Is it possible that the system is eating up your swap? Do you have something like munin installed on it so that you can check?
So sorry for the delay I just managed to sit down and try the chmod now! I had to use chmod -R 777 /var/run/clamav before anything would work. However in mail.log I get this: Code: Aug 10 03:28:10 OptiplexGX270T amavis[1401]: (01401-02) Blocked TEMPFAIL, [205.188.139.136] [81.178.2.118] <[email protected]> -> <[email protected]>, Message-ID: <[email protected]>, mail_id: yYNk9TENqaUc, Hits: 0.552, 2424 ms Aug 10 03:28:10 OptiplexGX270T amavis[1401]: (01401-02) TIMING [total 2427 ms] - SMTP EHLO: 2 (0%)0, SMTP pre-MAIL: 1 (0%)0, SMTP pre-DATA-flush: 2 (0%)0, SMTP DATA: 37 (2%)2, body_digest: 1 (0%)2, gen_mail_id: 0 (0%)2, mime_decode: 12 (0%)2, get-file-type2: 74 (3%)5, decompose_part: 0 (0%)5, decompose_part: 0 (0%)5, parts_decode: 0 (0%)5, AV-scan-1: 23 (1%)6, AV-scan-2: 0 (0%)6, spam-wb-list: 2 (0%)6, SA msg read: 1 (0%)6, SA parse: 2 (0%)6, SA check: 2232 (92%)98, SA finish: 3 (0%)99, update_cache: 2 (0%)99, decide_mail_destiny: 1 (0%)99, fwd-rundown: 23 (1%)100, prepare-dsn: 1 (0%)100, main_log_entry: 7 (0%)100, update_snmp: 1 (0%)100, unlink-2-files: 1 (0%)100, rundown: 0 (0%)100 Aug 10 03:28:10 OptiplexGX270T postfix/smtp[7875]: 380945AA8E: to=<[email protected]>, relay=127.0.0.1[127.0.0.1]:10024, delay=4848, delays=4846/0.01/0/2.4, dsn=4.4.1, status=deferred (host 127.0.0.1[127.0.0.1] said: 450 4.4.1 Can't connect to 127.0.0.1 port 10025, () at (eval 42) line 145, <GEN22> line 145., MTA([127.0.0.1]:10025), id=01401-02 (in reply to end of DATA command)) Which happens with outbound mail too. I am using Munin, however I don't believe that it should effect the mail right? I have 1GB of RAM with 1.5GB swap
Requested info I'm still getting lockups. I'm to the point I'd just like to turn off amavis and clamav and have postfix deliver mail without checking it. Right now when those are manually stopped, postfix's queue just builds. How could I fix that? Here's the info you requested: netstat -tap Code: tempe:/var/run/clamav# netstat -tap Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 *:nfs *:* LISTEN - tcp 0 0 *:swat *:* LISTEN 4271/inetd tcp 0 0 localhost.localdo:10024 *:* LISTEN 3916/amavisd (maste tcp 0 0 localhost.localdo:10025 *:* LISTEN 4338/master tcp 0 0 localhost.localdo:mysql *:* LISTEN 4159/mysqld tcp 0 0 *:netbios-ssn *:* LISTEN 4350/smbd tcp 0 0 localhost.localdo:spamd *:* LISTEN 3920/spamd.pid tcp 0 0 *:sunrpc *:* LISTEN 3417/portmap tcp 0 0 *:624 *:* LISTEN 4261/rpc.mountd tcp 0 0 *:auth *:* LISTEN 4271/inetd tcp 0 0 *:58194 *:* LISTEN 4471/rpc.statd tcp 0 0 *:35154 *:* LISTEN - tcp 0 0 *:munin *:* LISTEN 4702/munin-node tcp 0 0 localhost.locald:domain *:* LISTEN 3869/named tcp 0 0 tempe.sharealike:domain *:* LISTEN 3869/named tcp 0 0 localhost.localdoma:823 *:* LISTEN 4463/famd tcp 0 0 *:smtp *:* LISTEN 4338/master tcp 0 0 localhost.localdoma:953 *:* LISTEN 3869/named tcp 0 0 *:2812 *:* LISTEN 4774/monit tcp 0 0 *:microsoft-ds *:* LISTEN 4350/smbd tcp 0 0 localhost.localdo:10024 localhost.localdo:54099 ESTABLISHED5901/amavisd (ch2-0 tcp 0 0 localhost.localdo:10024 localhost.localdo:54098 ESTABLISHED5900/amavisd (ch2-0 tcp 0 0 localhost.localdo:54098 localhost.localdo:10024 ESTABLISHED5016/smtp tcp 0 0 localhost.localdo:54099 localhost.localdo:10024 ESTABLISHED5918/smtp tcp6 0 0 *:imaps *:* LISTEN 