Qmail Most Common Errors
(Also see http://qmail-scanner.sourceforge.net/FAQ.php )
Most commonly, Setuid of specific files/programs
$ chmod u+s /var/qmail/bin/qmail-scanner-queue.pl
or
$ chmod u+s /usr/bin/suidperl
(FYI, If qmail jams-up occurs often and suidperl gets reset after every system update. Then the issue is which SuSEconfig, and can be avoided by updating the /etc/permissions.local file.)
/usr/bin/sperl5.8.5 root.root 4711 /usr/bin/suidperl root.root 4711
[edit]
Common Error Messages
(See below for specific error messages and solutions ... )
[edit]
451 qq temporary problem (#4.3.0)
CHECK: /var/log/mail
Feb 2 01:04:07 HOSTNAME X-Antivirus-HOSTNAME.DOMAIN.COM-1.22-st-qms: [] cannot create /var/spool/qmailscan/tmp - Permission denied
SOLUTION:
$ chmod u+s /var/qmail/bin/qmail-scanner-queue.pl $ chown qmailq:qmail /var/qmail/bin/qmail-scanner-queue.pl $ /etc/init.d/qmail doqueue
SOLUTION#2: (but med security risk, avoid if possible)
$ chmod a+wxr /var/spool/qmailscan/tmp/ $ /etc/init.d/qmail doqueue
-- OR --
CHECK: /var/log/mail
Feb 23 14:08:16 aker X-Antivirus-MYHOST.MYDOMAIN.COM-1.25-st-qms: [MYHOST114073249677517083]
cannot open /var/spool/qmailscan/qmail-scanner-queue-version.txt - did you initialise the
system by running "qmail-scanner-queue.pl -z"? - Permission denied
ISSUE:
Cannot read /var/spool/qmailscan/qmail-scanner-queue-version.txt file. Needs to be readable by qmail programs.
SOLUTION:
$ chmod u+s /var/spool/qmailscan/qmail-scanner-queue-version.txt $ chown qmailq:qmail /var/spool/qmailscan/qmail-scanner-queue-version.txt $ /etc/init.d/qmail doqueue
SOLUTION#2: (but low security risk, avoid if possible)
$ chmod a+r /var/spool/qmailscan/qmail-scanner-queue-version.txt $ /etc/init.d/qmail doqueue
[edit]
(Unable to access ClamAV database)
FILE:
/var/log/spamd/freshclam.log
ERROR LOG:
SOLUTION:
/etc/init.d/freshclam
RESULT:
Feb 2 04:36:16 HOSTNAME freshclam[6157]: Received signal: wake up Feb 2 04:36:16 HOSTNAME freshclam[6157]: ClamAV update process started at Thu Feb 2 04:36:16 2006 Feb 2 04:36:17 HOSTNAME freshclam[6157]: main.cvd is up to date (version: 35, sigs: 41649, f-level: 6, builder: tkojm) Feb 2 04:36:22 HOSTNAME freshclam[6157]: daily.cvd updated (version: 1269, sigs: 2308, f-level: 7, builder: diego) Feb 2 04:36:22 HOSTNAME freshclam[6157]: Database updated (43957 signatures) from db.us.clamav.net (IP: 206.154.203.13) Feb 2 04:36:22 HOSTNAME freshclam[6157]: Clamd successfully notified about the update. Feb 2 04:36:22 HOSTNAME freshclam[6157]: --------------------------------------
[edit]
250 ok Your SPAM has been ignored.
