Spamsnake 10.10 Baruwa issues after update

Discussion in 'HOWTO-Related Questions' started by tuxic, Sep 1, 2011.

  1. tuxic

    tuxic New Member

    Hi All,

    I recently updated my spamsnake with the latest baruwa packages following the guide. As i was updating also did a ubuntu full update. Everything seemed to be working fine but after a few days of running I noticed that mails were not being processed by mailscanner. The queue was filling up. I checked the mail.log and it looks like mailscanner is constantly restarting. In baruwa I see no errors (green).
    Code:
    Aug 31 02:03:08 baruwa MailScanner[25623]: MailScanner E-Mail Virus Scanner version 4.82.6 starting...
    Aug 31 02:03:08 baruwa MailScanner[25623]: Reading configuration file /opt/MailScanner/etc/MailScanner.conf
    Aug 31 02:03:08 baruwa MailScanner[25623]: Reading configuration file /opt/MailScanner/etc/conf.d/README
    Aug 31 02:03:09 baruwa MailScanner[25623]: Config: calling custom init function BaruwaLowScore
    Aug 31 02:03:09 baruwa MailScanner[25623]: Baruwa - Populating spam score settings
    Aug 31 02:03:09 baruwa MailScanner[25623]: Read 54 spam score settings
    Aug 31 02:03:09 baruwa MailScanner[25623]: Config: calling custom init function BaruwaBlacklist
    Aug 31 02:03:09 baruwa MailScanner[25623]: Starting Baruwa blacklists
    Aug 31 02:03:09 baruwa MailScanner[25623]: Read 247 blacklist items
    Aug 31 02:03:09 baruwa MailScanner[25623]: Ip blocks blacklisted:
    Aug 31 02:03:09 baruwa MailScanner[25623]: Config: calling custom init function BaruwaSQL
    Aug 31 02:03:09 baruwa MailScanner[25623]: Starting Baruwa SQL logger
    Aug 31 02:03:09 baruwa MailScanner[25623]: Config: calling custom init function BaruwaHighScore
    Aug 31 02:03:09 baruwa MailScanner[25623]: Baruwa - Populating high spam score settings
    Aug 31 02:03:09 baruwa MailScanner[25623]: Read 54 high spam score settings
    Aug 31 02:03:09 baruwa MailScanner[25623]: Config: calling custom init function BaruwaWhitelist
    Aug 31 02:03:09 baruwa MailScanner[25623]: Starting Baruwa whitelists
    Aug 31 02:03:09 baruwa MailScanner[25623]: Read 29 whitelist items
    Aug 31 02:03:09 baruwa MailScanner[25623]: Ip blocks whitelisted:
    Aug 31 02:03:09 baruwa MailScanner[25623]: Using SpamAssassin results cache
    Aug 31 02:03:09 baruwa MailScanner[25623]: Connected to SpamAssassin cache database
    Aug 31 02:03:09 baruwa MailScanner[25623]: Enabling SpamAssassin auto-whitelist functionality...
    Aug 31 02:03:12 baruwa MailScanner[25618]: Connected to Processing Attempts Database
    Aug 31 02:03:12 baruwa MailScanner[25618]: Found 8 messages in the Processing Attempts Database
    Aug 31 02:03:12 baruwa MailScanner[25618]: Using locktype = flock
    Aug 31 02:03:13 baruwa MailScanner[25623]: Connected to Processing Attempts Database
    Aug 31 02:03:13 baruwa MailScanner[25623]: Found 8 messages in the Processing Attempts Database
    Aug 31 02:03:13 baruwa MailScanner[25623]: Using locktype = flock
    Aug 31 02:03:13 baruwa MailScanner[25630]: MailScanner E-Mail Virus Scanner version 4.82.6 starting...
    Aug 31 02:03:13 baruwa MailScanner[25630]: Reading configuration file /opt/MailScanner/etc/MailScanner.conf
    Aug 31 02:03:13 baruwa MailScanner[25630]: Reading configuration file /opt/MailScanner/etc/conf.d/README
    Aug 31 02:03:14 baruwa MailScanner[25630]: Config: calling custom init function BaruwaLowScore
    Aug 31 02:03:14 baruwa MailScanner[25630]: Baruwa - Populating spam score settings
    Aug 31 02:03:14 baruwa MailScanner[25630]: Read 54 spam score settings
    Aug 31 02:03:14 baruwa MailScanner[25630]: Config: calling custom init function BaruwaBlacklist
    Aug 31 02:03:14 baruwa MailScanner[25630]: Starting Baruwa blacklists
    Aug 31 02:03:14 baruwa MailScanner[25630]: Read 247 blacklist items
    Aug 31 02:03:14 baruwa MailScanner[25630]: Ip blocks blacklisted:
    Aug 31 02:03:14 baruwa MailScanner[25630]: Config: calling custom init function BaruwaSQL
    Aug 31 02:03:14 baruwa MailScanner[25630]: Starting Baruwa SQL logger
    Aug 31 02:03:14 baruwa MailScanner[25630]: Config: calling custom init function BaruwaHighScore
    Aug 31 02:03:14 baruwa MailScanner[25630]: Baruwa - Populating high spam score settings
    Aug 31 02:03:14 baruwa MailScanner[25630]: Read 54 high spam score settings
    Aug 31 02:03:14 baruwa MailScanner[25630]: Config: calling custom init function BaruwaWhitelist
    Aug 31 02:03:14 baruwa MailScanner[25630]: Starting Baruwa whitelists
    Aug 31 02:03:14 baruwa MailScanner[25630]: Read 29 whitelist items
    Aug 31 02:03:14 baruwa MailScanner[25630]: Ip blocks whitelisted:
    This same issue occurred on another box which i also updated using the same method in the guide. It is also recurring after a few days of running fine and happens exactly around 2:00 AM. Any pointers would be appreciated.