4054/couriertcpd tcp6 0 0 *:pop3s *:* LISTEN 4078/couriertcpd tcp6 0 0 *:pop3 *:* LISTEN 4059/couriertcpd tcp6 0 0 *:imap2 *:* LISTEN 4042/couriertcpd tcp6 0 0 *:www *:* LISTEN 4627/apache2 tcp6 0 0 *:ssh *:* LISTEN 4381/sshd tcp6 0 0 ip6-localhost:953 *:* LISTEN 3869/named tcp6 0 0 *:https *:* LISTEN 4627/apache2 tcp6 0 1296 tempe.sharealike.or:ssh chino.sharealike.:42904 ESTABLISHED5922/0 master.cf Code: tempe:/var/run/clamav# cat /etc/postfix/master.cf # # Postfix master process configuration file. Each logical line # describes how a Postfix daemon program should be run. # # A logical line starts with non-whitespace, non-comment text. # Empty lines and whitespace-only lines are ignored, as are comment # lines whose first non-whitespace character is a `#'. # A line that starts with whitespace continues a logical line. # # The fields that make up each line are described below. A "-" field # value requests that a default value be used for that field. # # Service: any name that is valid for the specified transport type # (the next field). With INET transports, a service is specified as # host:port. The host part (and colon) may be omitted. Either host # or port may be given in symbolic form or in numeric form. Examples # for the SMTP server: localhost:smtp receives mail via the loopback # interface only; 10025 receives mail on port 10025. # # Transport type: "inet" for Internet sockets, "unix" for UNIX-domain # sockets, "fifo" for named pipes. # # Private: whether or not access is restricted to the mail system. # Default is private service. Internet (inet) sockets can't be private. # # Unprivileged: whether the service runs with root privileges or as # the owner of the Postfix system (the owner name is controlled by the # mail_owner configuration variable in the main.cf file). Only the # pipe, virtual and local delivery daemons require privileges. # # Chroot: whether or not the service runs chrooted to the mail queue # directory (pathname is controlled by the queue_directory configuration # variable in the main.cf file). Presently, all Postfix daemons can run # chrooted, except for the pipe, virtual and local delivery daemons. # The proxymap server can run chrooted, but doing so defeats most of # the purpose of having that service in the first place. # The files in the examples/chroot-setup subdirectory describe how # to set up a Postfix chroot environment for your type of machine. # # Wakeup time: automatically wake up the named service after the # specified number of seconds. A ? at the end of the wakeup time # field requests that wake up events be sent only to services that # are actually being used. Specify 0 for no wakeup. Presently, only # the pickup, queue manager and flush daemons need a wakeup timer. # # Max procs: the maximum number of processes that may execute this # service simultaneously. Default is to use a globally configurable # limit (the default_process_limit configuration parameter in main.cf). # Specify 0 for no process count limit. # # Command + args: the command to be executed. The command name is # relative to the Postfix program directory (pathname is controlled by # the daemon_directory configuration variable). Adding one or more # -v options turns on verbose logging for that service; adding a -D # option enables symbolic debugging (see the debugger_command variable # in the main.cf configuration file). See individual command