ClamAV Milter Issues - Virtual Hosting Howto With Virtualmin On CentOS 5.1

After following this How To, I ran into some problems with Postfix and the ClamAV Milter. I pm'ed topdog on the issues and thought that maybe someone might benefit from the exchange we have had so far and that we might solve the issue below is the communication thus far:

Now, I have changed both to the unix: prefix and have not resolved the issue.

 

Postfix and milter syntax are different so local: does not work within postfix

Try using tcp sockets.

Code:

SOCKET_ADDRESS="inet:3381@localhost"

and in postfix

Code:

smtpd_milters = inet:localhost:3381
non_smtpd_milters = inet:localhost:3381

 

Converting to inet:localhost:3381 / inet:3381@localhost seems to have solved the issue with clamav-milter. Now, I am getting the same issue with the spamass-milter. Would there be a similar fix for this and what port?

From Postfix Website:

I don't recommend using this on a production system. We install these milters for a reason and passing over them if they aren't cooperating may not be the best idea from the standpoint of knowing that there is an issue.

I tried this in the event that it might pass over the errors on the milter and let me know if postfix was operating properly without the failing milters. I still receive a 451 4.7.1 Service unavailable - try again later message from telnet-ing into the smtpd service.

 

The spamass-milter cannot use tcp connections. can you modify your init script like this

Code:

start() {
        echo -n $"Starting $desc ($prog): "
        daemon $prog -p $SOCKET -f $EXTRA_FLAGS
        RETVAL=$?
        sleep 5
        echo
        chgrp postfix /var/run/spamass.sock
        chmod g+w /var/run/spamass.sock
        [ $RETVAL -eq 0 ] && touch /var/lock/subsys/$prog
        return $RETVAL
}

 

Sleep doesn't appear to have worked...

I am now getting the 451 4.7.1 Service unavailable - try again later earlier in the telnet session:

Code:

telnet mail.pheniks.net 25
Trying 67.76.233.45...
Connected to mail.pheniks.net (67.76.233.45).
Escape character is '^]'.
220 ares.pheniks.net ESMTP Postfix
helo me
250 ares.pheniks.net
mail from:[email protected]
451 4.7.1 Service unavailable - try again later

This is now the output of ls -l /var/run/spamass.sock:

Code:

srwxrwxr-x 1 root postfix    0 Mar  6 18:43 spamass.sock

From /var/log/maillog:

Code:

Mar  6 18:47:39 ares postfix/smtpd[31808]: warning: connect to Milter service unix:/var/run/spamass.sock: Permission denied
Mar  6 18:47:39 ares postfix/smtpd[31808]: NOQUEUE: milter-reject: CONNECT from tx-67-76-233-45.sta.embarqhsd.net[67.76.233.45]: 451 4.7.1 Service unavailable - try again later; proto=SMTP
Mar  6 18:47:42 ares postfix/smtpd[31808]: NOQUEUE: milter-reject: HELO from tx-67-76-233-45.sta.embarqhsd.net[67.76.233.45]: 451 4.7.1 Service unavailable - try again later; proto=SMTP
Mar  6 18:48:01 ares postfix/smtpd[31808]: NOQUEUE: milter-reject: MAIL from tx-67-76-233-45.sta.embarqhsd.net[67.76.233.45]: 451 4.7.1 Service unavailable - try again later; proto=SMTP helo=<me>
Mar  6 18:48:42 ares postfix/smtpd[31808]: disconnect from tx-67-76-233-45.sta.embarqhsd.net[67.76.233.45]

 

Are you sure you loaded the selinux policy ?

 

Errr... I'm pretty sure that I disabled SELinux. But, I think I wound up having to do it manually through a config file and then turn off the service.

 

Selinux does not run as a service its loaded at boot time by the kernel
what is the output of

Code:

sestatus

 

Output of sestatus:

Code:

SELinux status:                 enabled
SELinuxfs mount:                /selinux
Current mode:                   enforcing
Mode from config file:          disabled
Policy version:                 21
Policy from config file:        targeted

I must note here that you are quite thorough and I appreciate all the help.

Thank you!

 

Please reboot your system and run

Code:

sestatus

again.

 

output of sestatus:

Code:

SELinux status:                 disabled

I am now sending mail via telnet.

I am noticing several messages indicating that I am not connecting to spamd in maillog.

