Maildrop error: Unable to open filter file, errno=13

Hi guys,
Is 15 minutes that my email server, realized with ISPConfig and roundcube, is not working properly.

In the mail.log file I can see:

Code:

 maildrop[4182]: Unable to open filter file, errno=13.
...
status=deferred (temporary failure. Command output: /usr/bin/maildrop: Unable to open filter file, errno=13.

Do you know what is going on?
I tried to reboot the server and also just postfix, but nothing happen...
Thanks

Michele

 

Thanks Till for your answer.
I've a master-master replication of dbispconfig (just the tables regarding the email) and /var/vmail.
It was working fine.
Now from the main server I've this problem, but if I switch off it, the other server is working without problem.

In both servers I've .mailfilter, the same file in both and with this permission:
-rw------- 1 root root 1710 2009-10-28 10:26 .mailfilter

The .mailfilter anyway is this one:

Code:

#
# Import variables
#

LOGNAME=tolower("$LOGNAME")
EXTENSION="$1"
RECIPIENT=tolower("$2")
USER=tolower("$3")
HOST=tolower("$4")
SENDER="$5"
DEFAULT="/var/vmail/$HOST/$USER/."

# Workaround for broken tolower function in some current fedora releases

if(!$USER)
{
  USER=$3
}
if(!$HOST)
{
  HOST=$4
}

if ( "$EXTENSION" ne "" )
{
  DELIMITER="+"
}

if (!$SENDER)
{
  SENDER = "<>"
}

#
# Autocreate maildir, if not existant
#

`test -e /var/vmail/$HOST`
if ( $RETURNCODE != 0 )
{
  `mkdir /var/vmail/$HOST`
}

`test -e /var/vmail/$HOST/$USER`
if ( $RETURNCODE != 0 )
{
  `maildirmake /var/vmail/$HOST/$USER`
  `chmod -R 0700 /var/vmail/$HOST`
}

# Check if the user has a autoresponder enabled

`test -f /var/vmail/mailfilters/$HOST/$USER/.autoresponder`
if ( $RETURNCODE == 0 )
{
  include "/var/vmail/mailfilters/$HOST/$USER/.autoresponder"
}
# Create a mailsize file
`echo $SIZE >> /var/vmail/$HOST/$USER/ispconfig_mailsize`


# Move SPAM to junk
`test -e /var/vmail/$HOST/$USER/.Junk`
if ( $RETURNCODE != 0 )
{
  `maildirmake -f Junk /var/vmail/$HOST/$USER`
  `chmod -R 0700 /var/vmail/$HOST/$USER/.Junk`
  `echo INBOX.Junk >> /var/vmail/$HOST/$USER/courierimapsubscribed`
}
if (/^Subject:.*\*\*\*SPAM\*\*\*/:h)
{
to /var/vmail/$HOST/$USER/.Junk/
}




#
# Test if the user has his own maildrop include,
# if not available, check if $DEFAULT is set
# (newer maildrop get's that from the DB and updates
# it) and deliver or fail temporarily if not available
#

`test -f /var/vmail/mailfilters/$HOST/$USER/.mailfilter`
if ( $RETURNCODE == 0 )
{
  include "/var/vmail/mailfilters/$HOST/$USER/.mailfilter"
}
else
{
  if ( "$DEFAULT" ne "" )
  {
    to "$DEFAULT"
  }
  else
  {
    EXITCODE=75
    exit
  }
}

Suggestions?

thanks
Michele

 

maybe is a stupid thing, but after taht I edited this file /var/www/ispconfig/mail/lib/lang/en_mail_user.lng I started to have problems.

But anyway I came back to the old file and I still have this problem...

 

I'm just realize that into the mail.log, once that I reboot the server, I can see this error:

Code:

spamd[2258]: dns: sendto() failed: Operation not permitted at /usr/share/perl5/Mail/SpamAssassin/DnsResolver.pm line 395.

 

Hi Till,
It's look like a problem for all my accounts.
The postfix of master.cf is:

Code:

#
# Postfix master process configuration file.  For details on the format
# of the file, see the master(5) manual page (command: "man 5 master").
#
# Do not forget to execute "postfix reload" after editing this file.
#
# ==========================================================================
# service type  private unpriv  chroot  wakeup  maxproc command + args
#               (yes)   (yes)   (yes)   (never) (100)
# ==========================================================================
smtp      inet  n       -       -       -       -       smtpd
#submission inet n       -       -       -       -       smtpd
#  -o smtpd_tls_security_level=encrypt
#  -o smtpd_sasl_auth_enable=yes
#  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
#  -o milter_macro_daemon_name=ORIGINATING
#smtps     inet  n       -       -       -       -       smtpd
#  -o smtpd_tls_wrappermode=yes
#  -o smtpd_sasl_auth_enable=yes
#  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
#  -o milter_macro_daemon_name=ORIGINATING
#628      inet  n       -       -       -       -       qmqpd
pickup    fifo  n       -       -       60      1       pickup
cleanup   unix  n       -       -       -       0       cleanup
qmgr      fifo  n       -       n       300     1       qmgr
#qmgr     fifo  n       -       -       300     1       oqmgr
tlsmgr    unix  -       -       -       1000?   1       tlsmgr
rewrite   unix  -       -       -       -       -       trivial-rewrite
bounce    unix  -       -       -       -       0       bounce
defer     unix  -       -       -       -       0       bounce
trace     unix  -       -       -       -       0       bounce
verify    unix  -       -       -       -       1       verify
flush     unix  n       -       -       1000?   0       flush
proxymap  unix  -       -       n       -       -       proxymap
proxywrite unix -       -       n       -       1       proxymap
smtp      unix  -       -       -       -       -       smtp
# When relaying mail as backup MX, disable fallback_relay to avoid MX loops
relay     unix  -       -       -       -       -       smtp
        -o smtp_fallback_relay=
#       -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq     unix  n       -       -       -       -       showq
error     unix  -       -       -       -       -       error
retry     unix  -       -       -       -       -       error
discard   unix  -       -       -       -       -       discard
local     unix  -       n       n       -       -       local
virtual   unix  -       n       n       -       -       virtual
lmtp      unix  -       -       -       -       -       lmtp
anvil     unix  -       -       -       -       1       anvil
scache    unix  -       -       -       -       1       scache
#
# ====================================================================
# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
#
# Many of the following services use the Postfix pipe(8) delivery
# agent.  See the pipe(8) man page for information about ${recipient}
# and other message envelope options.
# ====================================================================
#
# maildrop. See the Postfix MAILDROP_README file for details.
# Also specify in main.cf: maildrop_destination_recipient_limit=1
#
maildrop  unix  -       n       n       -       -       pipe
  flags=DRhu user=vmail argv=/usr/bin/maildrop -d vmail ${extension} ${recipient} ${user} ${nexthop} ${sender}
#
# See the Postfix UUCP_README file for configuration details.
#
uucp      unix  -       n       n       -       -       pipe
  flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
#
# Other external delivery methods.
#
ifmail    unix  -       n       n       -       -       pipe
  flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp     unix  -       n       n       -       -       pipe
  flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
scalemail-backend unix  -       n       n       -       2       pipe
  flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
mailman   unix  -       n       n       -       -       pipe
  flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
  ${nexthop} ${user}


amavis unix - - - - 2 smtp
        -o smtp_data_done_timeout=1200
        -o smtp_send_xforward_command=yes

127.0.0.1:10025 inet n - - - - smtpd
        -o content_filter=
        -o local_recipient_maps=
        -o relay_recipient_maps=
        -o smtpd_restriction_classes=
        -o smtpd_client_restrictions=
        -o smtpd_helo_restrictions=
        -o smtpd_sender_restrictions=
        -o smtpd_recipient_restrictions=permit_mynetworks,reject
        -o mynetworks=127.0.0.0/8
        -o strict_rfc821_envelopes=yes
        -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks
        -o smtpd_bind_address=127.0.0.1

And the output of ls -la /var/vmail/ is:

Code:

drwxr-xr-x 15 vmail vmail   4096 2009-10-28 16:28 .
drwxr-xr-x 15 root  root     150 2009-10-27 15:48 ..
-rw-r--r--  1 root  root     220 2009-10-27 17:37 .bash_logout
-rw-r--r--  1 vmail vmail   3116 2009-10-27 17:37 .bashrc
-rw-------  1 root  root    1710 2009-10-28 16:27 .mailfilter
drwxr-xr-x  3 root  root    4096 2009-10-28 14:06 mailfilters
-rw-r--r--  1 root  root     675 2009-10-27 17:37 .profile
drwx------  3 vmail vmail   4096 2009-10-28 14:54 domains

 

And the errors that I have when I reboot the server are:

Code:

Oct 29 09:27:43 srv3 spamd[2221]: logger: removing stderr method
Oct 29 09:27:44 srv3 spamd[2271]: dns: sendto() failed: Operation not permitted at /usr/share/perl5/Mail/SpamAssassin/DnsResolver.pm line 395.
Oct 29 09:27:46 srv3 authdaemond: modules="authmysql", daemons=5
Oct 29 09:27:46 srv3 authdaemond: Installing libauthmysql
Oct 29 09:27:46 srv3 authdaemond: Installation complete: authmysql
Oct 29 09:27:47 srv3 postfix/master[2944]: daemon started -- version 2.5.5, configuration /etc/postfix
Oct 29 09:27:48 srv3 postfix/qmgr[2961]: 259542528: from=<michele@xxxx.com>, size=1381, nrcpt=1 (queue active)
Oct 29 09:27:48 srv3 spamd[2271]: spamd: server started on port 783/tcp (running version 3.2.5)
Oct 29 09:27:48 srv3 spamd[2271]: spamd: server pid: 2271
Oct 29 09:27:48 srv3 spamd[2271]: spamd: server successfully spawned child process, pid 3014
Oct 29 09:27:48 srv3 spamd[2271]: spamd: server successfully spawned child process, pid 3015
Oct 29 09:27:48 srv3 spamd[2271]: prefork: child states: II
Oct 29 09:27:48 srv3 maildrop[2991]: Unable to open filter file, errno=13.

