Topic: lots of problems with email bounces due to sme anti-spam

[hanscees]

Hi,

lately my sme9 is returning a lot of legitimate email coming in because it thinks it is spam.
I am not sure why yet and will start digging.

At the same time a lot of spam does get through. But that could be because of more spam on the internet, I am not sure.

Anybody out there with the same problems?

[Stefano]

hanscees, after 250 posts you should know that we expect you to post some log excerpts or anything usefull to help you

basically, you are saying that something is not working properly from your point of view..

[hanscees]

hanscees, after 250 posts you should know that we expect you to post some log excerpts or anything usefull to help you

basically, you are saying that something is not working properly from your point of view..

Here is what happens a lot, mail I know has no virus is denied by clamav suddenly

You want logging, we got logging:


/var/log/qpsmtpd/@40000000545bd4242686f01c.s:@40000000545b8a9215c7d804 21046 dispatching MAIL FROM:<r.visee@nijmegen.nl>
/var/log/qpsmtpd/@40000000545bd4242686f01c.s:@40000000545b8a9215ca2dac 21046 full from_parameter: FROM:<jan.jansen@nijmegen.nl>
/var/log/qpsmtpd/@40000000545bd4242686f01c.s:@40000000545b8a9215cd890c 21046 from email address : [<jan.jansen@nijmegen.nl>]
/var/log/qpsmtpd/@40000000545bd4242686f01c.s:@40000000545b8a9218b2f5bc 21046 getting mail from <jan.jansen@nijmegen.nl>
/var/log/qpsmtpd/@40000000545bd4242686f01c.s:@40000000545b8a9218b412e4 21046 250 <jan.jansen@nijmegen.nl>, sender OK - how exciting to get mail from you!
/var/log/qpsmtpd/@40000000545bd4242686f01c.s:@40000000545b8a9b247a3fcc 21046 logging::logterse plugin (queue): ` 195.245.231.138        mail1.bemta5.me
ssagelabs.com   mail1.bemta5.messagelabs.com    <jan.jansen@nijmegen.nl>   <youki@jvandenboom.com>    queued          <CC25E1094486F949A83FAEF5C3B783
F57F967B96F1@DILI.gn.karelstad.nl>      No, hits=-0.5 required=4.0_


/var/log/qpsmtpd/@4000000054608d5518e158bc.s:@400000005460889530dded04 27101 dispatching MAIL FROM:<jan.jansen@nijmegen.nl>
/var/log/qpsmtpd/@4000000054608d5518e158bc.s:@400000005460889530e088fc 27101 full from_parameter: FROM:<jan.jansen@nijmegen.nl>
/var/log/qpsmtpd/@4000000054608d5518e158bc.s:@400000005460889530e48484 27101 from email address : [<jan.jansen@nijmegen.nl>]
/var/log/qpsmtpd/@4000000054608d5518e158bc.s:@400000005460889538b2ea5c 27101 getting mail from <jan.jansen@nijmegen.nl>
/var/log/qpsmtpd/@4000000054608d5518e158bc.s:@400000005460889538b3d4bc 27101 250 <jan.jansen@nijmegen.nl>, sender OK - how exciting to get mail from you!
/var/log/qpsmtpd/@4000000054608d5518e158bc.s:@40000000546088a424eb7ffc 27101 logging::logterse plugin (deny): ` 195.245.230.175 mail1.bemta3.messagelab
s.com   mail1.bemta3.messagelabs.com    <jan.jansen@nijmegen.nl>   <youki@jvandenboom.com>    virus::clamav   902             msg denied before queue
d



/var/log/qpsmtpd/@40000000546101a51e3930b4.s:@400000005460ebcd0232c844 32544 dispatching MAIL FROM:<jan.jansen@nijmegen.nl>
/var/log/qpsmtpd/@40000000546101a51e3930b4.s:@400000005460ebcd02368934 32544 full from_parameter: FROM:<jan.jansen@nijmegen.nl>
/var/log/qpsmtpd/@40000000546101a51e3930b4.s:@400000005460ebcd023a0f8c 32544 from email address : [<jan.jansen@nijmegen.nl>]
/var/log/qpsmtpd/@40000000546101a51e3930b4.s:@400000005460ebcd0f5cf9cc 32544 getting mail from <jan.jansen@nijmegen.nl>
/var/log/qpsmtpd/@40000000546101a51e3930b4.s:@400000005460ebcd0f5defe4 32544 250 <jan.jansen@nijmegen.nl>, sender OK - how exciting to get mail from you!
/var/log/qpsmtpd/@40000000546101a51e3930b4.s:@400000005460ebda13f15ab4 32544 logging::logterse plugin (deny): ` 195.245.230.175 mail1.bemta3.messagelab
s.com   mail1.bemta3.messagelabs.com    <jan.jansen@nijmegen.nl>   <youki@jvandenboom.com>    virus::clamav   902             msg denied before queue
d



