....
 

Guardian Digital Inc. > InfoCenter > Mailing List Archives > Amavis

Amavis Mailing List Archive

From: David Williams (dwilliam@jw.org)
Date: Wed Dec 29 2004 - 10:28:24 EST


Mark,

We are doing some funny stuff with our mail. We have Amavis send banned attachments to a quarantine area for 15 hours, then (using Maia), we send it back through on port 10026 (using a policy bank "INSIDE") Here are the logs for when the message first comes in:

Dec 23 11:25:29 USSRV072 postfix/qmgr[12674]: 06212280008B: from=<pwillies@domain.com>, size=35993, nrcpt=5 (queue active)
Dec 23 11:25:29 USSRV072 postfix/smtpd[32279]: disconnect from unknown[172.18.0.101]
Dec 23 11:25:29 USSRV072 amavis[32726]: (32726-09) ESMTP::10024 /var/lib/amavis/amavis-20041223T112003-32726: <pwillies@domain.com> -> <apederse@dom.com>,<emann@dom.com>,<imarais@dom.com>,<nahladis@dom.com>,<pchriste@jw.org> Received: SIZE=35993 fromUSSRV072 ([127.0.0.1]) by localhost (USSRV072.usa.wtbts.net [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 32726-09;Thu, 23 Dec 2004 11:25:29 +0000 (UTC)
Dec 23 11:25:29 USSRV072 amavis[32726]: (32726-09) Checking: [172.18.0.115] <pwillies@domain.com> -> <apederse@dom.com>,<emann@dom.com>,<imarais@dom.com>,<nahladis@dom.com>,<pchriste@dom.com>
Dec 23 11:25:29 USSRV072 postfix/smtpd[32279]: connect from bmon1.usa.wtbts.net[10.1.131.91]
Dec 23 11:25:29 USSRV072 postfix/smtpd[32279]: disconnect from bmon1.usa.wtbts.net[10.1.131.91]
Dec 23 11:25:29 USSRV072 amavis[32726]: (32726-09) p.path BANNED:1: "P=p004,L=1,M=multipart/mixed | P=p003,L=1/2,M=application/x-zip-compressed,T=zip,N=10 Ways to Optimize.zip | P=p006,L=1/2/1,T=asc,N=10 Ways to Optimize.mht | P=p007,L=1/2/1/1,T=html,N=0001.txt", matching_key="(?mix-s:^ (.*\t)? N=.*\\.* (\t.*)? $)"
Dec 23 11:25:30 USSRV072 amavis[32726]: (32726-09) SEND via SMTP: [127.0.0.1]:10025 <> -> <isvirusalert@dom.com>
Dec 23 11:25:30 USSRV072 postfix/smtpd[32590]: connect from USSRV072[127.0.0.1]
Dec 23 11:25:30 USSRV072 postfix/smtpd[32590]: 8BA492800561: client=USSRV072[127.0.0.1]
Dec 23 11:25:30 USSRV072 postfix/cleanup[32584]: 8BA492800561: message-id=<VA32726-09@USSRV072.dom.com>
Dec 23 11:25:30 USSRV072 postfix/qmgr[12674]: 8BA492800561: from=<>, size=3321, nrcpt=1 (queue active)
Dec 23 11:25:30 USSRV072 postfix/smtpd[32590]: disconnect from USSRV072[127.0.0.1]
Dec 23 11:25:30 USSRV072 amavis[32726]: (32726-09) SEND via SMTP: [127.0.0.1]:10025 <> -> <apederse@dom.com>, <emann@dom.com>, <imarais@dom.com>, <nahladis@dom.com>, <pchriste@dom.com>
Dec 23 11:25:30 USSRV072 postfix/smtpd[32590]: connect from USSRV072[127.0.0.1]
Dec 23 11:25:31 USSRV072 amavis[32726]: (32726-09) BANNED name/type (10 Ways to Optimize.zip ), <pwillies@domain.com> -> <apederse@dom.com>,<emann@dom.com>,<imarais@dom.com>,<nahladis@dom.com>,<pchriste@dom.com>, quarantine banned-20041223-112529-32726-09, Message-ID: <0864B67EE6446B4798584B298DDAA00102CC2B80@zaexch02.zaf.wtbts.net>, Hits: -