man pages # for specific command-line options, if any. # # General main.cf options can be overridden for specific services. # To override one or more main.cf options, specify them as arguments # below, preceding each option by "-o". There must be no whitespace # in the option itself (separate multiple values for an option by # commas). # # In order to use the "uucp" message tranport below, set up entries # in the transport table. # # In order to use the "cyrus" message transport below, configure it # in main.cf as the mailbox_transport. # # SPECIFY ONLY PROGRAMS THAT ARE WRITTEN TO RUN AS POSTFIX DAEMONS. # ALL DAEMONS SPECIFIED HERE MUST SPEAK A POSTFIX-INTERNAL PROTOCOL. # # DO NOT SHARE THE POSTFIX QUEUE BETWEEN MULTIPLE POSTFIX INSTANCES. # # ========================================================================== # service type private unpriv chroot wakeup maxproc command + args # (yes) (yes) (yes) (never) (100) # ========================================================================== smtp inet n - n - - smtpd #submission inet n - - - - smtpd # -o smtpd_etrn_restrictions=reject #628 inet n - - - - qmqpd pickup fifo n - - 60 1 pickup cleanup unix n - - - 0 cleanup qmgr fifo n - - 300 1 qmgr #qmgr fifo n - - 300 1 oqmgr rewrite unix - - - - - trivial-rewrite bounce unix - - - - 0 bounce defer unix - - - - 0 bounce trace unix - - - - 0 bounce verify unix - - - - 1 verify flush unix n - - 1000? 0 flush proxymap unix - - n - - proxymap smtp unix - - - - - smtp relay unix - - - - - smtp # -o smtp_helo_timeout=5 -o smtp_connect_timeout=5 showq unix n - - - - showq error unix - - - - - error local unix - n n - - local virtual unix - n n - - virtual lmtp unix - - n - - lmtp anvil unix - - n - 1 anvil # # Interfaces to non-Postfix software. Be sure to examine the manual # pages of the non-Postfix software to find out what options it wants. # # maildrop. See the Postfix MAILDROP_README file for details. # maildrop unix - n n - - pipe flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient} uucp unix - n n - - pipe flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient) ifmail unix - n n - - pipe flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient) bsmtp unix - n n - - pipe flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -d -t$nexthop -f$sender $recipient scalemail-backend unix - n n - 2 pipe flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension} # only used by postfix-tls #tlsmgr fifo - - n 300 1 tlsmgr #smtps inet n - n - - smtpd -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes #587 inet n - n - - smtpd -o smtpd_enforce_tls=yes -o smtpd_sasl_auth_enable=yes # Added from howtoforge.com HOWTO amavis unix - - - - 2 smtp -o smtp_data_done_timeout=1200 -o smtp_send_xforward_command=yes 127.0.0.1:10025 inet n - - - - smtpd -o content_filter= -o local_recipient_maps= -o relay_recipient_maps= -o smtpd_restriction_classes= -o smtpd_client_restrictions= -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o mynetworks=127.0.0.0/8 -o strict_rfc821_envelopes=yes -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks -o smtpd_bind_address=127.0.0.1 tlsmgr unix - - - 1000? 1 tlsmgr scache unix - - - - 1 scache discard unix - - - - - discard
Can you comment out the last three lines in master.cf: Code: tlsmgr unix - - - 1000? 1 tlsmgr scache unix - - - - 1 scache discard unix - - - - - discard and restart Postfix?
