14 Replies Latest reply: Nov 15, 2007 11:43 PM by Austin Sloat
Austin Sloat Level 2 Level 2 (195 points)
Back in June I ran through Alex's tutorials and updated amavis-new, clamav, spamassassin, etc. Everything was working great until about two weeks ago when incoming smtp delivery got stacked up in the queue with a "status=deferred (delivery temporarily suspended: connect to 127.0.0.1[127.0.0.1]: Connection refused)" entry in the SMTP log.

Restarting the machine cleared the log, but after about a week the same problem happened (while I was out of town w/o a computer) and the machine was restarted again. Now we have no incoming mail being delivered and I need to figure out what to do.

Amavisd is running, or was I should say. So far I have run through Alex's instructions and updated ClamAV. Amavisd is the same version 2.5.2. To clear the queue I disabled filtering (I think) by commenting out the "content_filter = smtp-amavis:[127.0.0.1]:10024" line in main.cf.

However, although amavisd no longer seems to be running (no reply to the telnet query) I am still getting "status=deferred (delivery temporarily suspended: connect to 127.0.0.1[127.0.0.1]: Connection refused)" entries in the mail log.

At this point I just want to get the queue cleared and mail running again. As far as I can tell outgoing mail is fine and for some reason the occasional incoming message gets through-- maybe as a result of the first few messages when mail is reloaded...

I have no entries in /var/log/amavis.log since June when I updated so there is no help there.

Any help is appreciated.

ferrari-moe:/etc fmserver$ sudo postconf -n
alias_maps = hash:/etc/aliases,hash:/var/mailman/data/aliases
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
debugpeerlevel = 2
enableserveroptions = yes
html_directory = no
inet_interfaces = all
localrecipientmaps = proxy:unix:passwd.byname $alias_maps
mail_owner = postfix
mailboxsizelimit = 0
mailbox_transport = cyrus
mailq_path = /usr/bin/mailq
manpage_directory = /usr/share/man
mapsrbldomains =
messagesizelimit = 0
mydestination = $myhostname,localhost.$mydomain,localhost
mydomain_fallback = localhost
myhostname = ferrari-moe.com
mynetworks = 127.0.0.1/32
mynetworks_style = host
newaliases_path = /usr/bin/newaliases
ownerrequestspecial = no
queue_directory = /private/var/spool/postfix
readme_directory = /usr/share/doc/postfix
recipient_delimiter = +
sample_directory = /usr/share/doc/postfix/examples
sendmail_path = /usr/sbin/sendmail
setgid_group = postdrop
smtpdclientrestrictions = permitsaslauthenticated, permit_mynetworks, permit
smtpddatarestrictions = permitmynetworks,reject_unauthpipelining,permit
smtpdhelorequired = yes
smtpdhelorestrictions = permitsasl_authenticated,permit_mynetworks,check_heloaccess hash:/etc/postfix/heloaccess,reject_non_fqdn_hostname,reject_invalidhostname,permit
smtpdpw_server_securityoptions = login,plain,cram-md5,gssapi
smtpdrecipientrestrictions = rejectinvalid_hostname,reject_non_fqdn_sender,reject_non_fqdn_recipient,permit_sasl_au thenticated,permit_mynetworks,reject_unauthdestination,permit
smtpdsasl_authenable = yes
smtpdsenderrestrictions = permitsaslauthenticated, permit_mynetworks, rejectnon_fqdnsender, permit
smtpdtlsCAfile = /etc/certificates/ferrari-moe.com.chcrt
smtpdtls_certfile = /etc/certificates/ferrari-moe.com.crt
smtpdtls_keyfile = /etc/certificates/ferrari-moe.com.key
smtpduse_pwserver = yes
smtpdusetls = yes
unknownlocal_recipient_rejectcode = 550

