5 Replies Latest reply: Jun 28, 2007 11:26 PM by Austin Sloat
Austin Sloat Level 2 Level 2 (195 points)
On Tuesday night we got hit with the status=deferred (delivery temporarily suspended: connect to 127.0.0.1[127.0.0.1]: Connection refused issue. Thanks to the great info here as well as Alex's excellent tutorials I was able to get things running again and updated amavisd-new, clamav, and spamassassin in the process.

I still need to tweak my amavisd.conf settings to get things running as well as they were before.

A concern I have is that in the SMTP log I get this message: (!!)WARN: all primary virus scanners failed, considering backups

The message still seems to get processed... so is this warning something that needs to be addressed? The only other issue I am seeing right now that concerns me is that I am getting nothing written to /var/log/amavis.log but that could just be that I have missed something in the conf file

The last entries to amavis.log are presumably when the service went down:
Jun 26 20:40:10 ferrari-moe.com /usr/bin/amavisd[19508]: (19508-10) ESMTP> 250 2.6.0 Ok, id=19508-10, from MTA: 250 Ok: queued as 4B5851071AD8
Jun 26 20:40:10 ferrari-moe.com /usr/bin/amavisd[19508]: (19508-10) idle_proc, 6: was busy, 2072.0 ms, total idle 1442.274 s, busy 22.742 s
Jun 26 20:40:10 ferrari-moe.com /usr/bin/amavisd[19508]: (19508-10) idle_proc, 5: was idle, 0.1 ms, total idle 1442.274 s, busy 22.742 s
Jun 26 20:40:10 ferrari-moe.com /usr/bin/amavisd[19508]: (19508-10) prolong_timer after reading SMTP command: remaining time = 0 s
Jun 26 20:40:10 ferrari-moe.com /usr/bin/amavisd[19508]: (19508-10) ESMTP< QUIT\r\n
Jun 26 20:40:10 ferrari-moe.com /usr/bin/amavisd[19508]: (19508-10) ESMTP> 221 2.0.0 [127.0.0.1] amavisd-new closing transmission channel
Jun 26 20:40:10 ferrari-moe.com /usr/bin/amavisd[19508]: (19508-10) postprocess_requesthook: timer stopped
Jun 26 20:40:10 ferrari-moe.com /usr/bin/amavisd[19508]: (19508-10) idle_proc, bye: was busy, 0.7 ms, total idle 1442.274 s, busy 22.743 s
Jun 26 20:40:10 ferrari-moe.com /usr/bin/amavisd[19508]: (19508-10) load: 2 %, total idle 1442.274 s, busy 22.743 s
Jun 26 20:40:10 ferrari-moe.com /usr/bin/amavisd[19508]: (19508-10) childfinishhook: invoking DESTROY methods
Jun 26 20:40:10 ferrari-moe.com /usr/bin/amavisd[19508]: (19508-10) Amavis::In::SMTP::DESTROY called
Jun 26 20:40:10 ferrari-moe.com /usr/bin/amavisd[19508]: (19508-10) SMTP shutdown: empty tempdir is being removed: /var/amavis/amavis-20070626T201545-19508
Jun 26 20:40:10 ferrari-moe.com /usr/bin/amavisd[19508]: (19508-10) rmdir_recursively: /var/amavis/amavis-20070626T201545-19508, excl=
Jun 26 20:40:10 ferrari-moe.com /usr/bin/amavisd[19508]: (19508-10) rmdir_recursively: /var/amavis/amavis-20070626T201545-19508/parts, excl=0
Jun 26 20:40:10 ferrari-moe.com /usr/bin/amavisd[19508]: (19508-10) at the END handler: invoking DESTROY methods
Jun 26 20:40:10 ferrari-moe.com /usr/bin/amavisd[20154]: BerkeleyDB not available, using memory-based local cache
Jun 26 20:41:53 ferrari-moe.com /usr/bin/amavisd[25040]: Net::Server: 2007/06/26-20:41:53 Server closing!
Jun 26 20:41:53 ferrari-moe.com /usr/bin/amavisd[20154]: childfinishhook: invoking DESTROY methods
Jun 26 20:41:53 ferrari-moe.com /usr/bin/amavisd[19531]: (19531-06) childfinishhook: invoking DESTROY methods
Jun 26 20:41:53 ferrari-moe.com /usr/bin/amavisd[19531]: (19531-06) Amavis::In::SMTP::DESTROY called
Jun 26 20:41:53 ferrari-moe.com /usr/bin/amavisd[19531]: (19531-06) SMTP shutdown: empty tempdir is being removed: /var/amavis/amavis-20070626T202121-19531
Jun 26 20:41:53 ferrari-moe.com /usr/bin/amavisd[19531]: (19531-06) rmdir_recursively: /var/amavis/amavis-20070626T202121-19531, excl=
Jun 26 20:41:53 ferrari-moe.com /usr/bin/amavisd[20154]: at the END handler: invoking DESTROY methods
Jun 26 20:41:53 ferrari-moe.com /usr/bin/amavisd[25040]: at the END handler: invoking DESTROY methods
Jun 26 20:41:53 ferrari-moe.com /usr/bin/amavisd[19531]: (19531-06) rmdir_recursively: /var/amavis/amavis-20070626T202121-19531/parts, excl=0
Jun 26 20:41:53 ferrari-moe.com /usr/bin/amavisd[19531]: (19531-06) at the END handler: invoking DESTROY methods