/var/log/qpsmtpd/@40000000545e2f5e0d34ca6c.s:@40000000545defb5252f0524 23055 dispatching MAIL FROM:<janjaap@inter.nl.net> SIZE=10263547 BODY=8BITMIME
/var/log/qpsmtpd/@40000000545e2f5e0d34ca6c.s:@40000000545defb52533ac8c 23055 full from_parameter: FROM:<janjaap@inter.nl.net> SIZE=10263547 BODY=8BITM
IME
/var/log/qpsmtpd/@40000000545e2f5e0d34ca6c.s:@40000000545defb52538118c 23055 from email address : [<janjaap@inter.nl.net>]
/var/log/qpsmtpd/@40000000545e2f5e0d34ca6c.s:@40000000545defb52620661c 23055 getting mail from <janjaap@inter.nl.net>
/var/log/qpsmtpd/@40000000545e2f5e0d34ca6c.s:@40000000545defb52621601c 23055 250 <janjaap@inter.nl.net>, sender OK - how exciting to get mail from you
!
/var/log/qpsmtpd/@40000000545e2f5e0d34ca6c.s:@40000000545defc1026a00fc 23055 logging::logterse plugin (deny): ` 217.149.192.107 vif1-retry101.mer-nm.in
ternl.net       retry101.mer-nm.internl.net     <janjaap@inter.nl.net> <youki@jvandenboom.com>    virus::clamav   902             msg denied befo
re queued
/var/log/qpsmtpd/@40000000545e2f5e0d34ca6c.s:@40000000545df00f27e5b4fc 23072 dispatching MAIL FROM:<janjaap@inter.nl.net> SIZE=10263547 BODY=8BITMIME
/var/log/qpsmtpd/@40000000545e2f5e0d34ca6c.s:@40000000545df00f27ea7ba4 23072 full from_parameter: FROM:<janjaap@inter.nl.net> SIZE=10263547 BODY=8BITM
IME
/var/log/qpsmtpd/@40000000545e2f5e0d34ca6c.s:@40000000545df00f27ef03cc 23072 from email address : [<janjaap@inter.nl.net>]
/var/log/qpsmtpd/@40000000545e2f5e0d34ca6c.s:@40000000545df00f28d9b1ec 23072 getting mail from <janjaap@inter.nl.net>
/var/log/qpsmtpd/@40000000545e2f5e0d34ca6c.s:@40000000545df00f28daa41c 23072 250 <janjaap@inter.nl.net>, sender OK - how exciting to get mail from you
!
/var/log/qpsmtpd/@40000000545e2f5e0d34ca6c.s:@40000000545df01a37516a44 23072 logging::logterse plugin (deny): ` 217.149.192.107 vif1-retry101.mer-nm.in
ternl.net       retry101.mer-nm.internl.net     <janjaap@inter.nl.net> <youki@jvandenboom.com>    virus::clamav   902             msg denied befo
re queued

[Stefano]

ok.. time to file a bug in bugzilla, asap, thank you

[hanscees]

and here is the culprit I think, watch the memory error.

so this is the bug mentioned in a post above on the forum?

hc

hmm, can I just shut down clamav until something is solved??



:


/var/log/qpsmtpd/@4000000054608d5518e158bc.s:@40000000546088a424de50fc 27101 virus::clamav plugin (data_post): clamscan results: /var/spool/qpsmtpd/141
5612564:27101:0: Can't allocate memory ERROR
/var/log/qpsmtpd/@4000000054608d5518e158bc.s:@40000000546088a424df914c 27101 virus::clamav plugin (data_post): ClamAV error: /usr/bin/clamdscan --stdou
t  --config-file=/etc/clamd.conf --no-summary /var/spool/qpsmtpd/1415612564:27101:0 2>&1: 2
/var/log/qpsmtpd/@4000000054608d5518e158bc.s:@40000000546088a424e36d94 27101 Plugin virus::clamav, hook data_post returned DENYSOFT,
/var/log/qpsmtpd/@4000000054608d5518e158bc.s:@40000000546088a424eb7ffc 27101 logging::logterse plugin (deny): ` 195.245.230.175 mail1.bemta3.messagelab
s.com   mail1.bemta3.messagelabs.com    <jansen@nijmegen.nl>   <jyouki@jvandenboom.com>    virus::clamav   902             msg denied before queue
d
/var/log/qpsmtpd/@4000000054608d5518e158bc.s:@40000000546088a424ef40ec 27101 452 Message denied temporarily