PowerBook G4 1.67, Mac OS X (10.5)
  • pterobyte Level 6 Level 6 (10,910 points)
    Did you restart the queue after disabling the content filter?
    sudo postsuper -r ALL
  • Austin Sloat Level 2 Level 2 (195 points)
    I just tried to use the retry or resend option in serveradmin. I am trying to stay away from serveradmin but I didn't know a better way to check the queue. I just ran through all your tutorials again, reinstalled amavis-new and updated spamassassin (as well clamav yesterday) and just restarted the server. We'll see. If that didn't do it then I will disable filtering again and try to restart the queue as shown. Thanks.
  • Austin Sloat Level 2 Level 2 (195 points)
    Hmm. Now that I have restarted amavisd is not running and when I try to start it up I get a "nothing found to load" I must have skipped something.
  • Austin Sloat Level 2 Level 2 (195 points)
    After manually editing the plist I was able to load amavis and it seems that the queue is slowly processing. Mail is voodoo. Thanks Alex for your tutorials. I have no idea which of the many steps I took did the trick, but for now things seem to be working. While everything was down I tried to (again) implement the blacklist servers, and this time I went verbatim from the frontline defense tutorial. Unlike previous attempts the mailserver was connecting to spamhaus, but the results were too restrictive (bouncing a test gmail message to myself) so I guess I have to give up on that for now.
  • pterobyte Level 6 Level 6 (10,910 points)
    Unlike previous attempts the mailserver was connecting to spamhaus, but the results were too
    restrictive (bouncing a test gmail message to myself)


    I seriously doubt that spamhaus.org has gmail blacklisted. I would bet you have some other issue.
    Please post logs for more info.
  • Austin Sloat Level 2 Level 2 (195 points)
    No doubt you are correct. I will see if I can find that log. Right now I have more immediate problems. I had filtering running briefly, but I was hit by the IO::File error where no attachments got through. I followed an earlier post of yours and updated IO::File using CPAN and while that seemed to process without any errors as soon as I started everything back up I was back to the delivery suspended issue. I worked on that until about 2am and then gave up and took a break (from the server) last night. I need to get it fixed though as I spent a few hours last night clearing out about a thousand spam messages from one user's box -- all accumulated in the day that filtering was off. I would like to spend the time upgrading to Leopard server, which we have already bought, but our server is also running a Helix database server and Helix will not yet run on Leopard it seems. I can't easily move the Helix server off as we are using a web interface to connect to it (as the Helix client is only classic). Don't ask why I was doing the spam cleaning rather than the affected user.
  • Austin Sloat Level 2 Level 2 (195 points)
    Alex,

    Strangely enough I can't find a log entry to correspond with the bounced email. This is the text of the bounce I got back from gmail:

    {quote}This is an automatically generated Delivery Status Notification

    Delivery to the following recipient failed permanently:

    xxxx@ferrari-moe.com

    Technical details of permanent failure:
    PERM_FAILURE: SMTP Error (state 13): 554 Service unavailable; Client host [64.233.182.188] blocked using zen.spamhaus.org

    ----- Original message -----

    Received: by 10.78.200.20 with SMTP id x20mr7241314huf.1194989468716;
    Tue, 13 Nov 2007 13:31:08 -0800 (PST)
    Received: by 10.78.151.14 with HTTP; Tue, 13 Nov 2007 13:31:08 -0800 (PST)
    Message-ID: <ee59040c0711131331o1912dd88sd166ff2f7ce67f00@mail.gmail.com>
    Date: Tue, 13 Nov 2007 13:31:08 -0800
    From: "Austin Sloat" <xxxx@gmail.com>
    Reply-To: xxxx@alum.mit.edu
    To: "Austin Sloat" <xxxx@ferrari-moe.com>
    Subject: test
    MIME-Version: 1.0
    Content-Type: multipart/alternative;
    boundary="----=Part_216719496781.1194989468712"

    ------=Part_216719496781.1194989468712
    Content-Type: text/plain; charset=ISO-8859-1
    Content-Transfer-Encoding: 7bit
    Content-Disposition: inline

    test

    ------=Part_216719496781.1194989468712
    Content-Type: text/html; charset=ISO-8859-1
    Content-Transfer-Encoding: 7bit

    ----- Message truncated -----
    {quote}

    The IP address listed is a google address but I checked and it is not listed. In this case what does the 554 error indicate? In looking through the log during the short time I had the blackhole server set up all log entries that have "zen.spamhaus.org" in them also have a block warning and the 554 error. In fact no mail seems to have gotten through during those ten minutes or so.

