Koozali.org: home of the SME Server

452 Message denied temporarily

Offline Mophilly

  • *
  • 384
  • +0/-0
    • Mophilly
452 Message denied temporarily
« on: March 03, 2017, 08:50:28 PM »
This server has been running well for years. All updates applied.

This morning the mail server began complaining when we attempt to send email. So far, the only indication I have is the log message "452 Message denied temporarily". I have read through some related posts here but I cannot find a reason for, or a resolution for, this sudden change in behavior.

No users can send mail and it appears incoming mail be blocked as well.

What should I be looking into?
- Mark

Offline devtay

  • *
  • 145
  • +0/-0
Re: 452 Message denied temporarily
« Reply #1 on: March 03, 2017, 08:57:15 PM »
Go to the email panel and turn off virus scanning for me. I'm having the same problem and I think clamav is causing the issue. I turned off scanning and can now email.
You can't stop what's coming. It ain't all waiting on you.

Offline devtay

  • *
  • 145
  • +0/-0
Re: 452 Message denied temporarily
« Reply #2 on: March 03, 2017, 09:02:08 PM »
Pertinent Data:

Everyone gets 452 Message denied temporarily across the organization.
Still processing emails through qpsmtpd and sqpsmtpd. Qmail is up and running.

Here's the failure lines from sqpsmtpd
2017-03-03 12:47:24.507110500 12086 virus::clamav plugin (data_post): Changing permissions on file to permit scanner access
2017-03-03 12:47:24.507137500 12086 virus::clamav plugin (data_post): clamscan results: ERROR: Could not lookup : Servname not supported for ai_socktype
2017-03-03 12:47:24.507138500 12086 virus::clamav plugin (data_post): ClamAV error: /usr/bin/clamdscan --stdout  --config-file=/etc/clamd.conf --no-summary /var/spool/qpsmtpd/1488566844:12086:0 2>&1: 2
2017-03-03 12:47:24.507139500

clamd/current
2017-03-03 12:03:53.589824500 Reading databases from /var/clamav
2017-03-03 12:04:19.662603500 LibClamAV Error: cli_pcre_compile: PCRE compilation failed at offset 52: unrecognized character after (?<
2017-03-03 12:04:19.662633500 LibClamAV Error: cli_pcre_build: failed to build pcre regex
2017-03-03 12:04:19.662634500 ERROR: Database initialization error: can't compile engine: Malformed database
2017-03-03 12:04:20.909517500 Terminating because of a fatal error.

I did the following to no avail.
#/usr/bin/refreshclam

As long as virus filtering is disabled in the email panel I can send and receive email. As soon as I turn it on no email.
You can't stop what's coming. It ain't all waiting on you.

Offline Mophilly

  • *
  • 384
  • +0/-0
    • Mophilly
Re: 452 Message denied temporarily
« Reply #3 on: March 03, 2017, 09:17:54 PM »
Disabling virus scanning did allow email sending and receiving to resume.

Top reports that clamd is still taking 99% of cpu. It was doing that before I disabled virus scanning.

I see the same error messages in the qstmpd log as you, devtay, posted.

This should be reported as a bug, I think, unless it is simply a failure of clam to update its database properly.
« Last Edit: March 03, 2017, 09:25:27 PM by Mophilly »
- Mark

Offline devtay

  • *
  • 145
  • +0/-0
Re: 452 Message denied temporarily
« Reply #4 on: March 03, 2017, 09:28:09 PM »
Same problem with clamav here. Did your issue start the same time as mine? I wonder if it was a bad update from clamav that killed things. I don't see any other way both of our systems could be seeing the same thing at the same time.

Here was the time stamp sorry: 2017-03-03 12:04:19
You can't stop what's coming. It ain't all waiting on you.

Offline devtay

  • *
  • 145
  • +0/-0
Re: 452 Message denied temporarily
« Reply #5 on: March 03, 2017, 09:42:46 PM »
https://bugs.contribs.org/show_bug.cgi?id=10132

Just in case I opened the above bug. I do think it's an update or something crazy like that. I'm not the expert on clamav, but /usr/bin/refreshclam deletes the databases and downloads them again.
You can't stop what's coming. It ain't all waiting on you.

Offline Mophilly

  • *
  • 384
  • +0/-0
    • Mophilly
Re: 452 Message denied temporarily
« Reply #6 on: March 03, 2017, 09:57:07 PM »
I became aware of the problem about 9:10 AM Pacific time today.
- Mark

Offline Stefano

  • *
  • 10,836
  • +2/-0
Re: 452 Message denied temporarily
« Reply #7 on: March 03, 2017, 10:38:27 PM »
Please, @all: start planning your upgrade to SME9, seriously

Offline devtay

  • *
  • 145
  • +0/-0
Re: 452 Message denied temporarily
« Reply #8 on: March 03, 2017, 10:41:04 PM »
Roger that. Coincidentally I'm in the process of configuring my server this week. I actually am working through the contribs I need right now. It will be next week before I'm done though.

