Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > Linux Forums > HOWTO-Related Questions

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 6th March 2008, 07:23
pheniks pheniks is offline
Junior Member
 
Join Date: Mar 2008
Location: USA, Texas
Posts: 8
Thanks: 0
Thanked 1 Time in 1 Post
Default ClamAV Milter Issues - Virtual Hosting Howto With Virtualmin On CentOS 5.1

After following this How To, I ran into some problems with Postfix and the ClamAV Milter. I pm'ed topdog on the issues and thought that maybe someone might benefit from the exchange we have had so far and that we might solve the issue below is the communication thus far:

Quote:
Quote:
Originally Posted by pheniks
I am having issues with the clamav-milter setup as described in your how to. As almost every issue that I have come across has been my missing a detail, I am sure that this is what has occurred. However, I am unable to locate why I am getting the following messages in the mail log and am unable to test sending email via the telnet tests suggested.

Mail Log Messages
Code:
Mar 5 19:52:39 ares postfix/cleanup[8498]: 0B47FEB0319: milter-reject: CONNECT from localhost[127.0.0.1]: 4.7.1 Service unavailable - try again later; from=<root@pheniks.net> Mar 5 19:52:42 ares postfix/smtpd[8708]: NOQUEUE: milter-reject: MAIL from tx-67-76-233-45.sta.embarqhsd.net[67.76.233.45]: 451 4.7.1 Service unavailable - try again later; proto=SMTP helo=<me> Mar 5 19:52:52 ares postfix/smtpd[8708]: NOQUEUE: milter-reject: UNKNOWN from tx-67-76-233-45.sta.embarqhsd.net[67.76.233.45]: 451 4.7.1 Service unavailable - try again later; proto=SMTP helo=<me> Mar 5 19:52:55 ares postfix/smtpd[8708]: disconnect from tx-67-76-233-45.sta.embarqhsd.net[67.76.233.45] Mar 5 19:53:39 ares postfix/pickup[8494]: BC325EB0319: uid=0 from=<root> Mar 5 19:53:39 ares postfix/cleanup[8496]: warning: connect to Milter service unix:/var/clamav/clmilter.socket: Permission denied Mar 5 19:53:39 ares postfix/cleanup[8496]: BC325EB0319: milter-reject: CONNECT from localhost[127.0.0.1]: 4.7.1 Service unavailable - try again later; from=<root@pheniks.net>
I will get you any configuration information you request.
Thanks in advance,
Aaron
Hi Aaron,
This is usually a permissions problem with the socket file. It seems to be a problem with the startup of the milter, at times when started the socket delays in being created meaning the command that changes the sockets ownership to the mail user is run before the socket is created.

Please try restarting the milter. Please send me the output of
Code:
ls -l /var/clamav/clmilter.socket
Quote:
Output of ls -l /var/clamav/clmilter.socket:
Code:
srwxrwxr-x 1 clamav postfix 0 Mar 5 16:08 /var/clamav/clmilter.socket
Additionally, on service clamav-milter restart, I receive the following:
Code:
Stopping Clamav Milter Daemon: [ OK ] Starting Clamav Milter Daemon: Your LANG environment variable is set to 'en_US.UTF-8' This is known to cause problems for some clamav-milter installations. If you get failures with temporary files, please try again with LANG unset. Loaded ClamAV 0.92.1/6136/Wed Mar 5 03:32:22 2008 ClamAV: Protecting against 243377 viruses [ OK ]
Quote:

Quote:
Originally Posted by topdog
Does that fix the issue ? Yes you can go for that, i have noticed that it happens on startup. I will try look at the source to see if it can be patched to set the group on the socket file.
That did not solve the issue. Are the user and group correct on the socket file? Should the config files be using unix vs. local.

