Topic: Server bouncing emails and unable to send from Horde- can send/receive locally.

[ber]

Hi a desperate post regarding My SME 7.4 server- been running well now rejecting emails and unable to send.
I host 6 domains and all are not receiving emails- all are being bounced back. Checked all the settings through the browser- all seem to be set as per usual.
can access the server externally and internally- ports are open and directed via the router. Can access HORDE but cant send out emails.
sme7admin says that all email services are running, pop3,imap,qmail,qpsmtpd,sqpsmtpd, squid etc..
Have rebooted the server and router several times.

last email received appx 7:30am this morning
Went through the logs- cant make too much sense from it.
heres a copy.

Apr 16 04:00:11 server su(pam_unix)[4226]: session closed for user qmailr
Apr 16 04:11:53 server proftpd[2371]: server.ber.local (60.18.168.108[60.18.168.108]) - FTP session opened.
Apr 16 04:11:57 server proftpd[2371]: server.ber.local (60.18.168.108[60.18.168.108]) - FTP session closed.
Apr 16 04:15:01 server su(pam_unix)[2551]: session opened for user qmailr by (uid=0)
Apr 16 04:15:10 server su(pam_unix)[2551]: session closed for user qmailr
Apr 16 04:30:01 server su(pam_unix)[3423]: session opened for user qmailr by (uid=0)
Apr 16 04:30:10 server su(pam_unix)[3423]: session closed for user qmailr
Apr 16 04:45:02 server su(pam_unix)[4299]: session opened for user qmailr by (uid=0)
Apr 16 04:45:11 server su(pam_unix)[4299]: session closed for user qmailr
Apr 16 05:00:01 server su(pam_unix)[5164]: session opened for user qmailr by (uid=0)
Apr 16 05:00:10 server su(pam_unix)[5164]: session closed for user qmailr
Apr 16 05:15:01 server su(pam_unix)[6020]: session opened for user qmailr by (uid=0)
Apr 16 05:15:10 server su(pam_unix)[6020]: session closed for user qmailr
Apr 16 05:30:01 server su(pam_unix)[6875]: session opened for user qmailr by (uid=0)
Apr 16 05:30:11 server su(pam_unix)[6875]: session closed for user qmailr
Apr 16 05:45:01 server su(pam_unix)[7876]: session opened for user qmailr by (uid=0)
Apr 16 05:45:10 server su(pam_unix)[7876]: session closed for user qmailr
Apr 16 06:00:02 server su(pam_unix)[8784]: session opened for user qmailr by (uid=0)
Apr 16 06:00:11 server su(pam_unix)[8784]: session closed for user qmailr
Apr 16 06:15:01 server su(pam_unix)[9827]: session opened for user qmailr by (uid=0)
Apr 16 06:15:10 server su(pam_unix)[9827]: session closed for user qmailr
Apr 16 06:30:01 server su(pam_unix)[10722]: session opened for user qmailr by (uid=0)
Apr 16 06:30:19 server su(pam_unix)[10722]: session closed for user qmailr
Apr 16 06:45:02 server su(pam_unix)[11585]: session opened for user qmailr by (uid=0)
Apr 16 06:45:13 server su(pam_unix)[11585]: session closed for user qmailr
Apr 16 07:00:02 server su(pam_unix)[12414]: session opened for user qmailr by (uid=0)
Apr 16 07:00:11 server su(pam_unix)[12414]: session closed for user qmailr
Apr 16 07:15:01 server su(pam_unix)[13386]: session opened for user qmailr by (uid=0)
Apr 16 07:15:10 server su(pam_unix)[13386]: session closed for user qmailr
Apr 16 07:30:01 server su(pam_unix)[14225]: session opened for user qmailr by (uid=0)
Apr 16 07:30:11 server su(pam_unix)[14225]: session closed for user qmailr
Apr 16 07:45:02 server su(pam_unix)[15155]: session opened for user qmailr by (uid=0)
Apr 16 07:45:13 server su(pam_unix)[15155]: session closed for user qmailr
Apr 16 08:00:02 server su(pam_unix)[17409]: session opened for user qmailr by (uid=0)
Apr 16 08:00:11 server su(pam_unix)[17409]: session closed for user qmailr
Apr 16 08:15:01 server su(pam_unix)[20005]: session opened for user qmailr by (uid=0)
Apr 16 08:15:12 server su(pam_unix)[20005]: session closed for user qmailr
Apr 16 08:30:01 server su(pam_unix)[22573]: session opened for user qmailr by (uid=0)
Apr 16 08:30:12 server su(pam_unix)[22573]: session closed for user qmailr
Apr 16 08:45:01 server su(pam_unix)[25113]: session opened for user qmailr by (uid=0)
Apr 16 08:45:11 server su(pam_unix)[25113]: session closed for user qmailr
Apr 16 09:00:01 server su(pam_unix)[27709]: session opened for user qmailr by (uid=0)
Apr 16 09:00:11 server su(pam_unix)[27709]: session closed for user qmailr
Apr 16 09:15:01 server su(pam_unix)[30389]: session opened for user qmailr by (uid=0)
Apr 16 09:15:11 server su(pam_unix)[30389]: session closed for user qmailr
Apr 16 09:15:17 server squid[4659]: sslReadServer: FD 30: read failure: (104) Connection reset by peer
Apr 16 09:15:17 server squid[4659]: sslReadServer: FD 42: read failure: (104) Connection reset by peer
Apr 16 09:15:17 server squid[4659]: sslReadServer: FD 32: read failure: (104) Connection reset by peer
Apr 16 09:15:17 server squid[4659]: sslReadServer: FD 40: read failure: (104) Connection reset by peer
Apr 16 09:15:17 server squid[4659]: sslReadServer: FD 43: read failure: (104) Connection reset by peer
Apr 16 09:15:18 server squid[4659]: sslReadServer: FD 29: read failure: (104) Connection reset by peer
Apr 16 09:15:18 server squid[4659]: sslReadServer: FD 16: read failure: (104) Connection reset by peer
Apr 16 09:15:18 server squid[4659]: sslReadServer: FD 33: read failure: (104) Connection reset by peer