Thanks

Michele

 

Thanks Till, now the emails are working.
Unfortunately I still have this error:

Code:

spamd[2263]: dns: sendto() failed: Operation not permitted at /usr/share/perl5/Mail/SpamAssassin/DnsResolver.pm line 395.

Any idea?

Anyway it's strange because it was working fine till yesterday morning and the other server (the replication) don't have this problem...

Thanks
Michele

 

A fast upgrade:
I did a diagnostic test here: http://www.mxtoolbox.com/diagnostic.aspx and this is the result:
Not an open relay.
0 seconds - Good on Connection time
0.593 seconds - Good on Transaction time
OK - xxx.xxx.xxx.xxx resolves to
Warning - Reverse DNS does not match SMTP Banner

I've the same result also if I test the other server...
It's look like a Reverse DNS problem... but if I'm going to http://remote.12dt.com/ and I test the IP of the servers, I've the reverse DNS...
I had a look into the file /etc/resolv.conf and it's setup by the provider...

 

Sorry if I write again another post, but I've reboot both servers and this are the differences in the inizialization:

MASTER SERVER(the one with the error)

Code:

spamd[2224]: logger: removing stderr method
[U]spamd[2273]: dns: sendto() failed: Operation not permitted at /usr/share/perl5/Mail/SpamAssassin/DnsResolver.pm line 395.[/U]
authdaemond: modules="authmysql", daemons=5
authdaemond: Installing libauthmysql
authdaemond: Installation complete: authmysql

BACKUP SERVER

Code:

 spamd[2247]: logger: removing stderr method
spamd[2267]: spamd: server started on port 783/tcp (running version 3.2.5)
spamd[2267]: spamd: server pid: 2267
spamd[2267]: spamd: server successfully spawned child process, pid 2535
spamd[2267]: spamd: server successfully spawned child process, pid 2536
spamd[2267]: prefork: child states: II
authdaemond: modules="authmysql", daemons=5
authdaemond: Installing libauthmysql
authdaemond: Installation complete: authmysql

 

I can see that if I receive an email, it's look like amavis doesn't check the spam, because in thel log there is:

Code:

postfix/cleanup[3794]: 26F25251B: message-id=<XXX@XXX>
postfix/qmgr[2945]: XXX: from=<XXX@XXX.com>, size=7171, nrcpt=1 (queue active)
amavis[2222]: (02222-01) [U]Passed CLEAN[/U], [xxx.xxx.xxx.xxx] [xxx.xxx.xxx.xxx] <xxxxx@xxxxxx.com> -> <xxxxx@xxxxxx.com>, Message-ID: <xxxxx@xxxxx>, mail_id: xxxxx, Hits: 0.179, size: 6694, queued_as: 26F2525xx, 743 ms
postfix/smtp[3795]: 1E4A82xxx: to=<xxxx@xxx.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=1.1, delays=0.34/0.03/0.02/0.74, dsn=2.0.0, status=sent (250 2.0.0 Ok, id=02222-01, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as 26F252xxx)
postfix/qmgr[2945]: 1E4A8xxxx: removed
postfix/pipe[3801]: 26F2xxx: to=<xxxx@xxxx.com>, relay=maildrop, delay=0.49, delays=0.01/0.03/0/0.45, dsn=2.0.0, status=sent (delivered via maildrop service)
postfix/qmgr[2945]: 26Fxxxx: removed

Any idea?

 

Ok but how can I check the level spam values that spamassassin gave to the email received?

What do you think about the other problem that I explained before?

Thanks a lot Till
Michele

 

Ok last upgrade of the day.
The ploblem of ReverseDNS was a my fault: I did't setup properly it with my ISP, now it's solved (I've passed also the test http://www.mxtoolbox.com/diagnostic.aspx)

But unfortunately I still have this error on the mail.log, once that I reboot the server:

Code:

spamd[2253]: dns: sendto() failed: Operation not permitted at /usr/share/perl5/Mail/SpamAssassin/DnsResolver.pm line 395.

 

Hi Till,
you're right. I've disabled the ISPConfig Firewall and the error disappear...
The strange thing is that the other server, with the replication also of firewall rules, have not errors...

Do you know which port I've to oper to avoid this error?
The firewall rules that I was using was the one by default of ISPConfig (20,21,22,25,53,80,110,143,443,3306,8080,10000)

Thanks
MiK

PS: anyway it's normal that in the mail.log I can not read the spam level that spamassassin gave to every incoming email?

 

Ok if I stop fail2ban and after I active the firewall rules of ISPConfig, how can I check if I haven't that error if I saw this error in the initialization phase just after a reboot?

For the second point: I've solve it setting a log_level=4 in /etc/amavis/conf.d/50-user

thanks a lot
Michele