On Page 3 of your How To, there is a section of the config file /etc/postfix/main.cf that goes like this:
Code:
smtpd_milters = unix:/var/clamav/clmilter.socket unix:/var/run/spamass.sock non_smtpd_milters = unix:/var/clamav/clmilter.socket unix:/var/run/spamass.sock
While on Page 5, the config file /etc/sysconfig/clamav-milter reads:
Code:
. . . SOCKET_ADDRESS="local:/var/clamav/clmilter.socket"
I changed both to the local: prefix and still have the issue. Should it be the unix: prefix?
Now, I have changed both to the unix: prefix and have not resolved the issue.
Reply With Quote
Sponsored Links
  #2  
Old 6th March 2008, 07:50
topdog topdog is offline
Senior Member
 
Join Date: Jan 2008
Location: South Africa
Posts: 1,352
Thanks: 0
Thanked 154 Times in 151 Posts
Default

Postfix and milter syntax are different so local: does not work within postfix

Try using tcp sockets.
Code:
SOCKET_ADDRESS="inet:3381@localhost"
and in postfix
Code:
smtpd_milters = inet:localhost:3381
non_smtpd_milters = inet:localhost:3381
__________________
----
http://www.topdog.za.net - Got Linux problems ? - I can help.
http://www.baruwa.org - Try it.
Reply With Quote
  #3  
Old 6th March 2008, 08:24
pheniks pheniks is offline
Junior Member
 
Join Date: Mar 2008
Location: USA, Texas
Posts: 8
Thanks: 0
Thanked 1 Time in 1 Post
Default

Converting to inet:localhost:3381 / inet:3381@localhost seems to have solved the issue with clamav-milter. Now, I am getting the same issue with the spamass-milter. Would there be a similar fix for this and what port?

From Postfix Website:
Quote:
Milter error handling

The milter_default_action parameter specifies how Postfix handles Milter application errors. The default action is to respond with a temporary error status, so that the client will try again later. Specify "accept" if you want to receive mail as if the filter does not exist, and "reject" to reject mail with a permanent status.

/etc/postfix/main.cf:
# What to do in case of errors? Specify accept, reject, or tempfail.
milter_default_action = tempfail
I don't recommend using this on a production system. We install these milters for a reason and passing over them if they aren't cooperating may not be the best idea from the standpoint of knowing that there is an issue.

I tried this in the event that it might pass over the errors on the milter and let me know if postfix was operating properly without the failing milters. I still receive a 451 4.7.1 Service unavailable - try again later message from telnet-ing into the smtpd service.

Last edited by pheniks; 6th March 2008 at 08:53. Reason: Something from the Postfix Website RE: Milter Handling
Reply With Quote
  #4  
Old 6th March 2008, 09:02
topdog topdog is offline
Senior Member
 
Join Date: Jan 2008
Location: South Africa
Posts: 1,352
Thanks: 0
Thanked 154 Times in 151 Posts
Default

The spamass-milter cannot use tcp connections. can you modify your init script like this
Code:
start() {
        echo -n $"Starting $desc ($prog): "
        daemon $prog -p $SOCKET -f $EXTRA_FLAGS
        RETVAL=$?
        sleep 5
        echo
        chgrp postfix /var/run/spamass.sock
        chmod g+w /var/run/spamass.sock
        [ $RETVAL -eq 0 ] && touch /var/lock/subsys/$prog
        return $RETVAL
}
__________________
----
http://www.topdog.za.net - Got Linux problems ? - I can help.
http://www.baruwa.org - Try it.
Reply With Quote
  #5  
Old 7th March 2008, 03:02
pheniks pheniks is offline
Junior Member
 
Join Date: Mar 2008
Location: USA, Texas
Posts: 8
Thanks: 0
Thanked 1 Time in 1 Post
Default Sleep doesn't appear to have worked...