I will admit, I totally spaced it until I saw the note on the forum about v8.2 going away as of the 30th. Totally my fault and in the process of rectifying it when this popped up. Sorry.
You can't stop what's coming. It ain't all waiting on you.

Offline globalsi

  • ****
  • 167
  • +0/-0
Re: 452 Message denied temporarily
« Reply #9 on: March 03, 2017, 10:47:29 PM »
Hi, same problem here today (sme 8.2)

in /var/log/clamd/current :
Quote
@4000000058b9e4f2238711e4 LibClamAV Error: cli_pcre_compile: PCRE compilation failed at offset 52: unrecognized character after (?<
@4000000058b9e4f2238719b4 LibClamAV Error: cli_pcre_build: failed to build pcre regex
@4000000058b9e4f2238719b4 ERROR: Database initialization error: Malformed database
@4000000058b9e4f223878afc Closing the main socket.

If i disable virus scanning, no problem.
« Last Edit: March 03, 2017, 10:52:10 PM by globalsi »

Offline Mophilly

  • *
  • 384
  • +0/-0
    • Mophilly
Re: 452 Message denied temporarily
« Reply #10 on: March 03, 2017, 11:24:33 PM »
Please, @all: start planning your upgrade to SME9, seriously

We are seriously planning the move. Our sense of urgency is appropriately high.

BTW, I can use some help planning/exectuing the move of users and groups only from the SME 8 server to a new SME 9 server. The old SME 8 server has so many hacks (yes, it is my fault) that moving only users, groups and email files seem the best way to clear away ancient cruft.
- Mark

Offline janet

  • ****
  • 4,812
  • +0/-0
Re: 452 Message denied temporarily
« Reply #11 on: March 04, 2017, 12:18:56 AM »
Mophilly

Koozali sme server upgrade notes are here:
https://wiki.koozali.org/SME_Server:9.0

Also see the Backup server config Howto article for various tips on transferring limited data sets, here:
https://wiki.contribs.org/Backup_server_config

Users & groups are spread across various db config files so it is not easily possible to transfer ONLY users & groups, as lots of other db config settings you may not want will also be transferred.

My best suggestion to you is to make notes of important changes you have made to sme8. Remove those hacks & custom templates. Also consider to uninstall contribs. If you have useful contribs installed that have large data sets you want to retain, then leave those installed so the data is included in the backup.

Perform a supported full backup or alternative & use that to restore to your newly installed sme9 operating system.
Then reinstall required contribs & reconfigure custom templates to suit sme 9 requirements.
Also (if not done automatically) remove all sme8 non standard repositories & reconfigure them to suit sme9.
« Last Edit: March 04, 2017, 02:43:47 AM by janet »
Please search before asking, an answer may already exist.
The Search & other links to useful information are at top of Forum.

Offline LarsHaagh

  • 3
  • +0/-0
Re: 452 Message denied temporarily
« Reply #12 on: March 04, 2017, 12:55:02 PM »
Just to join the group...  I ran into this issue at ~5:30pm GMT last night.  Disabling virus scan has solved it temporarily.  Except from upgrading to SME9 can we expect a resolution to work for SME8 ?

Thanks for your support !

Lars

Offline Stefano

  • *
  • 10,836
  • +2/-0
Re: 452 Message denied temporarily
« Reply #13 on: March 04, 2017, 01:17:13 PM »
Just to join the group...  I ran into this issue at ~5:30pm GMT last night.  Disabling virus scan has solved it temporarily.  Except from upgrading to SME9 can we expect a resolution to work for SME8 ?

Thanks for your support !

Lars

Hi Lars, welcome here

I don't think so.. SME8 will be in EOL state in few weeks
anyway, try to do so:
Code: [Select]
service clamd stop
cd /var/clamav
rm *.c*d
freshclam
service clamd start

NOT TESTED

Offline devtay

  • *
  • 145
  • +0/-0
Re: 452 Message denied temporarily
« Reply #14 on: March 04, 2017, 03:14:23 PM »
The problem cleared up last night around 10 PM CST. I've re-enabled email scanning and things are working fine. The clamav errors in the logs have stopped. I'm guessing it was a problem with an update. I'm going to concentrate on getting my 9.2 server finished. Lesson learned.
You can't stop what's coming. It ain't all waiting on you.

