7th August 2008, 12:47
|
|
Super Moderator
|
|
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,665
Thanks: 1,896
Thanked 2,591 Times in 2,443 Posts
|
|
Is it possible that the system is eating up your swap? Do you have something like munin installed on it so that you can check?
|
10th August 2008, 02:37
|
|
Member
|
|
Join Date: Apr 2008
Posts: 89
Thanks: 0
Thanked 0 Times in 0 Posts
|
|
So sorry for the delay I just managed to sit down and try the chmod now!
I had to use chmod -R 777 /var/run/clamav before anything would work.
However in mail.log I get this:
Code:
Aug 10 03:28:10 OptiplexGX270T amavis[1401]: (01401-02) Blocked TEMPFAIL, [205.188.139.136] [81.178.2.118] <samankaya@netscape.net> -> <kayasaman@optiplex-networks.com>, Message-ID: <8CAC88BCB936586-B8-4DD8@FWM-M06.sysops.aol.com>, mail_id: yYNk9TENqaUc, Hits: 0.552, 2424 ms
Aug 10 03:28:10 OptiplexGX270T amavis[1401]: (01401-02) TIMING [total 2427 ms] - SMTP EHLO: 2 (0%)0, SMTP pre-MAIL: 1 (0%)0, SMTP pre-DATA-flush: 2 (0%)0, SMTP DATA: 37 (2%)2, body_digest: 1 (0%)2, gen_mail_id: 0 (0%)2, mime_decode: 12 (0%)2, get-file-type2: 74 (3%)5, decompose_part: 0 (0%)5, decompose_part: 0 (0%)5, parts_decode: 0 (0%)5, AV-scan-1: 23 (1%)6, AV-scan-2: 0 (0%)6, spam-wb-list: 2 (0%)6, SA msg read: 1 (0%)6, SA parse: 2 (0%)6, SA check: 2232 (92%)98, SA finish: 3 (0%)99, update_cache: 2 (0%)99, decide_mail_destiny: 1 (0%)99, fwd-rundown: 23 (1%)100, prepare-dsn: 1 (0%)100, main_log_entry: 7 (0%)100, update_snmp: 1 (0%)100, unlink-2-files: 1 (0%)100, rundown: 0 (0%)100
Aug 10 03:28:10 OptiplexGX270T postfix/smtp[7875]: 380945AA8E: to=<kayasaman@optiplex-networks.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=4848, delays=4846/0.01/0/2.4, dsn=4.4.1, status=deferred (host 127.0.0.1[127.0.0.1] said: 450 4.4.1 Can't connect to 127.0.0.1 port 10025, () at (eval 42) line 145, <GEN22> line 145., MTA([127.0.0.1]:10025), id=01401-02 (in reply to end of DATA command))
Which happens with outbound mail too.
I am using Munin, however I don't believe that it should effect the mail right? I have 1GB of RAM with 1.5GB swap
Last edited by lordshadow; 10th August 2008 at 02:43.
|
10th August 2008, 12:42
|
|
Super Moderator
|
|
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,665
Thanks: 1,896
Thanked 2,591 Times in 2,443 Posts
|
|
What's the ouptut of ? What's in /etc/postfix/master.cf?
