilter

The .mailfilter anyway is this one:
#
# Import variables
#

LOGNAME=tolower("$LOGNAME")
EXTENSION="$1"
RECIPIENT=tolower("$2")
USER=tolower("$3")
HOST=tolower("$4")
SENDER="$5"
DEFAULT="/var/vmail/$HOST/$USER/."

# Workaround for broken tolower function in some current fedora releases

if(!$USER)
{
USER=$3
}
if(!$HOST)
{
HOST=$4
}

if ( "$EXTENSION" ne "" )
{
DELIMITER="+"
}

if (!$SENDER)
{
SENDER = "<>"
}

#
# Autocreate maildir, if not existant
#

`test -e /var/vmail/$HOST`
if ( $RETURNCODE != 0 )
{
`mkdir /var/vmail/$HOST`
}

`test -e /var/vmail/$HOST/$USER`
if ( $RETURNCODE != 0 )
{
`maildirmake /var/vmail/$HOST/$USER`
`chmod -R 0700 /var/vmail/$HOST`
}

# Check if the user has a autoresponder enabled

`test -f /var/vmail/mailfilters/$HOST/$USER/.autoresponder`
if ( $RETURNCODE == 0 )
{
include "/var/vmail/mailfilters/$HOST/$USER/.autoresponder"
}
# Create a mailsize file
`echo $SIZE >> /var/vmail/$HOST/$USER/ispconfig_mailsize`


# Move SPAM to junk
`test -e /var/vmail/$HOST/$USER/.Junk`
if ( $RETURNCODE != 0 )
{
`maildirmake -f Junk /var/vmail/$HOST/$USER`
`chmod -R 0700 /var/vmail/$HOST/$USER/.Junk`
`echo INBOX.Junk >> /var/vmail/$HOST/$USER/courierimapsubscribed`
}
if (/^Subject:.*\*\*\*SPAM\*\*\*/:h)
{
to /var/vmail/$HOST/$USER/.Junk/
}




#
# Test if the user has his own maildrop include,
# if not available, check if $DEFAULT is set
# (newer maildrop get's that from the DB and updates
# it) and deliver or fail temporarily if not available
#

`test -f /var/vmail/mailfilters/$HOST/$USER/.mailfilter`
if ( $RETURNCODE == 0 )
{
include "/var/vmail/mailfilters/$HOST/$USER/.mailfilter"
}
else
{
if ( "$DEFAULT" ne "" )
{
to "$DEFAULT"
}
else
{
EXITCODE=75
exit
}
}


Suggestions?

thanks
Michele

voltron81
28th October 2009, 17:48
maybe is a stupid thing, but after taht I edited this file /var/www/ispconfig/mail/lib/lang/en_mail_user.lng I started to have problems.

But anyway I came back to the old file and I still have this problem... :confused:

voltron81
28th October 2009, 18:08
I'm just realize that into the mail.log, once that I reboot the server, I can see this error:
spamd[2258]: dns: sendto() failed: Operation not permitted at /usr/share/perl5/Mail/SpamAssassin/DnsResolver.pm line 395.


:eek:

till
29th October 2009, 09:01
Editing the .lng file is not related to your problems.

The spamd error is a different problem too.

Do you have the problem with all accounts or just one?

Please post the content of the postfix master.cf and the output of:

