PDA

View Full Version : Postfix+Amavis+Apamassassin+Clamav mail gateway issue.



SkrpTKiddyKilla
18th April 2006, 06:29 PM
My mail gateway has been stable for nearly a year, I have not changed the confioguration on it beyond adding weights to spamassassin, and training the filters, in fact in the year it hasn't crashed once, I did not update the OS until I started having problems with the mail system on it crashing 4 times a day, I was running build 770 until recently... about 4-5 weeks ago, it started crashing 3-4 times a day, to my knowledge, I had not changed any configurations at around this time... Please advise.

Linux 2.6.12-1.1381_FC3 i686 athlon i386 GNU/Linux
amavisd-new-2.2.0-3.1.fc3.rf
spamassassin-3.0.4-2.fc3
clamav-0.88-1
postfix-2.1.5-5

here is my master.cf
# __________________________________________________ __________________
#smtp inet n - n - - smtpd
#This is the before-filter smtpd...it passes content to amavisd on port 10024
smtp inet n - n - 2 smtpd
-o smtpd_proxy_filter=127.0.0.1:10024
-o smtpd_client_connection_count_limit=8

#This is the after-filter smtpd, it receives mail from amavisd to port 10025
127.0.0.1:10025 inet n - n - - smtpd
-o smtpd_authorized_xforward_hosts=127.0.0.0/8
-o smtpd_client_restrictions=
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,rej ect
-o smtpd_data_restrictions=
-o receive_override_options=no_unknown_recipient_chec ks
#
#smtps inet n - n - - smtpd
# -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes
#submission inet n - n - - smtpd
# -o smtpd_enforce_tls=yes -o smtpd_sasl_auth_enable=yes -o smtpd_etrn_restrictions=reject
#628 inet n - n - - qmqpd
pickup fifo n - n 60 1 pickup
cleanup unix n - n - 0 cleanup
qmgr fifo n - n 300 1 qmgr
smtp-amavis unix - - - - 2 smtp
#qmgr fifo n - n 300 1 oqmgr
#tlsmgr fifo - - n 300 1 tlsmgr
rewrite unix - - n - - trivial-rewrite
bounce unix - - n - 0 bounce
defer unix - - n - 0 bounce
trace unix - - n - 0 bounce
verify unix - - n - 1 verify
flush unix n - n 1000? 0 flush
proxymap unix - - n - - proxymap
smtp unix - - n - - smtp
relay unix - - n - - smtp
# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq unix n - n - - showq
error unix - - n - - error
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - n - - lmtp
anvil unix - - n - 1 anvil
#
#_________________________________________________ _____________________

my main.cf
#_________________________________________________ _____________________
queue_directory = /var/spool/postfix
command_directory = /usr/sbin
daemon_directory = /usr/libexec/postfix
myhostname = egateway.mydom.tld
mydomain = mydom.tld
myorigin = $mydomain
local_transport = local
mydestination = $myhostname, localhost.$mydomain,
local_recipient_maps =
mynetworks = 127.0.0.0/8
notify_classes = protocol, resource, software
relay_domains = $mydestination, /etc/postfix/relay_domains
relayhost = mymailserver.mydom.tld:25
biff = no
empty_address_recipent = MAILER-DAEMON
queue_minfree = 240000000
message_size_limit = 50000000
mailbox_size_limit= 240000000
debugger_command =
PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
xxgdb $daemon_directory/$process_name $process_id & sleep
sendmail_path = /usr/sbin/sendmail.postfix
newaliases_path = /usr/bin/newaliases.postfix
mailq_path = /usr/bin/mailq.postfix
setgid_group = postdrop
html_directory = no
manpage_directory = /usr/share/man
sample_directory = /usr/share/doc/postfix-2.1.5/samples
readme_directory = /usr/share/doc/postfix-2.1.5/README_FILES
smtpd_banner = Welcome to SomeCompany Mail
smtpd_helo_required = yes
transport_maps = hash:/etc/postfix/transport
maps_rbl_reject_code = 553
maps_rbl_domains = relays.ordb.org, list.dsbl.org,
relay_domains_reject_code = 556
reject_code = 551
smtpd_client_restrictions = reject_maps_rbl
#_________________________________________________ _______________________

Amavisd conf

#_________________________________________________ _______________________

use strict;
$max_servers = 8; # number of pre-forked children (2..15 is common)
$max_requests = 5;
$daemon_user = "amavis"; # (no default; customary: vscan or amavis)
$daemon_group = "amavis"; # (no default; customary: vscan or amavis)
read_hash(\%local_domains, '/etc/postfix/relay_domains');
$mydomain = 'mydom.tld'; # a convenient default for other settings