|
11th August 2008, 09:39
|
|
Junior Member
|
|
Join Date: Jan 2006
Posts: 15
Thanks: 1
Thanked 1 Time in 1 Post
|
|
Requested info
I'm still getting lockups. I'm to the point I'd just like to turn off amavis and clamav and have postfix deliver mail without checking it. Right now when those are manually stopped, postfix's queue just builds. How could I fix that? Here's the info you requested:
netstat -tap
Code:
tempe:/var/run/clamav# netstat -tap
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 *:nfs *:* LISTEN -
tcp 0 0 *:swat *:* LISTEN 4271/inetd
tcp 0 0 localhost.localdo:10024 *:* LISTEN 3916/amavisd (maste
tcp 0 0 localhost.localdo:10025 *:* LISTEN 4338/master
tcp 0 0 localhost.localdo:mysql *:* LISTEN 4159/mysqld
tcp 0 0 *:netbios-ssn *:* LISTEN 4350/smbd
tcp 0 0 localhost.localdo:spamd *:* LISTEN 3920/spamd.pid
tcp 0 0 *:sunrpc *:* LISTEN 3417/portmap
tcp 0 0 *:624 *:* LISTEN 4261/rpc.mountd
tcp 0 0 *:auth *:* LISTEN 4271/inetd
tcp 0 0 *:58194 *:* LISTEN 4471/rpc.statd
tcp 0 0 *:35154 *:* LISTEN -
tcp 0 0 *:munin *:* LISTEN 4702/munin-node
tcp 0 0 localhost.locald:domain *:* LISTEN 3869/named
tcp 0 0 tempe.sharealike:domain *:* LISTEN 3869/named
tcp 0 0 localhost.localdoma:823 *:* LISTEN 4463/famd
tcp 0 0 *:smtp *:* LISTEN 4338/master
tcp 0 0 localhost.localdoma:953 *:* LISTEN 3869/named
tcp 0 0 *:2812 *:* LISTEN 4774/monit
tcp 0 0 *:microsoft-ds *:* LISTEN 4350/smbd
tcp 0 0 localhost.localdo:10024 localhost.localdo:54099 ESTABLISHED5901/amavisd (ch2-0
tcp 0 0 localhost.localdo:10024 localhost.localdo:54098 ESTABLISHED5900/amavisd (ch2-0
tcp 0 0 localhost.localdo:54098 localhost.localdo:10024 ESTABLISHED5016/smtp
tcp 0 0 localhost.localdo:54099 localhost.localdo:10024 ESTABLISHED5918/smtp
tcp6 0 0 *:imaps *:* LISTEN 4054/couriertcpd
tcp6 0 0 *:pop3s *:* LISTEN 4078/couriertcpd
tcp6 0 0 *:pop3 *:* LISTEN 4059/couriertcpd
tcp6 0 0 *:imap2 *:* LISTEN 4042/couriertcpd
tcp6 0 0 *:www *:* LISTEN 4627/apache2
tcp6 0 0 *:ssh *:* LISTEN 4381/sshd
tcp6 0 0 ip6-localhost:953 *:* LISTEN 3869/named
tcp6 0 0 *:https *:* LISTEN 4627/apache2
tcp6 0 1296 tempe.sharealike.or:ssh chino.sharealike.:42904 ESTABLISHED5922/0
master.cf
Code:
