Postifx with Virtual Users / MySQL / ClamAV etc - Monitoring

[thesquib]

This tutorial was great... i have configured a mail server to the dot, and it works as expected. But i have a few questions

*I tested sending a zip file with a virus in it, and the email was deleted with no confirmation or any email sent to the recipient explaining what had happened.
Will this be ClamAV? I wasn't sure what logs to check, i couldn't find anything related to the deletion of the email... It would be ideal if this sent a notification message of some sort.


*Is there some way to monitor spamassassin/clamav - statistics to break down who is getting spam, etc... I guess there needs to be some way to track messages or something.

[thesquib]

Another thing i've noticed is, there is a fair delay between sending and actually receiving the message even when I send from another mail server within our local network. It seems to be able to deliver up to 8 per minute. Is this because the antivirus / spamassassin scanning?

Now 6-8 emails a minute is fairly slow. I just sent 50 to our other server (much older, but running Windows with Symantec Mail security) and that processed all 40 and moved them into my mailbox for delivery in under a minute.

Is this normal for the security this setup has? Or is there something wrong here

[falko]

Quote:

Originally Posted by thesquib

*I tested sending a zip file with a virus in it, and the email was deleted with no confirmation or any email sent to the recipient explaining what had happened.
Will this be ClamAV? I wasn't sure what logs to check, i couldn't find anything related to the deletion of the email... It would be ideal if this sent a notification message of some sort.

Check the mail log. MAybe you can configure the notofications in amavisd. Have a look at /etc/amavisd.conf.

Quote:

Originally Posted by thesquib

*Is there some way to monitor spamassassin/clamav - statistics to break down who is getting spam, etc... I guess there needs to be some way to track messages or something.

Check out mailgraph and pflogsumm:
http://people.ee.ethz.ch/~dws/software/mailgraph/
http://jimsun.linxnet.com/postfix_contrib.html

Quote:

Another thing i've noticed is, there is a fair delay between sending and actually receiving the message even when I send from another mail server within our local network. It seems to be able to deliver up to 8 per minute. Is this because the antivirus / spamassassin scanning?

Depends on your hardware. The slowest part is amavisd which is written in Perl.

[thesquib]

Its not the most amazing hardware: Compaq Proliant ML530 (two 1GHz Pentium III Xeon processors), 640mb of ram(this will be increased, probably needs to be), RAID 5 across 5 hard drives. I would have thought this would be enough. The graphs munin has put out show that the cpu load hasn't gone above about 3%. It looks like memory is fairly well used however...

[thesquib]

Came back in the morning and found these in the mail.log:

May 17 09:04:42 localhost amavis[6933]: (06933-02) lookup_sql: 2006, MySQL server has gone away
May 17 09:04:42 localhost amavis[6933]: (06933-02) NOTICE: Disconnected from SQL server
May 17 09:04:42 localhost amavis[6933]: (06933-02) TROUBLE in check_mail: creating_partsdir FAILED: DBD::mysql::st execute failed: MySQL server has gone away$
May 17 09:04:42 localhost amavis[6933]: (06933-02) PRESERVING EVIDENCE in /var/lib/amavis/amavis-20060516T163311-0693

[thesquib]

I removed the two lines from the postfix config file main.cf that ties in amavis etc:

content_filter = amavis:[127.0.0.1]:10024
receive_override_options = no_address_mappings

And the speed increased 10 fold, so amavis-new is obviously causing the slow down.

[thesquib]

hmmm..... now all mail just sits in the queue with this. I have not been able to sort out what it is so far. I installed a few perl modules and things that were required by that monitoring software Falko linked. Anyone know what this means?


2EF605141EF 9603 Wed May 17 13:08:28 sender@domain
(host 127.0.0.1[127.0.0.1] said: 451 4.5.0 Error in processing, id=04900-01, decoding2-get-file-types FAILED: 'file' utility (/usr/bin/file) failed, status=1 (256 ) at /usr/sbin/amavisd-new line 3853. (in reply to end of DATA command))
recipient@domain


in the mail.log is:
May 17 13:42:41 localhost amavis[2435]: (02430-01) run_command: child process [2435] failed to exec /usr/bin/file /var/lib/amavis/amavis-20060517T134241-0243$
May 17 13:42:41 localhost amavis[2430]: (02430-01) TROUBLE in check_mail: decoding2-get-file-types FAILED: 'file' utility (/usr/bin/file) failed, status=1 (2$
May 17 13:42:41 localhost amavis[2430]: (02430-01) PRESERVING EVIDENCE in /var/lib/amavis/amavis-20060517T134241-02430


So I ran this in the command line:
/var/lib/amavis/amavis-20060517T134241-02430/email.txt
and got this response:
/var/lib/amavis/amavis-20060517T134241-02430/email.txt: RFC 822 mail text
It would seem this does work

[thesquib]

The error I Outlined in my previous two posts is fixed.. but the speed issue is still at odds with me.

To fix the error I described -
I installed CPAN, and then installed Net::Server using CPAN. This installed a newer version of Net::Server than the Debian version (0.93 instead of 0.90).
The version can be checked with:
perl -MNet::Server -e 'print "$Net::Server::VERSION\n";'

and the old version resintalled with:
cd /usr/local/src
wget http://search.cpan.org/CPAN/authors/...er-0.90.tar.gz
tar xzvf Net-Server-0.90.tar.gz
cd Net-Server-0.90
perl Makefile.PL
make && make test && make install

[thesquib]

Quote:

Originally Posted by thesquib

I removed the two lines from the postfix config file main.cf that ties in amavis etc:

content_filter = amavis:[127.0.0.1]:10024
receive_override_options = no_address_mappings

And the speed increased 10 fold, so amavis-new is obviously causing the slow down.

I have narrowed the incredible slowness down to the anti-spam.
When I uncomment this:
#@bypass_spam_checks_acl = qw( . ); # uncomment to DISABLE anti-spam code

from the amavis.conf if I fire 200 emails at the server is sends them out within minutes... if that is enabled it could take 20 -30 minutes. The interesting thing is the load just doesn't seem to be that bad on the server. Watching top whilst this is happening, I don't see memory load going above half the available. CPU usage tipped out at about 10%.

[falko]

SpamAssassin is also written in Perl, therefore it's not very fast...