CHECK:
$ tail /var/log/qmail/qmail-*/current $ tail /var/spool/qmailscan/qms-events.log
POSSIBLE LOG MESSAGE:
1138764631:25585:ERROR:X-Antivirus-HOSTNAME.DOMAIN.COM-1.22-st-qms:cannot open /var/spool/qmailscan/qmail-scanner-queue-version.txt - did you initialise the system by running "qmail-scanner-queue.pl -z"? - Permission denied
SOLUTION #1:
Regenerate and verify various log files:
- /var/spool/qmailscan/qmail-queue.log
- /var/spool/qmailscan/qms-events.log
- /var/spool/qmailscan/qmail-scanner-queue-version.txt
# /var/qmail/bin/qmail-scanner-queue.pl -z
SOLUTION #2:
Regenerate database file:
- /var/spool/qmailscan/quarantine-attachments.db
# /var/qmail/bin/qmail-scanner-queue.pl -g
POSSIBLE LOG MESSAGE:
@4000000044445b40279a5bec tcpserver: status: 1/30 @4000000044445b40279a7744 tcpserver: pid 19813 from MYHOST.MYDOMAIN.COM @4000000044445b402aa0cdbc tcpserver: ok 19813 MYHOST.MYDOMAIN.COM:192.168.1.20:25 :192.168.1.21::7463 @4000000044445b421f069aa4 Can't do seteuid! @4000000044445b421f111e0c tcpserver: end 19813 status 0 @4000000044445b421f11357c tcpserver: status: 0/30
SOLUTION #1:
Update suidperl permissions
# chown root /usr/bin/suidperl # chmod 4711 /usr/bin/suidperl
BEFORE
-rwx--x--x 3 root root 1203220 Sep 9 22:08 /usr/bin/suidperl
AFTER
-rws--x--x 3 root root 1203220 Sep 9 22:08 /usr/bin/suidperl
FYI, If qmail jams-up occurs often and suidperl gets reset after every system update. Then the issue is which SuSEconfig, and can be avoided by updating the file:
/etc/permissions.local
/usr/bin/sperl5.8.5 root.root 4711 /usr/bin/suidperl root.root 4711
SOLUTION #2:
Update softlimit to 50M (50000000).
[edit]
(Email is not being sent out from qmail)
(or other sites are replying 'too many connections')
DESC:
Qmail is receiving email messages ok, but not being sent off-site correctly.
SOLUTION:
- Check /var/qmail/control/smtproutes for correct path going off server.
- Some ISP's will give you the correct SMTP address to use for outgoing email, use it !
- If this file is not present, then normal one-to-one connectivity will happen. Some sites like GMail, will only accept one connection from 'Cable' or 'DSL' home connections. Which will slow down outgoing email or even deny connections.
- Check all redirections/forwards in /var/qmail/alias
- Check for any direct 'mailbox' saving, make sure that 'alias' account has write permission.
- (Solution also, forward email to user accounts if you want to save email out for specific user)
- Check for any called programs or routines, make sure in path, or specific state the location.
- Check for any direct 'mailbox' saving, make sure that 'alias' account has write permission.
[edit]
451 qq trouble creating files in queue (#4.3.0)
(Mail not send, Sending Error:)
DESC:
Permissional problem/issue.
FILE/DIRECTORY:
/var/qmail/bin
FIX:
$ chmod u+s /var/qmail/bin/qmail-queue $ chown qmailq:qmail /var/qmail/bin/qmail-queue
RESULT:
-rws--x--x 1 qmailq qmail 15464 2004-11-09 12:19 qmail-queue
[CONFIRMED, 2006.02.02, 2006.04.02]
[edit]
quarantine-attachments.txt is empty or missing
SOLUTION:
$ setuidgid qscand /var/qmail/bin/qmail-scanner-queue.pl -g perlscanner: generate new DB file from /var/spool/qmailscan/quarantine-attachments.txt perlscanner: total of 9 entries.
[edit]
This message is looping: it already has my Delivered-To line. (#5.4.6)
DESC:
When I send a message now to a user on my server from an outside account. I am getting this from qmail.
OBSERVATION:
You are probably forwarding mail to yourself.
SOLUTION:
Check your /var/qmail/control/smtproutes file to make sure you are not sending mail to a relay which is sending back to you, and also look at your forwarding files, .qmail, .qmail-default etc.