And here are the logs 15 hours later, when Maia tries to re-inject it:

Dec 24 02:30:02 USSRV072 amavis[18293]: (18293-05) loading policy bank "INSIDE": unknown field ""
Dec 24 02:30:02 USSRV072 amavis[18293]: (18293-05) loaded policy bank "INSIDE"
Dec 24 02:30:02 USSRV072 amavis[18293]: (18293-06) SMTP::10026 /var/lib/amavis/amavis-20041224T022633-18293: <> -> <apederse@dom.com>,<emann@dom.com>,<imarais@dom.com>,<nahladis@dom.com>,<pchriste@dom.com> Received: from USSRV072.dom.com ([127.0.0.1]) by localhost (USSRV072.dom.com [127.0.0.1]) (amavisd-new, port 10026) with SMTP id 18293-06; Fri, 24 Dec 200402:30:02 +0000 (UTC)
Dec 24 02:30:02 USSRV072 amavis[18293]: (18293-06) SMTP TROUBLE: 451 4.5.0 Error writing a SMTP response to the socket: Broken pipe at (eval 36) line 769, <GEN43> line 8.
Dec 24 02:30:02 USSRV072 amavis[18293]: (18293-06) TROUBLE in process_request: Error writing a SMTP response to the socket: Broken pipe at (eval 36) line 769, <GEN43> line 8.
Dec 24 02:30:02 USSRV072 amavis[18293]: (18293-06) Requesting process rundown after fatal error
Dec 24 02:30:02 USSRV072 amavis[18293]: (18293-06) load: 6 %, total idle 196.879 s, busy 12.177 s
Dec 24 02:30:02 USSRV072 amavis[18293]: (18293-06) SMTP shutdown: empty tempdir is being removed: /var/lib/amavis/amavis-20041224T022633-18293, nothing to preserve

And that's it. According to the user, they never got the message. The only way we knew about this was that a few users have come to us a day or two later and said they never got the mail. My hunch is that it is a problem reading the mail in Maia's MySQL table, but I change hunches regularly. I've also posted on Maia's website to see if anybody there has the same issue. Thanks again!

David
dwilliam@jw.org

On Wed, 29 Dec 2004 13:49:11 +0100
Mark Martinec <Mark.Martinec+amavis@ijs.si> wrote:

> David,
>
> > I am having trouble with our mail gateway server. It is a Debian box
> > running Postfix (2.1.4-5) and Amavis+Maia (2.2.0 version date 20041102).
> > We are also running mysql 4.0.21-6 and Spamassassin 3.0.1.
> >
> > Normally the server runs fine. But occasionally it will kill quarantined
> > mail after it has been "blessed" and allowed into the network.... When we
> > see this error (about 2-3X a day), the mail is completely lost.
> >
> > Dec 26 12:55:01 SERVERNAME amavis[22778]: (22778-02) SMTP TROUBLE: 451
> > 4.5.0 Error writing a SMTP response to the socket: Broken pipe at (eval 36)
> > line 769,
>
> What are the corresponding log entries from the Postfix log?
>
> It is quite unconceivable that mail would be lost - more likely it would
> be delivered twice. It looks like Postfix smtp went away (timed out, crashed)
> and amavisd-new could not feed back its final SMTP response. The normal
> MTA behaviour is to keep mail in the queue if it did not receive the 2xx
> response.
>
> Mark
>
>
> -------------------------------------------------------
> SF email is sponsored by - The IT Product Guide
> Read honest & candid reviews on hundreds of IT Products from real users.
> Discover which products truly live up to the hype. Start reading now.
> http://productguide.itmanagersjournal.com/
> _______________________________________________
> AMaViS-user mailing list
> AMaViS-user@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/amavis-user
> AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
> AMaViS-HowTos:http://www.amavis.org/howto/

-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://productguide.itmanagersjournal.com/
_______________________________________________
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/



[ About Guardian Digital ] - [ Press Center ] - [ Contact Us ] - [ System Activation ] - [ Reseller Info ] - [ Online Store ] - [ Site Map ]
Copyright (c) 2000 - 2004 Guardian Digital, Inc. Linux Lockbox and EnGarde are Trademarks of Guardian Digital, Inc.