Postifx with Virtual Users / MySQL / ClamAV etc - Monitoring

Discussion in 'HOWTO-Related Questions' started by thesquib, May 16, 2006.

  1. thesquib

    thesquib New Member

    This tutorial was great... i have configured a mail server to the dot, and it works as expected. But i have a few questions

    *I tested sending a zip file with a virus in it, and the email was deleted with no confirmation or any email sent to the recipient explaining what had happened.
    Will this be ClamAV? I wasn't sure what logs to check, i couldn't find anything related to the deletion of the email... It would be ideal if this sent a notification message of some sort.


    *Is there some way to monitor spamassassin/clamav - statistics to break down who is getting spam, etc... I guess there needs to be some way to track messages or something.
     
  2. thesquib

    thesquib New Member

    Another thing i've noticed is, there is a fair delay between sending and actually receiving the message even when I send from another mail server within our local network. It seems to be able to deliver up to 8 per minute. Is this because the antivirus / spamassassin scanning?

    Now 6-8 emails a minute is fairly slow. I just sent 50 to our other server (much older, but running Windows with Symantec Mail security) and that processed all 40 and moved them into my mailbox for delivery in under a minute.

    Is this normal for the security this setup has? Or is there something wrong here
     
  3. falko

    falko Super Moderator Howtoforge Staff

    Check the mail log. MAybe you can configure the notofications in amavisd. Have a look at /etc/amavisd.conf.


    Check out mailgraph and pflogsumm:
    http://people.ee.ethz.ch/~dws/software/mailgraph/
    http://jimsun.linxnet.com/postfix_contrib.html

    Depends on your hardware. The slowest part is amavisd which is written in Perl.
     
  4. thesquib

    thesquib New Member

    Its not the most amazing hardware: Compaq Proliant ML530 (two 1GHz Pentium III Xeon processors), 640mb of ram(this will be increased, probably needs to be), RAID 5 across 5 hard drives. I would have thought this would be enough. The graphs munin has put out show that the cpu load hasn't gone above about 3%. It looks like memory is fairly well used however...
     
  5. thesquib

    thesquib New Member

    Came back in the morning and found these in the mail.log:

    May 17 09:04:42 localhost amavis[6933]: (06933-02) lookup_sql: 2006, MySQL server has gone away
    May 17 09:04:42 localhost amavis[6933]: (06933-02) NOTICE: Disconnected from SQL server
    May 17 09:04:42 localhost amavis[6933]: (06933-02) TROUBLE in check_mail: creating_partsdir FAILED: DBD::mysql::st execute failed: MySQL server has gone away$
    May 17 09:04:42 localhost amavis[6933]: (06933-02) PRESERVING EVIDENCE in /var/lib/amavis/amavis-20060516T163311-0693
     
    Last edited: May 17, 2006
  6. thesquib

    thesquib New Member

    I removed the two lines from the postfix config file main.cf that ties in amavis etc:

    content_filter = amavis:[127.0.0.1]:10024
    receive_override_options = no_address_mappings

    And the speed increased 10 fold, so amavis-new is obviously causing the slow down.
     
  7. thesquib

    thesquib New Member

    hmmm..... now all mail just sits in the queue with this. I have not been able to sort out what it is so far. I installed a few perl modules and things that were required by that monitoring software Falko linked. Anyone know what this means?


    2EF605141EF 9603 Wed May 17 13:08:28 sender@domain
    (host 127.0.0.1[127.0.0.1] said: 451 4.5.0 Error in processing, id=04900-01, decoding2-get-file-types FAILED: 'file' utility (/usr/bin/file) failed, status=1 (256 ) at /usr/sbin/amavisd-new line 3853. (in reply to end of DATA command))
    recipient@domain


    in the mail.log is:
    May 17 13:42:41 localhost amavis[2435]: (02430-01) run_command: child process [2435] failed to exec /usr/bin/file /var/lib/amavis/amavis-20060517T134241-0243$
    May 17 13:42:41 localhost amavis[2430]: (02430-01) TROUBLE in check_mail: decoding2-get-file-types FAILED: 'file' utility (/usr/bin/file) failed, status=1 (2$
    May 17 13:42:41 localhost amavis[2430]: (02430-01) PRESERVING EVIDENCE in /var/lib/amavis/amavis-20060517T134241-02430


    So I ran this in the command line:
    /var/lib/amavis/amavis-20060517T134241-02430/email.txt
    and got this response:
    /var/lib/amavis/amavis-20060517T134241-02430/email.txt: RFC 822 mail text
    It would seem this does work
     
    Last edited: May 17, 2006
  8. thesquib

    thesquib New Member

    The error I Outlined in my previous two posts is fixed.. but the speed issue is still at odds with me.

    To fix the error I described -
    I installed CPAN, and then installed Net::Server using CPAN. This installed a newer version of Net::Server than the Debian version (0.93 instead of 0.90).
    The version can be checked with:
    perl -MNet::Server -e 'print "$Net::Server::VERSION\n";'

    and the old version resintalled with:
    cd /usr/local/src
    wget http://search.cpan.org/CPAN/authors/id/R/RH/RHANDOM/Net-Server-0.90.tar.gz
    tar xzvf Net-Server-0.90.tar.gz
    cd Net-Server-0.90
    perl Makefile.PL
    make && make test && make install
     
  9. thesquib

    thesquib New Member

    I have narrowed the incredible slowness down to the anti-spam.
    When I uncomment this:
    #@bypass_spam_checks_acl = qw( . ); # uncomment to DISABLE anti-spam code

    from the amavis.conf if I fire 200 emails at the server is sends them out within minutes... if that is enabled it could take 20 -30 minutes. The interesting thing is the load just doesn't seem to be that bad on the server. Watching top whilst this is happening, I don't see memory load going above half the available. CPU usage tipped out at about 10%.
     
  10. falko

    falko Super Moderator Howtoforge Staff

    SpamAssassin is also written in Perl, therefore it's not very fast...
     

Share This Page