Again thank you for the help in my previous post. I have the server running now but I am seeing a lot of these "Report: Denial of Service attack in message!" I believe it is the slow processing that is holding it up. I am getting more ram for the server but do you have any other suggestions? Changing the clamav installation or something? Cheers
Hey, Please give me a brief description of your setup eg. ram/hdd partition/size. Also, please post a sample of your mail.log
Thank you for the quick response. It a 3ghz xeon with 1gig of ram. And old dell 850. I may have to beef it up. Though it should be up for the task i think something else is the issue. I get no spam scores and it's waiting on something. When i run the lint test i only see this. Dec 14 11:27:35.088 [29737] warn: config: failed to parse line, skipping, in "/etc/spamassassin/70_sare_html_x30.cf": <META HTTP-EQUIV="Pragma" CONTENT="no-cache"> Dec 14 11:27:35.088 [29737] warn: config: failed to parse line, skipping, in "/etc/spamassassin/70_sare_html_x30.cf": <META HTTP-EQUIV="Expires" CONTENT="-1"> Dec 14 11:27:35.088 [29737] warn: config: failed to parse line, skipping, in "/etc/spamassassin/70_sare_html_x30.cf": <TITLE></TITLE> Dec 14 11:27:35.088 [29737] warn: config: failed to parse line, skipping, in "/etc/spamassassin/70_sare_html_x30.cf": </HEAD> Dec 14 11:27:35.088 [29737] warn: config: failed to parse line, skipping, in "/etc/spamassassin/70_sare_html_x30.cf": <BODY><P></BODY> Dec 14 11:27:35.088 [29737] warn: config: failed to parse line, skipping, in "/etc/spamassassin/70_sare_html_x30.cf": </HTML> Dec 14 11:27:35.089 [29737] warn: config: failed to parse line, skipping, in "/etc/spamassassin/70_sare_oem.cf": <!DOCTYPE html PUBLIC "-
Dec 13 13:48:32 belatrix postfix/cleanup[3341]: 1FD1744037E: message-id=<[email protected]> Dec 13 13:48:36 belatrix postfix/smtpd[3212]: disconnect from localhost[127.0.0.1] Dec 13 13:48:40 belatrix MailScanner[2081]: New Batch: Found 2 messages waiting Dec 13 13:48:40 belatrix MailScanner[2081]: New Batch: Scanning 1 messages, 1031 bytes Dec 13 13:48:52 belatrix MailScanner[2080]: SpamAssassin timed out and was killed, failure 1 of 10 Dec 13 13:49:08 belatrix MailScanner[2081]: Virus and Content Scanning: Starting Dec 13 13:49:11 belatrix MailScanner[2081]: Clamd::ERROR:: UNKNOWN CLAMD RETURN ./lstat() failed: Permission denied. ERROR :: /var/spool/MailScanner/incoming/2081 Dec 13 13:49:48 belatrix MailScanner[2080]: Requeue: 90AE3440377.A6B88 to 618BD440384 Dec 13 13:49:48 belatrix MailScanner[2080]: Uninfected: Delivered 1 messages Dec 13 13:49:48 belatrix postfix/qmgr[2220]: 618BD440384: from=<[email protected]>, size=389, nrcpt=1 (queue active) Dec 13 13:49:49 belatrix MailScanner[2080]: Deleted 1 messages from processing-database Dec 13 13:49:51 belatrix MailScanner[2080]: Logging message 90AE3440377.A6B88 to Baruwa SQL Dec 13 13:49:52 belatrix postfix/pipe[3380]: 618BD440384: to=<[email protected]>, relay=dfilt, delay=267, delays=263/2.7/0/1.6, dsn=2.0.0, status=sent (delivered via dfilt service) Dec 13 13:49:52 belatrix postfix/qmgr[2220]: 618BD440384: removed >: Recipient address rejected: Greylisted by greyfix 0.3.9, try again in 60 seconds. See http://www.kim-minh.com/pub/greyfix/ for more information.; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<cognos.symbio-group.com> Dec 13 23:37:16 belatrix postfix/smtpd[18769]: disconnect from unknown[210.73.43.86] Dec 13 23:38:25 belatrix postfix/smtpd[18777]: connect from fs4.int.mycompany.on.ca[10.9.1.6] Dec 13 23:38:25 belatrix postfix/smtpd[18777]: A83C7440393: client=fs4.int.mycompany.on.ca[10.9.1.6] Dec 13 23:38:25 belatrix postfix/cleanup[18778]: A83C7440393: hold: header Received: from remote.int.mycompany.on.ca (fs4.int.mycompany.on.ca [10.9.1.6])??by belatrix.mycompany.on.ca (Postfix) with ESMTPS id A83C7440393??for <[email protected]>; Mon, 