ls -la /var/vmail/

voltron81
29th October 2009, 10:45
Hi Till,
It's look like a problem for all my accounts.
The postfix of master.cf is:
#
# Postfix master process configuration file. For details on the format
# of the file, see the master(5) manual page (command: "man 5 master").
#
# Do not forget to execute "postfix reload" after editing this file.
#
# ================================================== ========================
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (100)
# ================================================== ========================
smtp inet n - - - - smtpd
#submission inet n - - - - smtpd
# -o smtpd_tls_security_level=encrypt
# -o smtpd_sasl_auth_enable=yes
# -o smtpd_client_restrictions=permit_sasl_authenticate d,reject
# -o milter_macro_daemon_name=ORIGINATING
#smtps inet n - - - - smtpd
# -o smtpd_tls_wrappermode=yes
# -o smtpd_sasl_auth_enable=yes
# -o smtpd_client_restrictions=permit_sasl_authenticate d,reject
# -o milter_macro_daemon_name=ORIGINATING
#628 inet n - - - - qmqpd
pickup fifo n - - 60 1 pickup
cleanup unix n - - - 0 cleanup
qmgr fifo n - n 300 1 qmgr
#qmgr fifo n - - 300 1 oqmgr
tlsmgr unix - - - 1000? 1 tlsmgr
rewrite unix - - - - - trivial-rewrite
bounce unix - - - - 0 bounce
defer unix - - - - 0 bounce
trace unix - - - - 0 bounce
verify unix - - - - 1 verify
flush unix n - - 1000? 0 flush
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - - - - - smtp
# When relaying mail as backup MX, disable fallback_relay to avoid MX loops
relay unix - - - - - smtp
-o smtp_fallback_relay=
# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq unix n - - - - showq
error unix - - - - - error
retry unix - - - - - error
discard unix - - - - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - - - - lmtp
anvil unix - - - - 1 anvil
scache unix - - - - 1 scache
#
# ================================================== ==================
# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
#
# Many of the following services use the Postfix pipe(8) delivery
# agent. See the pipe(8) man page for information about ${recipient}
# and other message envelope options.
# ================================================== ==================
#
# maildrop. See the Postfix MAILDROP_README file for details.
# Also specify in main.cf: maildrop_destination_recipient_limit=1
#
maildrop unix - n n - - pipe
flags=DRhu user=vmail argv=/usr/bin/maildrop -d vmail ${extension} ${recipient} ${user} ${nexthop} ${sender}
#
# See the Postfix UUCP_README file for configuration details.
#
uucp unix - n n - - pipe
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
#
# Other external delivery methods.
#
ifmail unix - n n - - pipe
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix - n n - - pipe
flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
scalemail-backend unix - n n - 2 pipe
flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
mailman unix - n n - - pipe
flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
${nexthop} ${user}


amavis unix - - - - 2 smtp
-o smtp_data_done_timeout=1200
-o smtp_send_xforward_command=yes

127.0.0.1:10025 inet n - - - - smtpd
-o content_filter=
-o local_recipient_maps=
-o relay_recipient_maps=
-o smtpd_restriction_classes=
-o smtpd_client_restrictions=
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,rej ect
-o mynetworks=127.0.0.0/8
-o strict_rfc821_envelopes=yes
-o receive_override_options=no_unknown_recipient_chec ks,no_header_body_checks
-o smtpd_bind_address=127.0.0.1


And the output of ls -la /var/vmail/ is:
drwxr-xr-x 15 vmail vmail 4096 2009-10-28 16:28 .
drwxr-xr-x 15 root root 150 2009-10-27 15:48 ..
-rw-r--r-- 1 root root 220 2009-10-27 17:37 .bash_logout
-rw-r--r-- 1 vmail vmail 3116 2009-10-27 17:37 .bashrc
-rw------- 1 root root 1710 2009-10-28 16:27 .mailfilter
drwxr-xr-x 3 root root 4096 2009-10-28 14:06 mailfilters
-rw-r--r-- 1 root root 675 2009-10-27 17:37 .profile
drwx------ 3 vmail vmail 4096 2009-10-28 14:54 domains

voltron81
29th October 2009, 10:48
And the errors that I have when I reboot the server are:

Oct 29 09:27:43 srv3 spamd[2221]: logger: removing stderr method
Oct 29 09:27:44 srv3 spamd[2271]: dns: sendto() failed: Operation not permitted at /usr/share/perl5/Mail/SpamAssassin/DnsResolver.pm line 395.
Oct 29 09:27:46 srv3 authdaemond: modules="authmysql", daemons=5
Oct 29 09:27:46 srv3 authdaemond: Installing libauthmysql
Oct 29 09:27:46 srv3 authdaemond: Installation complete: authmysql
Oct 29 09:27:47 srv3 postfix/master[2944]: daemon started -- version 2.5.5, configuration /etc/postfix
Oct 29 09:27:48 srv3 postfix/qmgr[2961]: 259542528: from=<michele@xxxx.com>, size=1381, nrcpt=1 (queue active)
Oct 29 09:27:48 srv3 spamd[2271]: spamd: server started on port 783/tcp (running version 3.2.5)
Oct 29 09:27:48 srv3 spamd[2271]: spamd: server pid: 2271
Oct 29 09:27:48 srv3 spamd[2271]: spamd: server successfully spawned child process, pid 3014
Oct 29 09:27:48 srv3 spamd[2271]: spamd: server successfully spawned child process, pid 3015
Oct 29 09:27:48 srv3 spamd[2271]: prefork: child states: II
Oct 29 09:27:48 srv3 maildrop[2991]: Unable to open filter file, errno=13.


Thanks

Michele

till
29th October 2009, 10:48
Please run:

chown vmail:vmail /var/vmail/.mailfilter

voltron81
29th October 2009, 11:07
Thanks Till, now the emails are working.
Unfortunately I still have this error:
spamd[2263]: dns: sendto() failed: Operation not permitted at /usr/share/perl5/Mail/SpamAssassin/DnsResolver.pm line 395.


Any idea?

Anyway it's strange because it was working fine till yesterday morning and the other server (the replication) don't have this problem...

Thanks
Michele

voltron81
29th October 2009, 11:38
A fast upgrade:
I did a diagnostic test here: http://www.mxtoolbox.com/diagnostic.aspx and this is the result:
Not an open relay.
0 seconds - Good on Connection time
0.593 seconds - Good on Transaction time
OK - xxx.xxx.xxx.xxx resolves to
Warning - Reverse DNS does not match SMTP Banner

I've the same result also if I test the other server...
It's look like a Reverse DNS problem... but if I'm going to http://remote.12dt.com/ and I test the IP of the servers, I've the reverse DNS...
I had a look into the file /etc/resolv.conf and it's setup by the provider...
:confused:

voltron81
29th October 2009, 12:10
Sorry if I write again another post, but I've reboot both servers and this are the differences in the inizialization:

MASTER SERVER(the one with the error)
spamd[2224]: logger: removing stderr method
spamd[2273]: dns: sendto() failed: Operation not permitted at /usr/share/perl5/Mail/SpamAssassin/DnsResolver.pm line 395.
authdaemond: modules="authmysql", daemons=5
authdaemond: Installing libauthmysql
authdaemond: Installation complete: authmysql


BACKUP SERVER
spamd[2247]: logger: removing stderr method
spamd[2267]: spamd: server started on port 783/tcp (running version 3.2.5)
spamd[2267]: spamd: server pid: 2267
spamd[2267]: spamd: server successfully spawned child process, pid 2535
spamd[2267]: spamd: server successfully spawned child process, pid 2536
spamd[2267]: prefork: child states: II
authdaemond: modules="authmysql", daemons=5
authdaemond: Installing libauthmysql
authdaemond: Installation complete: authmysql

voltron81
29th October 2009, 15:14
I can see that if I receive an email, it's look like amavis doesn't check the spam, because in thel log there is:
postfix/cleanup[3794]: 26F25251B: message-id=<XXX@XXX>
postfix/qmgr[2945]: XXX: from=<XXX@XXX.com>, size=7171, nrcpt=1 (queue active)
amavis[2222]: (02222-01) Passed CLEAN, [xxx.xxx.xxx.xxx] [xxx.xxx.xxx.xxx] <xxxxx@xxxxxx.com> -> <xxxxx@xxxxxx.com>, Message-ID: <xxxxx@xxxxx>, mail_id: xxxxx, Hits: 0.179, size: 6694, queued_as: 26F2525xx, 743 ms
postfix/smtp[3795]: 1E4A82xxx: to=<xxxx@xxx.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=1.1, delays=0.34/0.03/0.02/0.74, dsn=2.0.0, status=sent (250 2.0.0 Ok, id=02222-01, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as 26F252xxx)
postfix/qmgr[2945]: 1E4A8xxxx: removed
postfix/pipe[3801]: 26F2xxx: to=<xxxx@xxxx.com>, relay=maildrop, delay=0.49, delays=0.01/0.03/0/0.45, dsn=2.0.0, status=sent (delivered via maildrop service)
postfix/qmgr[2945]: 26Fxxxx: removed


Any idea?

till
29th October 2009, 15:35
Passed clean means that amavisd checked your message successfully and found it to be not spam.

voltron81
29th October 2009, 16:18
Ok but how can I check the level spam values that spamassassin gave to the email received?