Server still freezing up Hi, I commented out those three lines and still, if I run amavis/clamav then after a short time the server totally freezes so that it's not even responsive at the keyboard and only a hard reset restores it. (For example, this time when it locked up I also had an SSH session connected running top and it disconnected me saying "Read from remote host 192.168.1.38: Connection timed out Connection to 192.168.1.38 closed."). I also still get the following errors (though the tls ones are new): Code: Aug 19 08:31:15 localhost amavis[5232]: (05232-01) (!!) TROUBLE in check_mail: virus_scan FAILED: virus_scan: ALL VIRUS SCANNERS FAILED: ClamAV-clamd av-scanner FAILED: Too many retries to talk to /var/run/clamav/clamd.ctl (Can't connect to UNIX socket /var/run/clamav/clamd.ctl: No such file or directory) at (eval 44) line 268.; ClamAV-clamscan av-scanner FAILED: /usr/bin/clamscan timed out at (eval 44) line 462. Aug 19 08:31:15 localhost amavis[5232]: (05232-01) (!) PRESERVING EVIDENCE in /var/lib/amavis/tmp/amavis-20080819T082553-05232 Aug 19 08:33:23 localhost postfix/smtpd[6432]: warning: connect to private/tlsmgr: Connection refused Aug 19 08:33:23 localhost postfix/smtpd[6432]: warning: problem talking to server private/tlsmgr: Connection refused Aug 19 08:33:24 localhost postfix/smtpd[6432]: warning: connect to private/tlsmgr: Connection refused Aug 19 08:33:24 localhost postfix/smtpd[6432]: warning: problem talking to server private/tlsmgr: Connection refused Aug 19 08:33:24 localhost postfix/smtpd[6432]: warning: no entropy for TLS key generation: disabling TLS support I think there are two ways to describe the symptoms: 1) Even with chmod 777 it cannot write to /var/run/clamav which is puzzling; 2) In general terms it seems like clamd and clamscan periodically consume >100% system resources trying to scan queued email for viruses/spam and something in that process isn't working right and it eventually totally locks up. Any other ideas?
Regarding the TLS errors, you should uncomment the three lines again. But I have no idea regarding the socket error...
With my problem netstat -tap shows Code: # netstat -tap Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 *:55008 *:* LISTEN 3378/rpc.statd tcp 0 0 localhost:60000 *:* LISTEN 2773/postgrey.pid - tcp 0 0 localhost:2208 *:* LISTEN 2569/hpiod tcp 0 0 *:nfs *:* LISTEN - tcp 0 0 *:afpovertcp *:* LISTEN 3151/afpd tcp 0 0 *:swat *:* LISTEN 3206/inetd tcp 0 0 localhost:10024 *:* LISTEN 15704/amavisd (mast tcp 0 0 localhost:10025 *:* LISTEN 31109/master tcp 0 0 *:56681 *:* LISTEN - tcp 0 0 localhost:mysql *:* LISTEN 2657/mysqld tcp 0 0 *:netbios-ssn *:* LISTEN 3279/smbd tcp 0 0 localhost:spamd *:* LISTEN 2777/spamd.pid tcp 0 0 *:sunrpc *:* LISTEN 2220/portmap tcp 0 0 localhost:32912 *:* LISTEN 2572/python tcp 0 0 *:auth *:* LISTEN 3206/inetd tcp 0 0 *:munin *:* LISTEN 3534/munin-node tcp 0 0 OptiplexGX270T.o:domain *:* LISTEN 2511/named tcp 0 0 localhost:domain *:* LISTEN 2511/named tcp 0 0 localhost:ipp *:* LISTEN 3028/cupsd tcp 0 0 *:smtp *:* LISTEN 31109/master tcp 0 0 localhost:953 *:* LISTEN 2511/named tcp 0 0 localhost:4700 *:* LISTEN 3153/cnid_metad tcp 0 0 *:microsoft-ds *:* LISTEN 3279/smbd tcp 0 0 *:831 *:* LISTEN 3196/rpc.mountd tcp 0 0 OptiplexGX270T.opti:nfs mail.gx110.optiplex:792 ESTABLISHED- tcp 3216 0 OptiplexGX270T.op:38890 clamav.oucs.ox.ac.u:www CLOSE_WAIT 25978/freshclam tcp 0 0 OptiplexGX270T.op:58934 clamav.mirror.anlx.:www ESTABLISHED25978/freshclam tcp 0 0 OptiplexGX270T.op:59579 ftp.heanet.ie:www ESTABLISHED25978/freshclam tcp6 0 0 *:imaps *:* LISTEN 2988/couriertcpd tcp6 0 0 *:pop3s *:* LISTEN 3007/couriertcpd tcp6 0 0 *:pop3 *:* LISTEN 2993/couriertcpd tcp6 0 0 *:imap2 *:* LISTEN 2976/couriertcpd tcp6 0 0 *:www *:* LISTEN 31306/apache2 tcp6 0 0 *:domain *:* LISTEN 2511/named tcp6 0 0 *:ssh *:* LISTEN 12987/sshd tcp6 0 0 