13 Dec 2010 23:38:25 -0500 (EST) from fs4.int.mycompany.on.ca[10.9.1.6]; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<remote.int.mycompany.on.ca> Dec 13 23:38:25 belatrix postfix/cleanup[18778]: A83C7440393: message-id=<9F7CFA807DCE324890E0BFAA32EC25E50EFC9E1E8A@FS4.int.mycompany.on.ca> Dec 13 23:38:25 belatrix postfix/smtpd[18777]: disconnect from fs4.int.mycompany.on.ca[10.9.1.6] Dec 13 23:38:30 belatrix postfix/smtpd[18769]: connect from unknown[210.73.43.86] Dec 13 23:38:33 belatrix postfix/policy-spf[18775]: : SPF none (No applicable sender policy available): Envelope-from: [email protected] Dec 13 23:38:33 belatrix postfix/policy-spf[18775]: handler sender_policy_framework: is decisive. Dec 13 23:38:33 belatrix postfix/policy-spf[18775]: : Policy action=PREPEND Received-SPF: none (yahoo.com: No applicable sender policy available) receiver=belatrix.mycompany.on.ca; identity=mailfrom; envelope-from="[email protected]"; helo=cognos.symbio-group.com; client-ip=210.73.43.86 Dec 13 23:38:33 belatrix postfix/smtpd[18769]: NOQUEUE: reject: RCPT from unknown[210.73.43.86]: 450 4.7.1 <[email protected]>: Recipient address rejected: Greylisted by greyfix 0.3.9, try again in 60 seconds. See http://www.kim-minh.com/pub/greyfix/ for more information.; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<cognos.symbio-group.com> Dec 13 23:38:39 belatrix postfix/smtpd[18769]: disconnect from unknown[210.73.43.86] Dec 13 23:38:43 belatrix MailScanner[11235]: New Batch: Scanning 1 messages, 1885 bytes Dec 13 23:39:01 belatrix MailScanner[11235]: Virus and Content Scanning: Starting Dec 13 23:39:10 belatrix postfix/smtpd[18777]: connect from snt0-omc4-s13.snt0.hotmail.com[65.55.90.216] Dec 13 23:39:18 belatrix postfix/policy-spf[18794]: : SPF pass (Mechanism 'include:spf-a.hotmail.com' matched): Envelope-from: [email protected]
with regards to the clam error. I had amavis installed and the proc was running as that user not clamav. I removed amavis and set clamav conf to the proper user and the error has gone. so i think it's working though i get a freshclam error. a few bugs no worries i have the time to sort them out. I like the implementation and baruwa very much so i am willing to sort them out. I used to be a qmailrocks fan for years but it wasn't updated for a long time. Now i'm running exchange servers so this is just perfect and gives me piece of mind that linux is in front
Hey, Yes, it's great to have some flavor of linux in the mix, preferably infront of MS..lol So are the issue gone? It looks like the user setting for clamd was causing the errors and delays. Since you changed it to the correct setting, have you have any problems or are mails being delivered normally? Yes, Baruwa is something to talk about. It'll get better with time and I'm looking forward to it. Rocky
Things are looking pretty good. Spam is being scored and it's delivering mail. I am using it as the inbound/outbound server in front of my exchange server. The cpu usage is nil now and running very well. I have those errors during the lint not sure what that's about. Is there is list of things to check or a verify script to ensure all my settings are correct. I think my clamav setup is dicey.
Check your logs nginx, uwsgi and mail.log. If everything looks legit there, then you're good to go. For Clamd, you should just remove and purge it and reinstall it using the guide. This is by far the best setup I've come up with. Everything is running really smooth and fast. You can start by backing up baruwa's db, mailscanner.conf, baruwa.conf and baruwa.ini. If the system crashes, you'll be able to import those files back into a build for a quick restore. Otherwise, if you're running a vm, you can just export the whole vm as a backup. Therefore, you'll be able to restore it in working order, with all the settings already applied. Rocky