I can see a FTP access to the servert- from someone in China's?!?!? has he done anything?

any more info needed happy to forward on.

Thank You.

[agodin]

We have at least 4 servers at 7.4 all doing same thing - looking into it now

[crazybob]

Have you applied the latest updates? I ran into a similar situation this afternoon. Server was 7.4 It had been a while since I  had updated the server, and the updates fixed it.

[agodin]

Have made sure on of these ones is fully updated at least

Issue appears to be either ClamAV or AntiSpam as turning these options off resolved it on the main one we are looking at... checking others now, but looking into that as cause

[ber]

Here is more info from a email report contrib thats loaded on the server- hope thsi helps.

Mail Log File Analysis
Report generated: Fri 16 Apr 2010 14:42:48 NZST

Basic statistics

qtime is the time spent by a message in the queue.

ddelay is the latency for a successful delivery to one recipient---the
end of successful delivery, minus the time when the message was queued.

xdelay is the latency for a delivery attempt---the time when the attempt
finished, minus the time when it started. The average concurrency is the
total xdelay for all deliveries divided by the time span; this is a good
measure of how busy the mailer is.

Completed messages: 42204
Recipients for completed messages: 44831
Total delivery attempts for completed messages: 44831
Average delivery attempts per completed message: 1.06225
Bytes in completed messages: 1814360224
Bytes weighted by success: 1913692364
Average message qtime (s): 0.109091

Total delivery attempts: 44843
  success: 44824
  failure: 8
  deferral: 11
Total ddelay (s): 4890.192803
Average ddelay per success (s): 0.109098
Total xdelay (s): 5176.758301
Average xdelay per delivery attempt (s): 0.115442
Time span (days): 54.1986
Average concurrency: 0.00110549

[crazybob]

Chick this, not an answer, but similar problem   http://forums.contribs.org/index.php/topic,45830.0.html

[agodin]

Turning Virus Scanning off for emails has resolved this for us, not a solution but a temporary fix at least

[ber]

Hi System is up to date...

clamd is stopped??? cant start it???

anyone advise how to disable ClamAV or is this the daemon?

[agodin]

Easy way to disable is to use the web admin (https://ipaddress/server-manager then go to E-mail then Change e-mail filtering settings, turn the Virus Scanning to disabled until we can find proper solution

[agodin]

Even though our systems are updated regularly, there is a clamav update there for installation

Did this manually

yum update clamav

signal-event post-upgrade; signal-event reboot

After reboot reactivated Virus Scanning on E-mail settings and all good now, will monitor and rollout to our other installs...

Hope this helps others
Cheers

Anthony Godin

[ber]

Hi Gordon, i disabled the virus scan and a email popped through- IO have noticed that i'm not getting the clamav updates in my logs up until about 1-2 months ago??
Ive run the yum script and had an error:


[root@server ~]# yum update clamav
==============================================================
WARNING: Additional commands may be required after running yum
==============================================================
Loading "smeserver" plugin
Loading "installonlyn" plugin
Loading "fastestmirror" plugin
Loading "protect-packages" plugin
Existing lock /var/run/yum.pid: another copy is running. Aborting.
================================================================
No new rpms were installed. No additional commands are required.

I'm gonna reboot after doing a reconfigure and then take the settings back to normal and see how it goes- thanks for the help- much appreciated- was sweating for a while there.

Regards John Henry NZL.