tempe:/var/run/clamav# cat /etc/postfix/master.cf
#
# Postfix master process configuration file. Each logical line
# describes how a Postfix daemon program should be run.
#
# A logical line starts with non-whitespace, non-comment text.
# Empty lines and whitespace-only lines are ignored, as are comment
# lines whose first non-whitespace character is a `#'.
# A line that starts with whitespace continues a logical line.
#
# The fields that make up each line are described below. A "-" field
# value requests that a default value be used for that field.
#
# Service: any name that is valid for the specified transport type
# (the next field). With INET transports, a service is specified as
# host:port. The host part (and colon) may be omitted. Either host
# or port may be given in symbolic form or in numeric form. Examples
# for the SMTP server: localhost:smtp receives mail via the loopback
# interface only; 10025 receives mail on port 10025.
#
# Transport type: "inet" for Internet sockets, "unix" for UNIX-domain
# sockets, "fifo" for named pipes.
#
# Private: whether or not access is restricted to the mail system.
# Default is private service. Internet (inet) sockets can't be private.
#
# Unprivileged: whether the service runs with root privileges or as
# the owner of the Postfix system (the owner name is controlled by the
# mail_owner configuration variable in the main.cf file). Only the
# pipe, virtual and local delivery daemons require privileges.
#
# Chroot: whether or not the service runs chrooted to the mail queue
# directory (pathname is controlled by the queue_directory configuration
# variable in the main.cf file). Presently, all Postfix daemons can run
# chrooted, except for the pipe, virtual and local delivery daemons.
# The proxymap server can run chrooted, but doing so defeats most of
# the purpose of having that service in the first place.
# The files in the examples/chroot-setup subdirectory describe how
# to set up a Postfix chroot environment for your type of machine.
#
# Wakeup time: automatically wake up the named service after the
# specified number of seconds. A ? at the end of the wakeup time
# field requests that wake up events be sent only to services that
# are actually being used. Specify 0 for no wakeup. Presently, only
# the pickup, queue manager and flush daemons need a wakeup timer.
#
# Max procs: the maximum number of processes that may execute this
# service simultaneously. Default is to use a globally configurable
# limit (the default_process_limit configuration parameter in main.cf).
# Specify 0 for no process count limit.
#
# Command + args: the command to be executed. The command name is
# relative to the Postfix program directory (pathname is controlled by
# the daemon_directory configuration variable). Adding one or more
# -v options turns on verbose logging for that service; adding a -D
# option enables symbolic debugging (see the debugger_command variable
# in the main.cf configuration file). See individual command man pages
# for specific command-line options, if any.
#
# General main.cf options can be overridden for specific services.
# To override one or more main.cf options, specify them as arguments
# below, preceding each option by "-o". There must be no whitespace
# in the option itself (separate multiple values for an option by
# commas).
#
# In order to use the "uucp" message tranport below, set up entries
# in the transport table.
#
# In order to use the "cyrus" message transport below, configure it
# in main.cf as the mailbox_transport.
#
# SPECIFY ONLY PROGRAMS THAT ARE WRITTEN TO RUN AS POSTFIX DAEMONS.
# ALL DAEMONS SPECIFIED HERE MUST SPEAK A POSTFIX-INTERNAL PROTOCOL.
#
# DO NOT SHARE THE POSTFIX QUEUE BETWEEN MULTIPLE POSTFIX INSTANCES.
#
# ==========================================================================
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (100)
# ==========================================================================
smtp inet n - n - - smtpd
#submission inet n - - - - smtpd
# -o smtpd_etrn_restrictions=reject
#628 inet n - - - - qmqpd
pickup fifo n - - 60 1 pickup
cleanup unix n - - - 0 cleanup
qmgr fifo n - - 300 1 qmgr
#qmgr fifo n - - 300 1 oqmgr
rewrite unix - - - - - trivial-rewrite
bounce unix - - - - 0 bounce
defer unix - - - - 0 bounce
trace unix - - - - 0 bounce
verify unix - - - - 1 verify
flush unix n - - 1000? 0 flush
proxymap unix - - n - - proxymap
smtp unix - - - - - smtp
relay unix - - - - - smtp
# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq unix n - - - - showq
error unix - - - - - error
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - n - - lmtp
anvil unix - - n - 1 anvil
#
# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
#
# maildrop. See the Postfix MAILDROP_README file for details.
#
maildrop unix - n n - - pipe
flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
uucp unix - n n - - pipe
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
ifmail unix - n n - - pipe
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix - n n - - pipe
flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -d -t$nexthop -f$sender $recipient
scalemail-backend unix - n n - 2 pipe
flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
# only used by postfix-tls
#tlsmgr fifo - - n 300 1 tlsmgr
#smtps inet n - n - - smtpd -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes
#587 inet n - n - - smtpd -o smtpd_enforce_tls=yes -o smtpd_sasl_auth_enable=yes
# Added from howtoforge.com HOWTO
amavis unix - - - - 2 smtp
-o smtp_data_done_timeout=1200
-o smtp_send_xforward_command=yes
127.0.0.1:10025 inet n - - - - smtpd
-o content_filter=
-o local_recipient_maps=
-o relay_recipient_maps=
-o smtpd_restriction_classes=
-o smtpd_client_restrictions=
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o mynetworks=127.0.0.0/8
-o strict_rfc821_envelopes=yes
-o receive_override_options=no_unknown_recipient_checks,no_header_body_checks
-o smtpd_bind_address=127.0.0.1
tlsmgr unix - - - 1000? 1 tlsmgr
scache unix - - - - 1 scache
discard unix - - - - - discard
|
12th August 2008, 18:46
|
|
Super Moderator
|
|
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,665
Thanks: 1,896
Thanked 2,591 Times in 2,443 Posts
|
|
Can you comment out the last three lines in master.cf:
Code:
tlsmgr unix - - - 1000? 1 tlsmgr
scache unix - - - - 1 scache
discard unix - - - - - discard
and restart Postfix?
|
19th August 2008, 18:52
|
|
Junior Member
|
|
Join Date: Jan 2006
Posts: 15
Thanks: 1
Thanked 1 Time in 1 Post
|
|
Server still freezing up
Hi, I commented out those three lines and still, if I run amavis/clamav then after a short time the server totally freezes so that it's not even responsive at the keyboard and only a hard reset restores it. (For example, this time when it locked up I also had an SSH session connected running top and it disconnected me saying "Read from remote host 192.168.1.38: Connection timed out Connection to 192.168.1.38 closed.").
I also still get the following errors (though the tls ones are new):
Code:
Aug 19 08:31:15 localhost amavis[5232]: (05232-01) (!!) TROUBLE in check_mail: virus_scan FAILED: virus_scan: ALL VIRUS SCANNERS FAILED: ClamAV-clamd av-scanner FAILED: Too many retries to talk to /var/run/clamav/clamd.ctl (Can't connect to UNIX socket /var/run/clamav/clamd.ctl: No such file or directory) at (eval 44) line 268.; ClamAV-clamscan av-scanner FAILED: /usr/bin/clamscan timed out at (eval 44) line 462.