    Most appears to be spam but some seems legit just from the sending address. Here is a sample edited log entry:

    {quote}
    Nov 13 13:15:58 ferrari-moe postfix/smtpd[463]: NOQUEUE: reject: RCPT from unknown[91.64.228.36]: 554 Service unavailable; Client host [91.64.228.36] blocked using zen.spamhaus.org; http://www.spamhaus.org/query/bl?ip=91.64.228.36; from=<tekekara@qatar.net.qa> to=<xxxx@ferrari-moe.com> proto=ESMTP helo=<name-74af242664>{quote}

    Any ideas?
  • pterobyte Level 6 Level 6 (10,910 points)
    Doesn't really make sense since 64.233.182.188 is not blacklisted. Can you show me the output of postconf -n while zen.spamhaus.org is in use?
  • Austin Sloat Level 2 Level 2 (195 points)
    Okay. I will post that. Since it bounces all mail I will probably have to wait until after work hours.
  • Austin Sloat Level 2 Level 2 (195 points)
    alias_maps = hash:/etc/aliases,hash:/var/mailman/data/aliases
    command_directory = /usr/sbin
    config_directory = /etc/postfix
    daemon_directory = /usr/libexec/postfix
    debugpeerlevel = 2
    disablevrfycommand = yes
    enableserveroptions = yes
    html_directory = no
    inet_interfaces = localhost
    localrecipientmaps = proxy:unix:passwd.byname $alias_maps
    mail_owner = postfix
    mailboxsizelimit = 0
    mailbox_transport = cyrus
    mailq_path = /usr/bin/mailq
    manpage_directory = /usr/share/man
    mapsrbldomains =
    messagesizelimit = 0
    mydestination = $myhostname,localhost.$mydomain,localhost
    mydomain_fallback = localhost
    myhostname = ferrari-moe.com
    mynetworks = 127.0.0.1/32
    mynetworks_style = host
    newaliases_path = /usr/bin/newaliases
    ownerrequestspecial = no
    queue_directory = /private/var/spool/postfix
    readme_directory = /usr/share/doc/postfix
    recipient_delimiter = +
    sample_directory = /usr/share/doc/postfix/examples
    sendmail_path = /usr/sbin/sendmail
    setgid_group = postdrop
    smtpdclientrestrictions = permitsaslauthenticated, permit_mynetworks, rejectrblclient zen.spamhaus.org, permit
    smtpddatarestrictions = permit_mynetworks, rejectunauthpipelining, permit
    smtpdhelorequired = yes
    smtpdhelorestrictions = permitsaslauthenticated, permit_mynetworks, checkheloaccess hash:/etc/postfix/helo_access, rejectnon_fqdnhostname, rejectinvalidhostname, permit
    smtpdpw_server_securityoptions = login,plain,cram-md5,gssapi
    smtpdrecipientrestrictions = rejectinvalidhostname, rejectnon_fqdnsender, rejectnon_fqdnrecipient, permitsaslauthenticated, permit_mynetworks, rejectunauthdestination, rejectunlistedrecipient, rejectrblclient zen.spamhaus.org, permit
    smtpdsasl_authenable = yes
    smtpdtlsCAfile = /etc/certificates/ferrari-moe.com.chcrt
    smtpdtls_certfile = /etc/certificates/ferrari-moe.com.crt
    smtpdtls_keyfile = /etc/certificates/ferrari-moe.com.key
    smtpduse_pwserver = yes
    smtpdusetls = yes
    unknownlocal_recipient_rejectcode = 550
  • pterobyte Level 6 Level 6 (10,910 points)
    Looks OK. Will give it some thinking.
  • Austin Sloat Level 2 Level 2 (195 points)
    Thanks. I just updated to 10.4.11 and did a firmware update on the MacPro and have run through the clamav, amavis-new and spamassassin update tutorials again. I am hopeful that I can at least get filtering working again. Truth be told once SA is doing its thing very little spam gets through. I know that getting the blackhole servers running will reduce the load, but on our system load isn't that much of an issue.

    Our ISP is earthlink, (covad dsl line) by the way. I wonder if they are doing something that interferes with our connection to spamhaus. The odd thing is that although it says that service is unavailable it does not fail gracefully - rather it rejects the message.
  • pterobyte Level 6 Level 6 (10,910 points)
    Our ISP is earthlink, (covad dsl line) by the way.
    I wonder if they are doing something that interferes with our connection to spamhaus


    Good point. I have seen this happening before (mainly with AT&T or AT&T related ISPs). You could try a few different RBLs.
  • Austin Sloat Level 2 Level 2 (195 points)
    Fortunately it seems like filtering is working again. Attachments seem to work as well. For some reason mail.log doesn't seem to be updating at the moment, but at least messages are going through.