Mail server down because clamav not updated

Discussion in 'Server Operation' started by smathaven, Apr 24, 2009.

  1. smathaven

    smathaven New Member

    I have installed ISPCONFIG last year, everything has been working properly until one day I got a message that Clamav is OUT of date. Since then my machine slowed down and all the mails were rejected.
    I uninstall clamav and installed the latest version and everything went fine again.

    The same problem happened today but this time I keep getting this message
    delayed SMTP module(domain xx.com) reports:
    mail.xxx.com: connection refused

    Can anybody help?
     
    smathaven, Apr 24, 2009
    #1
  2. lyndros

    lyndros New Member

    Could u give us more information ? :)

    main.cf , post some entries from the log...
     
    lyndros, Apr 25, 2009
    #2
  3. smathaven

    smathaven New Member

    from the mail.err log, the following was displayed:
    Apr 23 16:42:08 mirror courierpop3login: authentication error: Input/output error
    Apr 23 17:06:30 mirror postfix/bounce[19173]: fatal: lock file bounce E7F7D379B9C: Resource temporarily unavailable

    From the mail.info
    Apr 23 17:06:30 mirror postfix/bounce[19173]: fatal: lock file bounce E7F7D379B9C: Resource temporarily unavailable
    Apr 23 17:07:12 mirror postfix/bounce[19145]: fatal: lock file bounce 452D9379BA5: Resource temporarily unavailable

    from clamav:
    ERROR: getpatch: Can't download daily-9243.cdiff from db.local.clamav.net
    Ignoring mirror 130.59.10.36 (too often connections with outdated version)
    Ignoring mirror 193.1.193.64 (too often connections with outdated version)
    ERROR: getpatch: Can't download daily-9243.cdiff from db.local.clamav.net
    WARNING: Incremental update failed, trying to download daily.cvd

    When I rebooted the server it freezed after load ISPCONFIG. What do I do to make it go beyond this?
     
    smathaven, Apr 27, 2009
    #3
  4. smathaven

    smathaven New Member

    I also ran a netstat -tap got this as answer
    tcp6 ....:pop3 ..... TIME_WAIT

    When I run telnet localhost 25, it works then when I do ehlo localhost, I get timeout exceeded.

    The server has become very slow to work with. It takes about 1 minute to display only one letter that I typed.

    Can anybody please help?
     
    smathaven, Apr 27, 2009
    #4
  5. smathaven

    smathaven New Member

    when doing netstat -tap

    I also see sth like

    smtp cenmail2.ceridia 56746 ... listen

    there are other ip addresses that I do not know. How do I delete them and block them from using my smtp to spoof my mail server?
     
    smathaven, Apr 27, 2009
    #5
  6. falko

    falko Super Moderator Howtoforge Staff

    I'd reboot the server and then use rkhunter and/or chkrootkit to check if there's malware installed on the system.
     
    falko, Apr 28, 2009
    #6

Share This Page