Aug 19 08:31:15 localhost amavis[5232]: (05232-01) (!) PRESERVING EVIDENCE in /var/lib/amavis/tmp/amavis-20080819T082553-05232
Aug 19 08:33:23 localhost postfix/smtpd[6432]: warning: connect to private/tlsmgr: Connection refused
Aug 19 08:33:23 localhost postfix/smtpd[6432]: warning: problem talking to server private/tlsmgr: Connection refused
Aug 19 08:33:24 localhost postfix/smtpd[6432]: warning: connect to private/tlsmgr: Connection refused
Aug 19 08:33:24 localhost postfix/smtpd[6432]: warning: problem talking to server private/tlsmgr: Connection refused
Aug 19 08:33:24 localhost postfix/smtpd[6432]: warning: no entropy for TLS key generation: disabling TLS support
I think there are two ways to describe the symptoms: 1) Even with chmod 777 it cannot write to /var/run/clamav which is puzzling; 2) In general terms it seems like clamd and clamscan periodically consume >100% system resources trying to scan queued email for viruses/spam and something in that process isn't working right and it eventually totally locks up.
Any other ideas?
|
20th August 2008, 14:30
|
|
Super Moderator
|
|
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,665
Thanks: 1,896
Thanked 2,591 Times in 2,443 Posts
|
|
Regarding the TLS errors, you should uncomment the three lines again.
But I have no idea regarding the socket error...
|
26th August 2008, 19:19
|
|
Member
|
|
Join Date: Apr 2008
Posts: 89
Thanks: 0
Thanked 0 Times in 0 Posts
|
|
With my problem netstat -tap shows
Code:
# netstat -tap
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 *:55008 *:* LISTEN 3378/rpc.statd
tcp 0 0 localhost:60000 *:* LISTEN 2773/postgrey.pid -
tcp 0 0 localhost:2208 *:* LISTEN 2569/hpiod
tcp 0 0 *:nfs *:* LISTEN -
tcp 0 0 *:afpovertcp *:* LISTEN 3151/afpd
tcp 0 0 *:swat *:* LISTEN 3206/inetd
tcp 0 0 localhost:10024 *:* LISTEN 15704/amavisd (mast
tcp 0 0 localhost:10025 *:* LISTEN 31109/master
tcp 0 0 *:56681 *:* LISTEN -
tcp 0 0 localhost:mysql *:* LISTEN 2657/mysqld
tcp 0 0 *:netbios-ssn *:* LISTEN 3279/smbd
tcp 0 0 localhost:spamd *:* LISTEN 2777/spamd.pid
tcp 0 0 *:sunrpc *:* LISTEN 2220/portmap
tcp 0 0 localhost:32912 *:* LISTEN 2572/python
tcp 0 0 *:auth *:* LISTEN 3206/inetd
tcp 0 0 *:munin *:* LISTEN 3534/munin-node
tcp 0 0 OptiplexGX270T.o:domain *:* LISTEN 2511/named
tcp 0 0 localhost:domain *:* LISTEN 2511/named
tcp 0 0 localhost:ipp *:* LISTEN 3028/cupsd
tcp 0 0 *:smtp *:* LISTEN 31109/master
tcp 0 0 localhost:953 *:* LISTEN 2511/named
tcp 0 0 localhost:4700 *:* LISTEN 3153/cnid_metad
tcp 0 0 *:microsoft-ds *:* LISTEN 3279/smbd
tcp 0 0 *:831 *:* LISTEN 3196/rpc.mountd
tcp 0 0 OptiplexGX270T.opti:nfs mail.gx110.optiplex:792 ESTABLISHED-
tcp 3216 0 OptiplexGX270T.op:38890 clamav.oucs.ox.ac.u:www CLOSE_WAIT 25978/freshclam
tcp 0 0 OptiplexGX270T.op:58934 clamav.mirror.anlx.:www ESTABLISHED25978/freshclam
tcp 0 0 OptiplexGX270T.op:59579 ftp.heanet.ie:www ESTABLISHED25978/freshclam
tcp6 0 0 *:imaps *:* LISTEN 2988/couriertcpd
tcp6 0 0 *:pop3s *:* LISTEN 3007/couriertcpd
tcp6 0 0 *:pop3 *:* LISTEN 2993/couriertcpd
tcp6 0 0 *:imap2 *:* LISTEN 2976/couriertcpd
tcp6 0 0 *:www *:* LISTEN 31306/apache2
tcp6 0 0 *:domain *:* LISTEN 2511/named
tcp6 0 0 *:ssh *:* LISTEN 12987/sshd
tcp6 0 0 ip6-localhost:953 *:* LISTEN 2511/named
tcp6 0 720 OptiplexGX270T.opti:ssh vaio:53039 ESTABLISHED11226/sshd: kayasam
tcp6 0 0 OptiplexGX270T.op:imap2 vaio:36715 ESTABLISHED16514/imapd
and in master.cf is:
Code:
# cat /etc/postfix/master.cf
#
# Postfix master process configuration file. For details on the format
# of the file, see the master(5) manual page (command: "man 5 master").
#
# ==========================================================================
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (100)
# ==========================================================================
smtp inet n - n - - smtpd
#submission inet n - - - - smtpd
# -o smtpd_enforce_tls=yes
# -o smtpd_sasl_auth_enable=yes
# -o smtpd_client_restrictions=permit_sasl_authenticated,reject
#smtps inet n - - - - smtpd
# -o smtpd_tls_wrappermode=yes
# -o smtpd_sasl_auth_enable=yes
# -o smtpd_client_restrictions=permit_sasl_authenticated,reject
#628 inet n - - - - qmqpd
pickup fifo n - - 60 1 pickup
cleanup unix n - - - 0 cleanup
qmgr fifo n - n 300 1 qmgr
#qmgr fifo n - - 300 1 oqmgr
tlsmgr unix - - - 1000? 1 tlsmgr
rewrite unix - - - - - trivial-rewrite
bounce unix - - - - 0 bounce
defer unix - - - - 0 bounce
trace unix - - - - 0 bounce
verify unix - - - - 1 verify
flush unix n - - 1000? 0 flush
proxymap unix - - n - - proxymap
smtp unix - - - - - smtp
# When relaying mail as backup MX, disable fallback_relay to avoid MX loops
relay unix - - - - - smtp
-o fallback_relay=
# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq unix n - - - - showq
error unix - - - - - error
discard unix - - - - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - - - - lmtp
anvil unix - - - - 1 anvil
scache unix - - - - 1 scache
#
# ====================================================================
# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
#
# Many of the following services use the Postfix pipe(8) delivery
# agent. See the pipe(8) man page for information about ${recipient}
# and other message envelope options.
# ====================================================================
#
# maildrop. See the Postfix MAILDROP_README file for details.
# Also specify in main.cf: maildrop_destination_recipient_limit=1
#
maildrop unix - n n - - pipe
flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
#
# See the Postfix UUCP_README file for configuration details.
#
uucp unix - n n - - pipe
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)#
# Other external delivery methods.
#
ifmail unix - n n - - pipe
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix - n n - - pipe
flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipientscalemail-backend unix - n n - 2 pipe
flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
mailman unix - n n - - pipe
flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
${nexthop} ${user}
amavis unix - - - - 2 smtp
-o smtp_data_done_timeout=1200
-o smtp_send_xforward_command=yes
-o disable_dns_lookups=yes
-o max_use=20
127.0.0.1:10025 inet n - - - - smtpd
-o content_filter=
-o local_recipient_maps=
-o relay_recipient_maps=
-o smtpd_restriction_classes=
-o smtpd_delay_reject=no
-o smtpd_client_restrictions=permit_mynetworks,reject
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o smtpd_data_restrictions=reject_unauth_pipelining
-o smtpd_end_of_data_restrictions=
-o mynetworks=192.168.1.0/24
-o smtpd_error_sleep_time=0
-o smtpd_soft_error_limit=1001
-o smtpd_hard_error_limit=1000
-o smtpd_client_connection_count_limit=0
-o smtpd_client_connection_rate_limit=0
-o receive_override_options=no_header_body_checks,no_unknown_recipient_checks
-o strict_rfc821_envelopes=yes
-o smtpd_bind_address=127.0.0.1
so am not sure why it can't connect to port 10025???
|
| Thread Tools |
|
|
| Display Modes |
 Linear Mode
|
Posting Rules
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
HTML code is Off
|
|
|
All times are GMT +2. The time now is 03:43.
|
|
English | 
Deutsch
Recent comments
1 day 3 hours ago
1 day 6 hours ago
1 day 7 hours ago
1 day 8 hours ago
1 day 10 hours ago
1 day 12 hours ago
1 day 13 hours ago
2 days 5 hours ago
2 days 6 hours ago
2 days 9 hours ago