$MYHOME = "/var/amavis";
$TEMPBASE = "$MYHOME/tmp"; # working directory, needs to be created manually
$ENV{TMPDIR} = $TEMPBASE; # environment variable TMPDIR
$QUARANTINEDIR = "/var/virusmails";

db_home = "$MYHOME/db";
$helpers_home = "$MYHOME"; # prefer $MYHOME clean and owned by root?
$pid_file = "$MYHOME/amavisd.pid";
$lock_file = "$MYHOME/amavisd.lock";
$db_home = "$MYHOME/db";
$helpers_home = "$MYHOME"; # prefer $MYHOME clean and owned by root?
$pid_file = "$MYHOME/amavisd.pid";
$lock_file = "$MYHOME/amavisd.lock";

@local_domains_acl = qw( . );
@mynetworks = qw( 127.0.0.0/8 ::1 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 );

$log_level = 3; # verbosity 0..5
$log_recip_templ = undef; # disable by-recipient level-0 log entries
$DO_SYSLOG = 1; # log via syslogd (preferred)
$SYSLOG_LEVEL = 'mail.debug';
$LOGFILE = "/var/log/amavis.log";

$enable_db = 1; # enable use of BerkeleyDB/libdb (SNMP and nanny)
$enable_global_cache = 1; # enable use of libdb-based cache if $enable_db=1
$child_timeout=12*60;
$inet_socket_port = 10024; # listen on this local TCP port(s) (see $protocol)
$inet_socket_bind = '127.0.0.1';

$sa_tag_level_deflt = -999.0; # add spam info headers if at, or above that level
$sa_tag2_level_deflt = 3.9; # add 'spam detected' headers at that level
$sa_kill_level_deflt = 8.0; # triggers spam evasive actions
$sa_dsn_cutoff_level = 8.0; # spam level beyond which a DSN is not sent

$sa_mail_body_size_limit = 200*1024; # don't waste time on SA if mail is larger
$sa_local_tests_only = 0; # only tests which do not require internet access?
$sa_auto_whitelist = 1; # turn on AWL in SA 2.63 or older (irrelevant
# for SA 3.0, cf option is 'use_auto_whitelist'4$)
$sa_debug = 1;

$virus_admin = "myname\@mydom.tld"; # notifications recip.

$mailfrom_notify_admin = "myname\@mydom.tld"; # notifications sender
$mailfrom_notify_recip = "myname\@mydom.tld"; # notifications sender
$mailfrom_notify_spamadmin = "myname\@mydom.tld"; # notifications sender
$mailfrom_to_quarantine = ''; # null return path; uses original sender if undef

@addr_extension_virus_maps = ('virus');
@addr_extension_spam_maps = ('spam');
@addr_extension_banned_maps = ('banned');
@addr_extension_bad_header_maps = ('badh');

$path = '/usr/local/sbin:/usr/local/bin:/usr/sbin:/sbin:/usr/bin:/bin';
$file = 'file'; # file(1) utility; use recent versions
$gzip = 'gzip';
$bzip2 = 'bzip2';
$lzop = 'lzop';
$rpm2cpio = ['rpm2cpio.pl','rpm2cpio'];
$cabextract = 'cabextract';
$uncompress = ['uncompress', 'gzip -d', 'zcat'];
$unfreeze = ['unfreeze', 'freeze -d', 'melt', 'fcat'];
$arc = ['nomarch', 'arc'];
$unarj = ['arj', 'unarj'];
$unrar = ['rar', 'unrar'];
$zoo = 'zoo';
$lha = 'lha';
$cpio = ['gcpio','cpio'];
$ar = 'ar';
$dspam = 'dspam';

$MAXLEVELS = 14;
$MAXFILES = 1500;
$MIN_EXPANSION_QUOTA = 100*1024; # bytes (default undef, not enforced)
$MAX_EXPANSION_QUOTA = 300*1024*1024; # bytes (default undef, not enforced)

$sa_spam_subject_tag = '*** SPAM ** ';
$defang_virus = 1; # MIME-wrap passed infected mail
$defang_banned = 1; # MIME-wrap passed mail containing banned name


# OTHER MORE COMMON SETTINGS (defaults may suffice):

$myhostname = 'mailgw.mydom.tld; # must be a fully-qualified domain name!

$notify_method = 'smtp:[127.0.0.1]:10025';
$forward_method = 'smtp:[127.0.0.1]:10025'; # set to undef with milter!

$final_virus_destiny = D_DISCARD;
$final_banned_destiny = D_DISCARD;
$final_spam_destiny = D_DISCARD;
$final_bad_header_destiny = D_PASS;

read_hash(\%whitelist_sender, '/var/amavis/whitelist');
read_hash(\%blacklist_sender, '/var/amavis/blacklist');
read_hash(\%spam_lovers, '/var/amavis/spam_lovers');
.
.
.
<continued>
#_________________________________________________ ______________________

SkrpTKiddyKilla
18th April 2006, 06:41 PM
It also appears that there is a memory leak on the system somewhere and when in gets down to about 50 meg the smtp monitor I have on it reports the server as down. Now I could be cheeky and issue a shutdown -rfn now every couple hours but that is obviously not a good solution....

Thanks

The SkrpTKiddyKilla,

Qoute: Wouldn't it be nice if there was serial killer out there that went after all those people that attempt to hack your servers, spread spam and viruses?