Code:

Mar  7 13:05:02 ares spamc[2537]: connect to spamd on 127.0.0.1 failed, retrying (#1 of 3): Connection refused
Mar  7 13:05:03 ares spamc[2537]: connect to spamd on 127.0.0.1 failed, retrying (#2 of 3): Connection refused
Mar  7 13:05:04 ares spamc[2537]: connect to spamd on 127.0.0.1 failed, retrying (#3 of 3): Connection refused
Mar  7 13:05:05 ares spamc[2537]: connection attempt to spamd aborted after 3 retries
Mar  7 13:05:05 ares spamass-milter[2124]: Could not extract score from <>

Output of ls -l /var/run/spamass.sock

Code:

srwxrwxr-x 1 root postfix 0 Mar  7 13:00 /var/run/spamass.sock

 

This is because you did not start spamassassin. you need to start spamassassin

Code:

service spamassassin start

 

Hello guys,

First I will like to give a big thanks to TopDog for this how-to!
It came just in time, the last 2 months I tested Virtualmin and now, 2 weeks before this server is going to move into the datacenter I decided to reinstall and just before I started the installation I noticed this great how-to

Right now I am running into a few problems after following the how-to.
Logging into the mailserver (IMAP/POP3) works perfect, but connecting to SMTP/PORT 25 doesn't work.
Not from LAN and also not from the server self.

Here is the output of a Telnet session to port25:

Code:

[root@vm ~]# telnet 127.0.0.1 25
Trying 127.0.0.1...
Connected to vm.example.nl (127.0.0.1).
Escape character is '^]'.
Connection closed by foreign host.

[root@vm ~]# telnet 127.0.0.1 143
Trying 127.0.0.1...
Connected to vm.example.nl (127.0.0.1).
Escape character is '^]'.
* OK Dovecot ready.
Connection closed by foreign host.

[root@vm ~]# telnet 127.0.0.1 10143
Trying 127.0.0.1...
Connected to vm.example.nl (127.0.0.1).
Escape character is '^]'.
* OK Dovecot ready.
Connection closed by foreign host.
[root@vm ~]#

As you can see, connecting to port 25 is NOT working, connecting to 10143 does work (only from the server self, NOT from LAN).


This is the output of sestatus:

Code:

[root@vm ~]# sestatus
SELinux status:                 disabled
[root@vm ~]#

This is the output of iptables:

Code:

[root@vm ~]# /etc/init.d/iptables status
Table: filter
Chain INPUT (policy DROP)
num  target     prot opt source               destination
1    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
2    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp flags:0x10/0x10
3    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           state ESTABLISHED
4    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           state RELATED
5    ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0           udp spt:53 dpts:1024:65535
6    ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0           icmp type 0
7    ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0           icmp type 3
8    ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0           icmp type 4
9    ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0           icmp type 11
10   ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0           icmp type 12
11   ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:22
12   ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:113
13   ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0           icmp type 8
14   ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:80
15   ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:443
16   ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:25
17   ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpts:20:21
18   ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:110
19   ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:143
20   ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpts:10000:10010
21   ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:20000

All services load correctly during startup, but even with the iptables service turned off it doesn't work.


The output of /var/log/maillog (testing on my internal LAN)

Code:

Mar 25 20:13:42 vm dovecot: pop3-login: Disconnected: user=<test.isp100.nl>, method=PLAIN, rip=192.168.1.3, lip=192.168.1.254
Mar 25 20:13:49 vm dovecot: pop3-login: Login: user=<test.isp100>, method=PLAIN, rip=192.168.1.3, lip=192.168.1.254
Mar 25 20:13:49 vm dovecot: POP3(test.isp100): Disconnected: Logged out top=0/0, retr=0/0, del=0/0, size=0
Mar 25 20:14:14 vm in.imapproxyd[3394]: IMAP_Line_Read(): connection closed prematurely.

The output of /var/log/secure

Code:

Mar 25 20:13:40 vm dovecot-auth: pam_unix(dovecot:auth): check pass; user unknown
Mar 25 20:13:40 vm dovecot-auth: pam_unix(dovecot:auth): authentication failure; logname= uid=0 euid=0 tty=dovecot ruser= rhost=192.168.1.3
Mar 25 20:13:40 vm dovecot-auth: pam_succeed_if(dovecot:auth): error retrieving information about user test.isp100.nl

Does someone maybe know what can be the problem in my installation?


Regards,

Molski

 

Hi

It is always better to start a new thread as you problem is not related to this one.

What is the output of

Code:

netstat -ntlp

Please supply the postfix logs not the dovecot ones

Code:

grep postfix /var/log/maillog

 

Hi TopDog,

Yesterday evening I started a new installation, I wanted to set it up again step-by-step.

When I encounter any problems I will create a new topic!


Thanks,

Molski