[agodin]

It's OK to delete the yum.pid when you get this message 'Existing lock /var/run/yum.pid: another copy is running. Aborting.' if you have rebooted, as you know there cannot be a yum process running still

Sometimes the update gets caught if you loose connection or other network issues (or reboot etc) but the lock file can get left behind.

We have done the update on 6 servers all showing same fault and now all operational again - will continue testing and checking and see...

Regards
Anthony Godin

[ber]

Hi Anthony, sorry I'm a newbie at this, especially command line etc...
I dont understand the reply, I'm new to linux, Ive been getting by, by just doing everything from the browser- times like these i have to get under the hood- it just scares me.

[ber]

Ive checked my ClamAV logs and its outdated- can you advise how i can update the program:

2010-04-16 16:33:24.395011500 LibClamAV Warning: ***********************************************************
2010-04-16 16:33:24.395117500 LibClamAV Warning: ***  This version of the ClamAV engine is outdated.     ***
2010-04-16 16:33:24.395174500 LibClamAV Warning: *** DON'T PANIC! Read http://www.clamav.net/support/faq ***
2010-04-16 16:33:24.395226500 LibClamAV Warning: ***********************************************************
2010-04-16 16:33:24.541658500 LibClamAV Error: cli_hex2str(): Malformed hexstring: This ClamAV version has reached End of Life! Please upgrade to version 0.95 or later. For more information see  www.clamav.net/eol-clamav-094 and www.clamav.net/download (length: 169)
2010-04-16 16:33:24.541764500 LibClamAV Error: Problem parsing database at line 742
2010-04-16 16:33:24.549212500 LibClamAV Error: Can't load daily.ndb: Malformed database
2010-04-16 16:33:24.549298500 LibClamAV Error: cli_tgzload: Can't load daily.ndb
2010-04-16 16:33:24.549420500 LibClamAV Error: Can't load /var/clamav/daily.cld: Malformed database
2010-04-16 16:33:24.549630500 ERROR: Malformed database

[agodin]

Have sent you a note if you wish me to contact you.

Basically you need to delete the yum lock file first :
--> rm /var/run/yum.pid

RM = delete/remove

Then run the yum updater, looking specifically at clamav

--> yum update clamav

This should then get the new version for you, showing 2 updates.
When it installs the new version of clamav and its dependancies, it then migrates existing settings and database to new version thus fixing up the database issue.

You then advise the system to update its internal configuration and reboot
--> signal-event post-upgrade; signal-event reboot

After reboot emails should be flowing again as normal

Have done this to about 12 systems today (we love SME) and seems to do the trick for the moment at least

Regards
Anthony

[ber]

Hi Anthony, ran the script here is the output- no such file- any ideas?


[root@server ~]# rm /var/run/yum.pid
rm: cannot lstat `/var/run/yum.pid': No such file or directory
[root@server ~]# ls /var/run/
acpid.socket            httpd.pid         netreport  sme7admin.pid
clamav                  httpd.scoreboard  nmbd.pid   snmpd
console                 iptraf            nut        sshd.pid
crond.pid               klogd.pid         openldap   sudo
cron.reboot             lpd.515           ppp        syslogd.pid
dbus                    lprng             pptpd.pid  usb
dovecot                 mdadm             proftpd    utmp
haldaemon.pid           mdmpd             radiusd    winbindd
httpd-admin.pid         messagebus.pid    saslauthd
httpd-admin.scoreboard  mysqld            smbd.pid
[root@server ~]#

[kryptos]

I have finished update clamav to new version and do a signal-event post-upgrade and reboot. But I have error starting clamav deamon. See error below

Code: [Select]

Starting Clam AntiVirus Daemon: WARNING: Ignoring deprecated option ArchiveBlockMax at line 12
WARNING: Ignoring deprecated option ArchiveMaxCompressionRatio at line 13
ERROR: Parse error at line 14: Unknown option ArchiveMaxFileSize
ERROR: Can't open/parse the config file /etc/clamd.conf

I'm still using 7.3 but im afraid to upgrade to 7.4 right now. I have many setup made to this server so upgrading is not yet possible for me.  Based from the error I think there something need to commented on the /etc/clamd.conf but I don't know what will be the code of the template I will put. Anyone please advise.


P.S I try to update smeserver-clamav but I  have error missing dependency on Whiptail.

Regards,
Rocel

[agodin]

Ber's issue was to do with one of the sme-update repositories being disabled for yum updates - once this was enabled was then able to update to the latest ClamAV and db versions  0.95.3/10751/Fri Apr 16 11:23:45 2010

Bit odd as some of the systems we have dealt with today have regular updates, including one that was fully updated this morning but we had to do the clamav update manually to get it all going again.