Offline mmccarn

  • *
  • 2,626
  • +10/-0
Re: 452 Message denied temporarily
« Reply #15 on: March 04, 2017, 05:12:02 PM »
BTW, I can use some help planning/exectuing the move of users and groups only from the SME 8 server to a new SME 9 server.

I added some notes to the 'lazy admin tools' (lat) page describing how I did my recent upgrade from SME8 to SME9:
https://wiki.contribs.org/Lazy_Admin_Tools#Server_Migration

I don't use groups on the server I upgraded, but lat backs those up, and could restore them.

Offline janet

  • ****
  • 4,812
  • +0/-0
Re: 452 Message denied temporarily
« Reply #16 on: March 04, 2017, 07:35:43 PM »
mmccarn

Does using lat, transfer the machine accounts ?
Please search before asking, an answer may already exist.
The Search & other links to useful information are at top of Forum.

Offline Mophilly

  • *
  • 384
  • +0/-0
    • Mophilly
Re: 452 Message denied temporarily
« Reply #17 on: March 04, 2017, 09:50:31 PM »
Same experience here. I enabled the scanning again today and it appears to be operating normally.
- Mark

Offline devtay

  • *
  • 145
  • +0/-0
Re: 452 Message denied temporarily
« Reply #18 on: March 05, 2017, 12:19:30 AM »
I'm just about to the user and group portion of my migration so this really helps. Thanks so much.

I added some notes to the 'lazy admin tools' (lat) page describing how I did my recent upgrade from SME8 to SME9:
https://wiki.contribs.org/Lazy_Admin_Tools#Server_Migration

I don't use groups on the server I upgraded, but lat backs those up, and could restore them.
You can't stop what's coming. It ain't all waiting on you.

Offline Mophilly

  • *
  • 384
  • +0/-0
    • Mophilly
Re: 452 Message denied temporarily
« Reply #19 on: March 05, 2017, 12:29:06 AM »
Thanks to Janet and mmccarn for the migration tips.  :-)

BTW, mmccarn wrote, "Perhaps your SME server was first installed in 2005 or earlier, and has suffered at your hands over the years as you tested add-ons, contribs, and procedures. " LOL... that is me precisely. I have played with, hacked on, thoroughly wrecked and (with a lot of help from the nice people here) repaired my SME installs since 2004!
« Last Edit: March 05, 2017, 12:39:17 AM by Mophilly »
- Mark

Offline janet

  • ****
  • 4,812
  • +0/-0
Re: 452 Message denied temporarily
« Reply #20 on: March 05, 2017, 01:08:38 AM »
Mophilly

Quote
that is me precisely. I have played with, hacked on, thoroughly wrecked and (with a lot of help from the nice people here) repaired my SME installs since 2004!
Remember with upgrade to sme9 you are installing a totally clean version of sme9 OS onto clean blank hard disk(s), & all the binaries & file & folder structures are new & as per a default install of standard sme9.

So a lot of what you may have added to sme8 is "not there from the start", eg tweaks, contribs & so on.
Then you restore from your sme 8 backup, which in the main involves data (& config) in the /etc folder & subfolders, which also includes custom templates.
If you have followed recommended sme good practice & only made changes & tweaks via custom templates or user custom templates, then you simply remove all those custom templates either on the sme8 before you do a backup or on the sme9 after restoring the backup (ie delete the whole custom template tree(s).

Then you reinstall any required contribs, making sure they are compatible versions for sme9. If there is a contrib or a few you had on sme8 that you do not want on sme 9, then simply do not reinstall them.
You might want to delete data associated with a contrib if you choose to not reinstall it onto sme9.

It is also a good idea to uninstall contribs from sme8 (that you know you do not want on sme 9) before running the full backup as that will usually remove the data & so it will not be in the backup.


« Last Edit: March 05, 2017, 01:11:19 AM by janet »
Please search before asking, an answer may already exist.
The Search & other links to useful information are at top of Forum.

Offline LarsHaagh

  • 3
  • +0/-0
Re: 452 Message denied temporarily
« Reply #21 on: March 05, 2017, 11:19:26 AM »
Unfortunately, mine is still suffering from this issue...

Offline Stefano

  • *
  • 10,836
  • +2/-0
Re: 452 Message denied temporarily
« Reply #22 on: March 05, 2017, 11:50:52 AM »
did you try what I suggested you above?

Offline LarsHaagh

  • 3
  • +0/-0
Re: 452 Message denied temporarily
« Reply #23 on: March 05, 2017, 12:10:07 PM »
did you try what I suggested you above?