by the way, we were on 10.4.9 before the mail service went down and took the opportunity to update to 10.4.10 since we were restarting anyway

PowerBook G4 1.67, Mac OS X (10.4.10), Intel MacPro
  • pterobyte Level 6 Level 6 (10,910 points)
    I still need to tweak my amavisd.conf settings to get
    things running as well as they were before.

    A concern I have is that in the SMTP log I get this
    message: (!!)WARN: all primary virus scanners
    failed, considering backups


    No concern, this is normal. Apple's default configuration doesn't use clamd (which would be amavisd's primary scanner), but clamscan (which amavisd picks up as its secondary).

    Having said that, since you did update ClamAV as well, you could start using clamd, which is far more efficent and faster than clamscan. Instructions are given in my ClamAV tutorial.

    The only other issue I am seeing right now that
    concerns me is that I am getting nothing written to
    /var/log/amavis.log but that could just be that I
    have missed something in the conf file


    Again, no concern here. Recent versions of amavisd default to writing into the syslog facility rather than their own. Unless you have a specific need for logging separately into amavis.log, I would keep it as is. (Having all in mail.log makes it easier to run stats should you decide so some day).

    To revert to amavis.log, edit amavisd.conf and change:
    $DO_SYSLOG = 1;
    to
    $DO_SYSLOG = 0;

    also add:
    $LOGFILE = "/var/log/amavis.log"


    HTH,
    Alex
  • Austin Sloat Level 2 Level 2 (195 points)
    Thank Alex. I thought I had completed all the steps in your tutorial. I will review it again though. By the way, I confirmed that I cannot ping zen.spamhaus.org from my server. The DNS servers we use must be blocking them.
  • pterobyte Level 6 Level 6 (10,910 points)
    Thank Alex. I thought I had completed all the steps
    in your tutorial. I will review it again though.


    Chapter 5. - Additional features

    By
    the way, I confirmed that I cannot ping
    zen.spamhaus.org from my server. The DNS servers we
    use must be blocking them.


    Not being able to ping doesn't mean a server is not reachable. Echoes from a ping are often blocked at the firewall.
    If you see it working in your mail.log you are fine.
    Besides, why should your DNS servers block them?
  • davidh Level 4 Level 4 (1,890 points)
    If the log entries aren't assurance enough, see the very bottom of this page:
    http://www.spamhaus.org/faq/answers.lasso?section=DNSBL%20How%20To%20Use
  • Austin Sloat Level 2 Level 2 (195 points)
    You forget my other post. I enabled the rbl settings and the logs indicated a failure to contact zen.spamhaus.org I may try again.