I am without resolve on this one, out of the blue, one of my servers thats been running for weeks now, suddenly become almost impossible to log into. the login process from the consile / ssh and even all ports 110 ans 25 seem tot timeout to a couple minutes!!
My initial thoughts was that his server run out of some resource or another. however I can not detect the resource nor the process in error.
By using top i can indicate an running system - althow slow it seem to function
top - 14:25:40 up 26 min, 2 users, load average: 115.32, 103.99, 69.81
Tasks: 307 total, 2 running, 289 sleeping, 0 stopped, 16 zombie
Cpu(s): 20.9%us, 1.3%sy, 0.0%ni, 0.0%id, 77.2%wa, 0.3%hi, 0.3%si, 0.0%st
Mem: 515896k total, 510960k used, 4936k free, 1416k buffers
Swap: 1510068k total, 1478364k used, 31704k free, 13020k cached
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
5264 nyl-cass 17 0 27508 2084 584 D 8.6 0.4 0:13.59 clamscan
6712 top-henn 17 0 10192 8512 1616 D 7.3 1.6 0:00.44 spamassassin
4638 kliek-au 17 0 27244 1792 572 R 2.0 0.3 0:08.93 clamscan
6484 lim-lind 16 0 14908 9084 1680 D 1.7 1.8 0:00.69 spamassassin
5583 root 16 0 2580 1232 788 R 0.7 0.2 0:06.39 top
6414 nyl-flip 16 0 17628 12m 1728 D 0.7 2.4 0:00.70 spamassassin
6514 am-ambro 16 0 18284 10m 1752 D 0.7 2.0 0:00.76 spamassassin
6759 nyl-bouw 16 0 10208 8516 1616 D 0.7 1.7 0:00.41 spamassassin
6767 djd-joha 16 0 10204 8512 1616 D 0.3 1.6 0:00.40 spamassassin
If i reboot the server with
If i stop postfix, no change.
What can I test for, how can I seek the problem.
I had this issue with an smaller server (mandriva+mailbox), replaced it eventually with (ubuntu 7.04+maildir), but I cant keep on re-building and replacing servers, instead of repairing some missbehaving part.:cool:
1) Do not write in big red letters. This might lead the one or other user to not answer to your post. We are all able to read the normal small black letters ;)
2) The problem is that your server receives to much mail for the currently installed spam scanning and antivirus solution with clamscan and spamassassin. Check your mail log if you get higher email traffic, e.g. a spam.
I have done an
All the services stopped, took loooong time from 15:13 to last entry in syslog at 16:01, almost an hour (48 minutes!) the last standing processes was called from ISPConfig clamscan and authdaemond All the time the HDD seem to run non-stop!
4 deferred (29 deferrals)
2268 rejected (44%)
0 reject warnings
0 discarded (0%)
237532k bytes received
259623k bytes delivered
449 sending hosts/domains
36 recipient hosts/domains
Today's figures (early edition 2/3 day)
7 deferred (7 deferrals)
704 rejected (31%)
0 reject warnings
0 discarded (0%)
146215k bytes received
133408k bytes delivered
273 sending hosts/domains
42 recipient hosts/domains
I am convinced that Sumething "Broke" either an update came in or some other misshap. as the traffic to the server seem to be normal etc.
I left the server to work off the load, as another server of mine seem to have had the same issue was re-booted and that sorted it. This is for sure and spam attack of some sort! it kills clamscan and spamassassin, eventually mysql process gets killed as the server run out of memory! and all get grinded to an halt!
I still have no idea how to get rid of this, were to find the "queue to scan as i stop both postfix and ispconfig_server, clamscan keep on spawning scans. Were is that backlog, how do i remove the heaped-up mail to be scaned! It also seem to scan the same mail over and over, as i got some mail 4-5x already. DARn!
First, clamscan will stop spawning when you stop postfix. But it may take some time, mostly about 5 - 10 minutes.
The emails to be scanned are most likely in the mail queue. You can manage the mailqueue with the postqueue and postsuper commands.
You should try this to get down the load from clamav:
clamd is much faster then the current clamscan solution. Sinvce the clamav developers introduced clamav 0.90.x, the antivirus scanning is producing a much higher load. the problem seems to be known according to the clamav mailing lists and the clamav developers recommend to use clamd. There is also some patch which I hope will be integrated in some of the next clamav releases.
Short HOWTO switching to clamd/clamdscan in ISPConfig
My Set-Up consist of: ubuntu 7.04 and ISPConfig Version: 2.2.13
change the CLAMSCAN line to
It seems that clamscan could never eat the chunks of mail sent to it, the server become 100% unresponsive and login took hours. clientsatisfaction became Zero, while you see the faxes arriving from customers cancelling the service and shouting "nOOb" all over.
I Backed up the old server after I managed to quickly stop services postfix and ispconfig_server as well as killed all processes to do with clamscan (It dint go away after even 30 minutes as predicted by Till)
It took me exactly 3H15 minutes from the moment I rebooted on the CD to re-install the server till up and running with "Perfect ubuntu 7.04", ISPConfig and Backup restored / user passwd/shadow/group/gshadow files fixed.
However only to be confronted with Exactly the same problem! At that stage Till's feedback arrived and I was confused, he told me to edit the scritpt /home/admispconfig/ispconfig/tools/clamav/bin/clamassassin and fix it to work with clamd/clamdscan. Well it took me to again untar the ISPConfig installation files and search through install_ispconfig directory and found the README for clamassassin, in there was an nice indication of what to do.
The lessons learned here is that it does not always help to use the "Microsoft Fix" i.e. - Reload, but rather seek the real issue, then start digging/googling.
Thanks for the great post. I followed the instructions, however, i can't seem to get clamdscan to work on Centos 4.4.
Apparently, after yum install, /usr/bin/clamdscan does not exist. I found that executable file in ISPCONFIG's directory, but when i use that path, clamdscan doesn't seem to get invoked.
Could you point me in the right direction?
Switching to CLAMD on Centos 4.x with Ispconfig 2.2.13
hi guys, here's what i found.
In Centos 4.x, there's no need to do an yum install of clamav-daemon.
clamd executable is available in
Therefore, following Morons's instructions above, we just need to do the follows:
change the CLAMSCAN line to
check the line ScanMail
check the line NotifyClamd
|All times are GMT +2. The time now is 18:04.|
Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.