Yes, unfortunately it didn't solve the issue :(

Offline Stefano

  • *
  • 10,836
  • +2/-0
Re: 452 Message denied temporarily
« Reply #24 on: March 05, 2017, 01:05:35 PM »
 still the same error after downloading the signatures' db?
ok, maybe you did it from an unsynched mirror.

stop clamd, clear all the content of that dir and start again..

Online TerryF

  • grumpy old man
  • *
  • 1,821
  • +6/-0
Re: 452 Message denied temporarily
« Reply #25 on: March 05, 2017, 01:29:47 PM »
Yes, unfortunately it didn't solve the issue :(

See Bug 10132 https://bugs.contribs.org/show_bug.cgi?id=10132 for link to Clam Bugzilla report of this issue and Red Hat discussion re EL5

Both describe a solution.
--
qui scribit bis legit

Offline mmccarn

  • *
  • 2,626
  • +10/-0
Re: 452 Message denied temporarily
« Reply #26 on: March 05, 2017, 01:31:30 PM »
I'm just about to the user and group portion of my migration so this really helps. Thanks so much.

You're welcome.

Does using lat, transfer the machine accounts ?

I've started a new forum topic to address questions about migration in hopes of keeping this topic focused on the 452 errors...
Migration: selective migration using Lazy Admin Tools


Online TerryF

  • grumpy old man
  • *
  • 1,821
  • +6/-0
Re: 452 Message denied temporarily
« Reply #27 on: March 05, 2017, 01:33:56 PM »
--
qui scribit bis legit

Offline janet

  • ****
  • 4,812
  • +0/-0
Re: 452 Message denied temporarily
« Reply #28 on: March 05, 2017, 03:49:17 PM »
TerryF & all

Quote
For those still using SME8 note the last entry in http://serverfault.com/questions/836197/clamd-wont-start-after-update

I think that path should be
/var/clamav/daily-23161.ign2

without the sudo

sh -c "cat << EOF >> /var/clamav/daily-23161.ign2
Doc.Macro.GenericHeuristic-5901772-0
Doc.Macro.GenericHeuristic-5931846-1
EOF
service clamd restart"

Please search before asking, an answer may already exist.
The Search & other links to useful information are at top of Forum.

Online TerryF

  • grumpy old man
  • *
  • 1,821
  • +6/-0
Re: 452 Message denied temporarily
« Reply #29 on: March 05, 2017, 09:13:06 PM »
The clam Bugzilla discussion https://bugzilla.clamav.net/show_bug.cgi?id=11800 is the more illuminating for those still using sme8 and as noted there the name of the *.ign2 can be different.

--
qui scribit bis legit

Offline globalsi

  • ****
  • 167
  • +0/-0
Re: 452 Message denied temporarily
« Reply #30 on: March 06, 2017, 11:44:26 AM »
problem cleared for me too...  :-P

Offline Mophilly

  • *
  • 384
  • +0/-0
    • Mophilly
Re: 452 Message denied temporarily
« Reply #31 on: March 06, 2017, 11:00:47 PM »
Mophilly
[snip]
If you have followed recommended sme good practice & only made changes & tweaks via custom templates or user custom templates, then you simply remove all those custom templates either on the sme8 before you do a backup or on the sme9 after restoring the backup (ie delete the whole custom template tree(s).

Yes, I have used the template system to add modules to SME. So, mostly, it is a controlled crash. There are a few details missing from the earliest mod's due to a rather unfriendly upgrade of my "notes" machine many years ago. Since then I have tried to be smarter about storing vital info. The upshot is, though, I need to remove modules, as you suggest, until I get it as close to stock as I can.

Thank you for the advice. I have added your post to our planning document.
- Mark

Offline janet

  • ****
  • 4,812
  • +0/-0
Re: 452 Message denied temporarily
« Reply #32 on: March 06, 2017, 11:54:11 PM »
Mophilly

There are a number of special commands that can be used to interrogate your sme server to show for example
Additional rpms installed above & beyond the base rpms - newrpms
Also a command to show you all the templates thst have been added or changed -

do this at command line prompt

/sbin/e-smith/audittools/newrpms

To see all the available commands

cd /sbin/e-smith/audittools/

ls -al

You will see for eg
/sbin/e-smith/audittools/newrpms
/sbin/e-smith/audittools/templates
& so on

Also take a look at this post & thread, many things have been answered before.

 https://forums.contribs.org/index.php/topic,52264.msg267940.html#msg267940

« Last Edit: March 07, 2017, 12:14:22 AM by janet »
Please search before asking, an answer may already exist.
The Search & other links to useful information are at top of Forum.