ip6-localhost:953 *:* LISTEN 2511/named tcp6 0 720 OptiplexGX270T.opti:ssh vaio:53039 ESTABLISHED11226/sshd: kayasam tcp6 0 0 OptiplexGX270T.op:imap2 vaio:36715 ESTABLISHED16514/imapd and in master.cf is: Code: # cat /etc/postfix/master.cf # # Postfix master process configuration file. For details on the format # of the file, see the master(5) manual page (command: "man 5 master"). # # ========================================================================== # service type private unpriv chroot wakeup maxproc command + args # (yes) (yes) (yes) (never) (100) # ========================================================================== smtp inet n - n - - smtpd #submission inet n - - - - smtpd # -o smtpd_enforce_tls=yes # -o smtpd_sasl_auth_enable=yes # -o smtpd_client_restrictions=permit_sasl_authenticated,reject #smtps inet n - - - - smtpd # -o smtpd_tls_wrappermode=yes # -o smtpd_sasl_auth_enable=yes # -o smtpd_client_restrictions=permit_sasl_authenticated,reject #628 inet n - - - - qmqpd pickup fifo n - - 60 1 pickup cleanup unix n - - - 0 cleanup qmgr fifo n - n 300 1 qmgr #qmgr fifo n - - 300 1 oqmgr tlsmgr unix - - - 1000? 1 tlsmgr rewrite unix - - - - - trivial-rewrite bounce unix - - - - 0 bounce defer unix - - - - 0 bounce trace unix - - - - 0 bounce verify unix - - - - 1 verify flush unix n - - 1000? 0 flush proxymap unix - - n - - proxymap smtp unix - - - - - smtp # When relaying mail as backup MX, disable fallback_relay to avoid MX loops relay unix - - - - - smtp -o fallback_relay= # -o smtp_helo_timeout=5 -o smtp_connect_timeout=5 showq unix n - - - - showq error unix - - - - - error discard unix - - - - - discard local unix - n n - - local virtual unix - n n - - virtual lmtp unix - - - - - lmtp anvil unix - - - - 1 anvil scache unix - - - - 1 scache # # ==================================================================== # Interfaces to non-Postfix software. Be sure to examine the manual # pages of the non-Postfix software to find out what options it wants. # # Many of the following services use the Postfix pipe(8) delivery # agent. See the pipe(8) man page for information about ${recipient} # and other message envelope options. # ==================================================================== # # maildrop. See the Postfix MAILDROP_README file for details. # Also specify in main.cf: maildrop_destination_recipient_limit=1 # maildrop unix - n n - - pipe flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient} # # See the Postfix UUCP_README file for configuration details. # uucp unix - n n - - pipe flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)# # Other external delivery methods. # ifmail unix - n n - - pipe flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient) bsmtp unix - n n - - pipe flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipientscalemail-backend unix - n n - 2 pipe flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension} mailman unix - n n - - pipe flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py ${nexthop} ${user} amavis unix - - - - 2 smtp -o smtp_data_done_timeout=1200 -o smtp_send_xforward_command=yes -o disable_dns_lookups=yes -o max_use=20 127.0.0.1:10025 inet n - - - - smtpd -o content_filter= -o local_recipient_maps= -o relay_recipient_maps= -o smtpd_restriction_classes= -o smtpd_delay_reject=no -o smtpd_client_restrictions=permit_mynetworks,reject -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o smtpd_data_restrictions=reject_unauth_pipelining -o smtpd_end_of_data_restrictions= -o mynetworks=192.168.1.0/24 -o smtpd_error_sleep_time=0 -o smtpd_soft_error_limit=1001 -o smtpd_hard_error_limit=1000 -o smtpd_client_connection_count_limit=0 -o smtpd_client_connection_rate_limit=0 -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks -o strict_rfc821_envelopes=yes -o smtpd_bind_address=127.0.0.1 so am not sure why it can't connect to port 10025???