    Thx
     
  2. Rocky

    Rocky New Member

    Did you upgrade MailScanner as well?

    Check to see if the Baruwa*.pm files exists in /opt/MailScanner/lib/MailScanner/CustomFunctions. If they do, open each one and verify that the database credentials are correctly configured.
     
  3. tuxic

    tuxic New Member

    I updated through apt-get update. Didn't really pay attention if mailscanner was also updated. But I followed the guide to correct the symlinks and checked those files in /opt/MailScanner/lib/MailScanner/CustomFunctions according to the upgrade guide and all .pm files contain the correct database credentials.

    Everything also seems to be working fine as is Baruwa. Only problem is that the processing stops after a few days and mailscanner keeps restarting, only way to get the queue to process is to reboot. Yesterday this happened exactly around 00:00 hours on both spamsnakes I built and I also noticed a lot of mailscanner (defunct) processes through top when the problem arises. Before the update of baruwa and ubuntu it was running fine for months (very stable)

    I tried troubleshooting but this is a tough one to crack.
     
  4. Rocky

    Rocky New Member

    It's possible that your problems are related to a cron job, but you'll have to do a bit of troubleshooting.

    Also, check your hard drive space and memory usage.
     
  5. tuxic

    tuxic New Member

    The memory usage is fine, so is hard drive space.

    Did a bit of troubleshooting and I'm a bit closer to the solution.

    I noticed that the problem only occurs when a virus was in a email message.
    So it had to be related to clamd.

    Also I noticed some time ago that there was a permissions difference in my spamsnake after the update and an old backup 'before' update.

    The folder /var/spool/MailScanner should have permissions postfix:www-data for all containing folders:

    incoming
    quarantaine
    spammassassin

    I manually set them correct yesterday. Somehow the folder incoming gets permissions changed to postfix:clamav and then is when the problems arise. The moment a virus message arrives, mailscanner crashes. If i correct the permissions, mailscanner runs without crashing.

    So question is, what is causing /var/spool/MailScanner/incoming to change it permissions?

    Thx for your insight.

    Tuxic
     
  6. Rocky

    Rocky New Member

    Hey,

    Incoming Work Group in MailScanner.conf is responsible for changing the folder's permission. That permission needs to be so in order for Clamav to have access to scan emails for viruses. Things are pointing towards Clamav being the culprit.

    Make sure you have the following settings in /etc/clamav/clamd.conf:

    LocalSocket /var/run/clamav/clamd.ctl
    LocalSocketGroup clamav
    LocalSocketMode 666
    User clamav
    AllowSupplementaryGroups true
    PidFile /var/run/clamav/clamd.pid
    DatabaseDirectory /var/lib/clamav

    Also, do the following:
    usermod -a -G www-data clamav


    vi /etc/apparmor.d/usr.sbin.clamd


    and add the Incoming folder to the list of folders
    /usr/sbin/clamd { #clamav /var/spool/MailScanner/** rw, /var/spool/MailScanner/incoming/** rw, } Reload apparmor:


    /etc/init.d/apparmor reload

    Let me know how that works out for you.
     

Share This Page