[hanscees]

this seems to be this bug:

http://bugs.contribs.org/show_bug.cgi?id=8483

apparantly the memory for clamav is too small:

[root@sme90x64 ~]# db configuration show clamd
clamd=service
    MemLimit=600000000
    status=enabled


or
egrep clamd /home/e-smith/db/configuration
clamd=service|MemLimit|600000000|status|enabled


I think I can manually solve by changing 600.000.000 to 700.000.000 (so 6 becomes 7)
and then
signal-event post-upgrade; signal-event reboot

Right?

[Stefano]

try it and report everything in bugzilla, thank you..

[hanscees]

this seems to be this bug:

http://bugs.contribs.org/show_bug.cgi?id=8483

apparantly the memory for clamav is too small:

[root@sme90x64 ~]# db configuration show clamd
clamd=service
    MemLimit=600000000
    status=enabled


or
egrep clamd /home/e-smith/db/configuration
clamd=service|MemLimit|600000000|status|enabled


I think I can manually solve by changing 600.000.000 to 700.000.000 (so 6 becomes 7)
and then
signal-event post-upgrade; signal-event reboot

Right?

this works for me.

a good way to check for the error is:
egrep -i "allocate" /var/log/qpsmtpd/*

which gives lines like this:

/var/log/qpsmtpd/@40000000546101a51e3930b4.s:@400000005460b84b2c7ac5ac 29480 virus::clamav plugin (data_post): clamscan results: /var/spool/qpsmtpd/1415624764:29480:0: Can't allocate memory ERROR
/var/log/qpsmtpd/@40000000546101a51e3930b4.s:@400000005460d75a24f84d54 31361 virus::clamav plugin (data_post): clamscan results: /var/spool/qpsmtpd/1415632717:31361:0: Can't allocate memory ERROR
/var/log/qpsmtpd/@40000000546101a51e3930b4.s:@400000005460d765178fe604 31363 virus::clamav plugin (data_post): clamscan results: /var/spool/qpsmtpd/1415632728:31363:0: Can't allocate memory ERROR
/var/log/qpsmtpd/@40000000546101a51e3930b4.s:@400000005460d7751474a7fc 31371 virus::clamav plugin (data_post): clamscan results: /var/spool/qpsmtpd/1415632744:31371:0: Can't allocate memory ERROR
/var/log/qpsmtpd/@40000000546101a51e3930b4.s:@400000005460db9c3af51de4 31574 virus::clamav plugin (data_post): clamscan results: /var/spool/qpsmtpd/1415633808:31574:0: Can't allocate memory ERROR

[Stefano]

ok.. now, what part of B U G Z I L L A don't you understand ?

seriously, please post your result there, thank you

[stephdl]

The bug http://bugs.contribs.org/show_bug.cgi?id=8483 is waiting a release, no much more we can do. Increase manually the memory limit or don't use windows and you will not need clamav :p

[CharlieBrady]

lately my sme9 is returning a lot of legitimate email coming in because it thinks it is spam.

Your logs show mail being deferred, via a 452 status. But you talk about email bounces in the Subject. Have you really seen bounces? If so, what do the bounce messages say?

[hanscees]

Your logs show mail being deferred, via a 452 status. But you talk about email bounces in the Subject. Have you really seen bounces? If so, what do the bounce messages say?

Hi Charlie,

referring to bounces was incorrect, there are no bounces. A beter way to describe it are deferrals, sorry.

As to the bugtracker, there is nothing to add to the bugtracker since I have found nothing new. It does not help developers in any way. Therefore I did not add anything to the bugtracker.

I do want to be of help to other users that might encounter the same problems. That is why I posted the analysis and solution to the forum, where users search if they have problems (at least that is what I do).

The solution to add memory helps. If I find problems with the solution I will add them to the bugtracker.

greetings
Hans-Cees

[CharlieBrady]

lately my sme9 is returning a lot of legitimate email coming in because it thinks it is spam.

So in fact nothing was being returned, and no decision was made that the legitimate email was spam. The only issue was there was a temporary problem with virus scanning, and the mail was (temporarily) deferred - which is what we want to happen.

Happily, the problem is resolved for you now - but we need to get that updated rpm released!!