Hope this helps others

Cheers
Anthony Godin

[jmvelez]

Clamav .94 End of Life yesterday (April 15, 2010 check it at http://www.clamav.net/).  You need  to update Clamav using YUM

[jonroberts]

Had the same problem on 4 servers.  The update fixed three, but still have one reporting problems.  Its SME 7.4, but has been recently upgraded from a 6x. 

I realise now that it had the ClamAV contrib installed & so Server Manager has two antivirus panels (the old & the new).  I suspect this may be the cause of the problem.

I've tried uninstalling it but without success so not sure I've done it correctly.  Is there a way I can completely uninstall Clam, including both the pre-installed SME7.4 and any parts of the previous contrib that may still be around and then download & re-install just the current version?

[Stefano]

hi..

first of all recover all the involved rpms with:

Code: [Select]

rpm -qa | grep clam
rpm -qa | grep virus

then remove it with

Code: [Select]

rpm -e --nodeps smeserver-clamav sme-antivirus clamd clamav clamav-db

the above list should work

then

Code: [Select]

yum install smeserver-clamav
signal-event post-upgrade
signal-event reboot

should work

HTH

[mmccarn]

It's OK to delete the yum.pid when you get this message 'Existing lock /var/run/yum.pid: another copy is running. Aborting.' if you have rebooted, as you know there cannot be a yum process running still

The SME "local" event (which is run at the end of the every reboot) runs yum in order to update the list of available packages in server-manager. 

As you know, yum is also run at other times for the same purpose:
http://wiki.contribs.org/Updating_from_SME_7.1.x_or_earlier#Existing_lock_.2Fvar.2Frun.2Fyum.pid:_another_copy_is_running._Aborting.

I don't know whether or not removing the lock file and re-running yum will damage anything, but on my medium-slow SME server if I wait 2 - 5 minutes the lock file goes away and yum works fine.

[CharlieBrady]

It's OK to delete the yum.pid when you get this message 'Existing lock /var/run/yum.pid: another copy is running. Aborting.'

No, it is not OK to do that.

if you have rebooted, as you know there cannot be a yum process running still

That is also untrue, as yum is run during normal startup.

[jonroberts]

Stefano - thanks for the tip, but after running an update the server failed to boot so I think there's a hardware problem, probably disk.  I was trying to sort the problem remotely, but will now visit the site to sort. 

[Stefano]

Stefano - thanks for the tip, but after running an update the server failed to boot so I think there's a hardware problem, probably disk.  I was trying to sort the problem remotely, but will now visit the site to sort. 

please report any problem (not hardware ) in bugzilla, thank you

[cactus]

It's OK to delete the yum.pid when you get this message 'Existing lock /var/run/yum.pid: another copy is running. Aborting.' if you have rebooted, as you know there cannot be a yum process running still

No it isn't. Another yum process is actually running, even after a reboot as a check for updates is performed at that moment (as well), which is why yum is locked. Wait a few minutes and then retry, killing yum is not the proper solution.

[CharlieBrady]

Hi a desperate post regarding My SME 7.4 server- been running well now rejecting emails ...

You should double check whether that is true or not. If clamav is down, your server should only be deferring email messages, not rejecting them. They will arrive a little later, after you have fixed the problem.

[ber]

Hi I just want to say thank you for all the helpful response to my post and even Anthony's helpful follow-up phone call!! JUST AWESOME.
As he mentioned it turned out to be clamv program being out of date due to my sme repository's not being setup properly. Thanks again- look forward to when i can be a helpful contributer to someone who needs help. Still learning and enjoying the ride.

Regards John Henry

[MSmith]

One server that had been running faithfully for years stopped sending/receiving emails even locally, and would not do so until virus scanning was disabled.  Server was updated, same result.  However, I should note that this machine is a 500 MHz Athlon with 512 megs of RAM so I am thinking the hardware just isn't up to the task.  I've ordered a replacement machine (2 GHz Xeon, 2 gigs RAM) and will do the usual Affa replacement and am hoping that'll take care of the problem.

[johnp]

One server that had been running faithfully for years stopped sending/receiving emails even locally, and would not do so until virus scanning was disabled.  Server was updated, same result.  However, I should note that this machine is a 500 MHz Athlon with 512 megs of RAM so I am thinking the hardware just isn't up to the task.  I've ordered a replacement machine (2 GHz Xeon, 2 gigs RAM) and will do the usual Affa replacement and am hoping that'll take care of the problem.

I think you should raise a bug report.

[CharlieBrady]

One server that had been running faithfully for years stopped sending/receiving emails even locally, and would not do so until virus scanning was disabled.  Server was updated, same result.

It should "just work". If it doesn't, please open a bug report.

[MSmith]

I'm planning to add some more RAM to the machine which should give it some additional breathing room.  Once I know the results of that I'll open a bug.