[edit]
Unable to close pipe to /var/qmail/bin/qmail-queue
FILE qms-events.log
1138948565:5337:ERROR:X-Antivirus-MYDOMAIN.ORG-1.25-st-qms:Unable to open pipe to /var/qmail/bin/qmail-queue [62] (#4.3.0) - 1138948565:5332:ERROR:X-Antivirus-aker.MYDOMAIN.ORG-1.25-st-qms:Unable to close pipe to /var/qmail/bin/qmail-queue [62] (#4.3.0) - Illegal seek
SOLUTION:
$ chown qmailq:qmail /var/qmail/bin/qmail-queue $ chmod 4711 /var/qmail/bin/qmail-queue (The suggested equivalant to assuring that chmod go+x and chmod u+s has been done correctly.)
[edit]
clamdscan: corrupt or unknown clamd scanner error
[edit]
or memory/resource/perms problem - exit status 512/2
ISSUE:
Mar 23 10:08:55 MYHOST X-Antivirus-MYDOMAIN-1.25-st-qms: [MYHOST.11115941357754112] clamdscan: corrupt or unknown clamd scanner error or memory/resource/perms problem - exit status 512/2
SOLUTION #1:
Check the paths in qmail-scanner-queue.pl for your clamav binaries.
SOLUTION #2:
Remove clamav (or clamdscan_scanner) from the scanners_installed array in qmail-scanner-queue.pl
SOLUTION #3:
set clamd to run as root. (instead of running as qscand)
SOLUTION #4:
One of the issues I had with configuring it was that it was trying to use clamav user to access its program. I wanted it to use qscand.
downloaded the clamav-0.80.tar.gz. untarred the file compile it with ./configure --disable-clamav --sysconfdir=/etc make && make install
Edit the clamav.conf and changed the user to the qscand. (problems should go away)
[edit]
(incorrect permissions or unable to write file)
ISSUE: File ownership is 'root' instead of proper 'qscand' or 'qscand:qscand'.
drwxrwx--- 5 qscand qscand 424 2006-02-02 04:59 ./ drwxr-xr-x 13 root root 352 2005-10-17 01:50 ../ -rw------- 1 qscand qscand 311970391 2006-02-02 04:32 qmail-queue.log -rw------- 1 root root 0 2006-02-02 04:32 qmail-scanner-queue-version.txt -rw------- 1 qscand qscand 258599592 2006-02-02 04:32 qms-events.log drwxrwx--- 5 qscand qscand 120 2005-10-17 01:50 quarantine/ -rw-r----- 1 root root 12288 2006-02-02 04:49 quarantine-attachments.db
SOLUTION:
$ chown qscand:root qmail-scanner-queue-version.txt
[edit]
Clamd was NOT notified: Can't connect to clamd through /tmp/clamd
ERROR:
ERROR: Clamd was NOT notified: Can't connect to clamd through /tmp/clamd
FIX:
Add line to /etc/freshclam.conf
NotifyClamd /etc/clamd.conf
DESC:
This tells freshclam where to pickup the information about 'clamd' and how to notify the process.
[edit]
451 qq trouble creating files in queue
(with Mail not sent. Sending error: )
DESC:
Trouble sending email from pine or other mail program on a 'qmail' enabled site.
CHECK:
$ tail /var/log/mail $ tail /var/log/qmail/qmail-send/current $ more /var/qmail/supervise/qmail-pop3d/run $ more /var/qmail/supervise/qmail-send/run
SOLUTION #1:
Possible issues/problems with scripts, double-check installation instructions for correct commands and formatting
SOLUTION #2:
Check recently changed xinetd config files.
SOLUTION:
FROM: legend 02-18-2004, 04:29 AM, Posting
Then do this : chown -R vpopmail.vchkpw /var/spool/qmailscan
AFter that, it should run. The system does use the vpopmail identity when scanning the mail with qmailscanner....
The point is, the user vpopmail needs to be able to read the configs and write to the log file. Besides that, it must be able to write the mail in working, so it should have write there too.
OTHER OPTIONS:
(last ditch effort)
$ "make setup"
From the qmail source directory should rebuild your mail queue, fixing any permission or other problems.