I am now getting the 451 4.7.1 Service unavailable - try again later earlier in the telnet session:

Code:
telnet mail.pheniks.net 25
Trying 67.76.233.45...
Connected to mail.pheniks.net (67.76.233.45).
Escape character is '^]'.
220 ares.pheniks.net ESMTP Postfix
helo me
250 ares.pheniks.net
mail from:root@pheniks.net
451 4.7.1 Service unavailable - try again later
This is now the output of ls -l /var/run/spamass.sock:

Code:
srwxrwxr-x 1 root postfix    0 Mar  6 18:43 spamass.sock
From /var/log/maillog:
Code:
Mar  6 18:47:39 ares postfix/smtpd[31808]: warning: connect to Milter service unix:/var/run/spamass.sock: Permission denied
Mar  6 18:47:39 ares postfix/smtpd[31808]: NOQUEUE: milter-reject: CONNECT from tx-67-76-233-45.sta.embarqhsd.net[67.76.233.45]: 451 4.7.1 Service unavailable - try again later; proto=SMTP
Mar  6 18:47:42 ares postfix/smtpd[31808]: NOQUEUE: milter-reject: HELO from tx-67-76-233-45.sta.embarqhsd.net[67.76.233.45]: 451 4.7.1 Service unavailable - try again later; proto=SMTP
Mar  6 18:48:01 ares postfix/smtpd[31808]: NOQUEUE: milter-reject: MAIL from tx-67-76-233-45.sta.embarqhsd.net[67.76.233.45]: 451 4.7.1 Service unavailable - try again later; proto=SMTP helo=<me>
Mar  6 18:48:42 ares postfix/smtpd[31808]: disconnect from tx-67-76-233-45.sta.embarqhsd.net[67.76.233.45]
Reply With Quote
  #6  
Old 7th March 2008, 08:19
topdog topdog is offline
Senior Member
 
Join Date: Jan 2008
Location: South Africa
Posts: 1,352
Thanks: 0
Thanked 154 Times in 151 Posts
Default

Are you sure you loaded the selinux policy ?
__________________
----
http://www.topdog.za.net - Got Linux problems ? - I can help.
http://www.baruwa.org - Try it.
Reply With Quote
  #7  
Old 7th March 2008, 08:26
pheniks pheniks is offline
Junior Member
 
Join Date: Mar 2008
Location: USA, Texas
Posts: 8
Thanks: 0
Thanked 1 Time in 1 Post
Default

Errr... I'm pretty sure that I disabled SELinux. But, I think I wound up having to do it manually through a config file and then turn off the service.
Reply With Quote
  #8  
Old 7th March 2008, 08:37
topdog topdog is offline
Senior Member
 
Join Date: Jan 2008
Location: South Africa
Posts: 1,352
Thanks: 0
Thanked 154 Times in 151 Posts
Default

Selinux does not run as a service its loaded at boot time by the kernel
what is the output of
Code:
sestatus
__________________
----
http://www.topdog.za.net - Got Linux problems ? - I can help.
http://www.baruwa.org - Try it.
Reply With Quote
  #9  
Old 7th March 2008, 08:41
pheniks pheniks is offline
Junior Member
 
Join Date: Mar 2008
Location: USA, Texas
Posts: 8
Thanks: 0
Thanked 1 Time in 1 Post
Default

Output of sestatus:
Code:
SELinux status:                 enabled
SELinuxfs mount:                /selinux
Current mode:                   enforcing
Mode from config file:          disabled
Policy version:                 21
Policy from config file:        targeted
I must note here that you are quite thorough and I appreciate all the help.

Thank you!
Reply With Quote
  #10  
Old 7th March 2008, 16:49
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,751 Times in 2,581 Posts
 
Default

Please reboot your system and run
Code:
sestatus
again.
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Getting e-mail working hansoffate Installation/Configuration 29 13th August 2008 17:33
Centos 5.1 Virtual Mail Server Issues tmaleshafske HOWTO-Related Questions 7 19th February 2008 06:34
Virtual Users And Domains With Postfix, Courier And MySQL (CentOS 5.1) mexus HOWTO-Related Questions 10 29th January 2008 21:18
Virtual Users With Postfix, PostfixAdmin, Courier, Mailscanner, ClamAV On CentOS fchevitarese HOWTO-Related Questions 5 4th September 2007 13:58
CentOS Mail Server with Virtual Domains Howto morenz Server Operation 2 23rd March 2007 10:03


All times are GMT +2. The time now is 06:06.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.