What do you think about the other problem that I explained before?

Thanks a lot Till
Michele

voltron81
29th October 2009, 18:33
Ok last upgrade of the day.
The ploblem of ReverseDNS was a my fault: I did't setup properly it with my ISP, now it's solved (I've passed also the test http://www.mxtoolbox.com/diagnostic.aspx)

But unfortunately I still have this error on the mail.log, once that I reboot the server:
spamd[2253]: dns: sendto() failed: Operation not permitted at /usr/share/perl5/Mail/SpamAssassin/DnsResolver.pm line 395.
:cool:

till
30th October 2009, 08:47
The sendo() failure can be cuased by a firewall that blocks dns connections. Have you tried to disable the firewall temporarily?

voltron81
30th October 2009, 10:24
Hi Till,
you're right. I've disabled the ISPConfig Firewall and the error disappear...
The strange thing is that the other server, with the replication also of firewall rules, have not errors...

Do you know which port I've to oper to avoid this error?
The firewall rules that I was using was the one by default of ISPConfig (20,21,22,25,53,80,110,143,443,3306,8080,10000)

Thanks
MiK

PS: anyway it's normal that in the mail.log I can not read the spam level that spamassassin gave to every incoming email?

till
30th October 2009, 10:29
Please try to stop fail2ban and then start the firewall again and check if it still works.

PS: anyway it's normal that in the mail.log I can not read the spam level that spamassassin gave to every incoming email?

This might depend on two things:

1) Set the spam tag level to 0 or even -100 in the rules you use. (just the tag level, not the tag2 level).

2) The loglevel in the amavisd.conf file (or on debian in the 50-user file inside the amvisd directory).

voltron81
30th October 2009, 11:08
Ok if I stop fail2ban and after I active the firewall rules of ISPConfig, how can I check if I haven't that error if I saw this error in the initialization phase just after a reboot?

For the second point: I've solve it setting a log_level=4 in /etc/amavis/conf.d/50-user

thanks a lot
Michele

voltron81
30th October 2009, 16:56
I'm still at the point that, with ISPConfig firewall activate, when I reboot the server I can see this error in the mail.log
spamd[2253]: dns: sendto() failed: Operation not permitted at /usr/share/perl5/Mail/SpamAssassin/DnsResolver.pm line 395.

The strange thing is that the other server (the replication) with ISPConfig firewall activate, have no errors...

Anyway, should it be a problem of permissions in that file?
My permission of that file is:
ls -la /usr/share/perl5/Mail/SpamAssassin/DnsResolver.pm
-rw-r--r-- 1 root root 16455 2008-06-10 10:20 /usr/share/perl5/Mail/SpamAssassin/DnsResolver.pm


Thanks
Michele

till
30th October 2009, 16:59
No, ist not a permission problem of the file.

Please do not reboot the server! Just stop fail2ban, then restart the firewall and not the server and check the logfile again.

voltron81
30th October 2009, 17:30
Ok Till,
but in this case, which log file I've to read?
Because in /var/log/mail.log I can not see nothing new... (was the file where, after reboot, I was reading the error...)

Thanks
Michele

till
30th October 2009, 18:55
If you dont see the message again, then the problem is solved. Thats why you should not reboot. To fix it permanenetly, reconfigure fail2ban to use the route command instead of iptables:

http://www.faqforge.com/linux/controlpanels/ispconfig3/configure-fail2ban-to-use-route-instead-of-iptables-to-block-connections/

voltron81
2nd November 2009, 10:17
Ok thanks Till,
I solved it setting up the firewall of my ISP instead of the one of ISPConfig...

Thanks again
Michele