REFERENCES:
[edit]
(unknown)
FIX:
/etc/init.d/clamd restart
RESULT:
FILE: /var/log/clamd/clamd.log
Feb 2 04:23:28 HOSTNAME clamd[6028]: Pid file removed. Feb 2 04:23:28 HOSTNAME clamd[6028]: Exiting (clean) Feb 2 04:23:28 HOSTNAME clamd[6028]: --- Stopped at Thu Feb 2 04:23:28 2006
Feb 2 04:27:02 HOSTNAME clamd[29316]: Daemon started. Feb 2 04:27:02 HOSTNAME clamd[29316]: clamd daemon 0.88 (OS: linux-gnu, ARCH: i386, CPU: i686) Feb 2 04:27:02 HOSTNAME clamd[29316]: Log file size limited to 1048576 bytes. Feb 2 04:27:02 HOSTNAME clamd[29316]: Running as user qscand (UID 1009, GID 100) Feb 2 04:27:02 HOSTNAME clamd[29316]: Reading databases from /var/lib/clamav Feb 2 04:27:03 HOSTNAME clamd[29316]: Protecting against 43955 viruses. Feb 2 04:27:03 HOSTNAME clamd[29316]: Bound to address 127.0.0.1 on port 3310 Feb 2 04:27:03 HOSTNAME clamd[29316]: Setting connection queue length to 15 Feb 2 04:27:03 HOSTNAME clamd[29316]: Archive: Archived file size limit set to 10485760 bytes. Feb 2 04:27:03 HOSTNAME clamd[29316]: Archive: Recursion level limit set to 8. Feb 2 04:27:03 HOSTNAME clamd[29316]: Archive: Files limit set to 1000. Feb 2 04:27:03 HOSTNAME clamd[29316]: Archive: Compression ratio limit set to 250. Feb 2 04:27:03 HOSTNAME clamd[29316]: Archive support enabled. Feb 2 04:27:03 HOSTNAME clamd[29316]: Archive: RAR support disabled. Feb 2 04:27:03 HOSTNAME clamd[29316]: Portable Executable support enabled. Feb 2 04:27:03 HOSTNAME clamd[29316]: Mail files support enabled. Feb 2 04:27:03 HOSTNAME clamd[29316]: OLE2 support enabled. Feb 2 04:27:03 HOSTNAME clamd[29316]: HTML support enabled. Feb 2 04:27:03 HOSTNAME clamd[29316]: Self checking every 1800 seconds.
[edit]
GENERIC GENERAL SOLUTIONS
- (All files should be owned by the Qmail Scanner 'qscand')
$ chown -R qscand:qscand /var/spool/qmailscan
- Directory is missing or incorrect permissions
$ mkdir /var/spool/qmailscan/tmp $ chown qscand:vchkpw /var/spool/qmailscan/tmp
- I can't use qmail-scanner as I have an error during the ./configure that tell I can't do suid.
So i've installed the perl-suidperl rpm. but it is the same think. Here is the qmail-scanner FAQ :
A- Can't do suid: some perl distributions have decided that as running suid perl scripts is a rare event, they won't install/enable it by default. On these systems this package won't work. Typically the fix is:
$ chown root /usr/bin/suidperl $ chmod 4711 /usr/bin/suidperl
- Sometimes One solution I found was changing the owner/group to root/root for /var/spool/qmailscan.
- Then using chmod 777 -R qmailscan/ . Not what I wanted to do but it works for now...
[edit]
WARNING: lstat() failed on: /var/spool/qscan/tmp/mail.example.ro132320635978813191/test_mail.zip
This is hapend beacause files are unzipped in the tmp folder with root user.
Clamd work with qscand user and no have rights to scan files.
SOLUTION:
Enter in qmail-scanner-queue.pl and search about this:
"&debug("u_f: $zip_status, and successfully unzipped");"
After that insert these two lines:
my $xchmod=`chown -R $ENV{'TMPDIR'} qscand:qscand . 2>&1`;
&debug("u_f: change chmod to scand:qscand");
This is not a better solution but it works.
Niciun comentariu:
Trimiteți un comentariu