Topic: Server bouncing emails and unable to send from Horde- can send/receive locally.

[ber]

Hi a desperate post regarding My SME 7.4 server- been running well now rejecting emails and unable to send.
I host 6 domains and all are not receiving emails- all are being bounced back. Checked all the settings through the browser- all seem to be set as per usual.
can access the server externally and internally- ports are open and directed via the router. Can access HORDE but cant send out emails.
sme7admin says that all email services are running, pop3,imap,qmail,qpsmtpd,sqpsmtpd, squid etc..
Have rebooted the server and router several times.

last email received appx 7:30am this morning
Went through the logs- cant make too much sense from it.
heres a copy.

Apr 16 04:00:11 server su(pam_unix)[4226]: session closed for user qmailr
Apr 16 04:11:53 server proftpd[2371]: server.ber.local (60.18.168.108[60.18.168.108]) - FTP session opened.
Apr 16 04:11:57 server proftpd[2371]: server.ber.local (60.18.168.108[60.18.168.108]) - FTP session closed.
Apr 16 04:15:01 server su(pam_unix)[2551]: session opened for user qmailr by (uid=0)
Apr 16 04:15:10 server su(pam_unix)[2551]: session closed for user qmailr
Apr 16 04:30:01 server su(pam_unix)[3423]: session opened for user qmailr by (uid=0)
Apr 16 04:30:10 server su(pam_unix)[3423]: session closed for user qmailr
Apr 16 04:45:02 server su(pam_unix)[4299]: session opened for user qmailr by (uid=0)
Apr 16 04:45:11 server su(pam_unix)[4299]: session closed for user qmailr
Apr 16 05:00:01 server su(pam_unix)[5164]: session opened for user qmailr by (uid=0)
Apr 16 05:00:10 server su(pam_unix)[5164]: session closed for user qmailr
Apr 16 05:15:01 server su(pam_unix)[6020]: session opened for user qmailr by (uid=0)
Apr 16 05:15:10 server su(pam_unix)[6020]: session closed for user qmailr
Apr 16 05:30:01 server su(pam_unix)[6875]: session opened for user qmailr by (uid=0)
Apr 16 05:30:11 server su(pam_unix)[6875]: session closed for user qmailr
Apr 16 05:45:01 server su(pam_unix)[7876]: session opened for user qmailr by (uid=0)
Apr 16 05:45:10 server su(pam_unix)[7876]: session closed for user qmailr
Apr 16 06:00:02 server su(pam_unix)[8784]: session opened for user qmailr by (uid=0)
Apr 16 06:00:11 server su(pam_unix)[8784]: session closed for user qmailr
Apr 16 06:15:01 server su(pam_unix)[9827]: session opened for user qmailr by (uid=0)
Apr 16 06:15:10 server su(pam_unix)[9827]: session closed for user qmailr
Apr 16 06:30:01 server su(pam_unix)[10722]: session opened for user qmailr by (uid=0)
Apr 16 06:30:19 server su(pam_unix)[10722]: session closed for user qmailr
Apr 16 06:45:02 server su(pam_unix)[11585]: session opened for user qmailr by (uid=0)
Apr 16 06:45:13 server su(pam_unix)[11585]: session closed for user qmailr
Apr 16 07:00:02 server su(pam_unix)[12414]: session opened for user qmailr by (uid=0)
Apr 16 07:00:11 server su(pam_unix)[12414]: session closed for user qmailr
Apr 16 07:15:01 server su(pam_unix)[13386]: session opened for user qmailr by (uid=0)
Apr 16 07:15:10 server su(pam_unix)[13386]: session closed for user qmailr
Apr 16 07:30:01 server su(pam_unix)[14225]: session opened for user qmailr by (uid=0)
Apr 16 07:30:11 server su(pam_unix)[14225]: session closed for user qmailr
Apr 16 07:45:02 server su(pam_unix)[15155]: session opened for user qmailr by (uid=0)
Apr 16 07:45:13 server su(pam_unix)[15155]: session closed for user qmailr
Apr 16 08:00:02 server su(pam_unix)[17409]: session opened for user qmailr by (uid=0)
Apr 16 08:00:11 server su(pam_unix)[17409]: session closed for user qmailr
Apr 16 08:15:01 server su(pam_unix)[20005]: session opened for user qmailr by (uid=0)
Apr 16 08:15:12 server su(pam_unix)[20005]: session closed for user qmailr
Apr 16 08:30:01 server su(pam_unix)[22573]: session opened for user qmailr by (uid=0)
Apr 16 08:30:12 server su(pam_unix)[22573]: session closed for user qmailr
Apr 16 08:45:01 server su(pam_unix)[25113]: session opened for user qmailr by (uid=0)
Apr 16 08:45:11 server su(pam_unix)[25113]: session closed for user qmailr
Apr 16 09:00:01 server su(pam_unix)[27709]: session opened for user qmailr by (uid=0)
Apr 16 09:00:11 server su(pam_unix)[27709]: session closed for user qmailr
Apr 16 09:15:01 server su(pam_unix)[30389]: session opened for user qmailr by (uid=0)
Apr 16 09:15:11 server su(pam_unix)[30389]: session closed for user qmailr
Apr 16 09:15:17 server squid[4659]: sslReadServer: FD 30: read failure: (104) Connection reset by peer
Apr 16 09:15:17 server squid[4659]: sslReadServer: FD 42: read failure: (104) Connection reset by peer
Apr 16 09:15:17 server squid[4659]: sslReadServer: FD 32: read failure: (104) Connection reset by peer
Apr 16 09:15:17 server squid[4659]: sslReadServer: FD 40: read failure: (104) Connection reset by peer
Apr 16 09:15:17 server squid[4659]: sslReadServer: FD 43: read failure: (104) Connection reset by peer
Apr 16 09:15:18 server squid[4659]: sslReadServer: FD 29: read failure: (104) Connection reset by peer
Apr 16 09:15:18 server squid[4659]: sslReadServer: FD 16: read failure: (104) Connection reset by peer
Apr 16 09:15:18 server squid[4659]: sslReadServer: FD 33: read failure: (104) Connection reset by peer

I can see a FTP access to the servert- from someone in China's?!?!? has he done anything?

any more info needed happy to forward on.

Thank You.

[agodin]

We have at least 4 servers at 7.4 all doing same thing - looking into it now

[crazybob]

Have you applied the latest updates? I ran into a similar situation this afternoon. Server was 7.4 It had been a while since I  had updated the server, and the updates fixed it.

[agodin]

Have made sure on of these ones is fully updated at least

Issue appears to be either ClamAV or AntiSpam as turning these options off resolved it on the main one we are looking at... checking others now, but looking into that as cause

[ber]

Here is more info from a email report contrib thats loaded on the server- hope thsi helps.

Mail Log File Analysis
Report generated: Fri 16 Apr 2010 14:42:48 NZST

Basic statistics

qtime is the time spent by a message in the queue.

ddelay is the latency for a successful delivery to one recipient---the
end of successful delivery, minus the time when the message was queued.

xdelay is the latency for a delivery attempt---the time when the attempt
finished, minus the time when it started. The average concurrency is the
total xdelay for all deliveries divided by the time span; this is a good
measure of how busy the mailer is.

Completed messages: 42204
Recipients for completed messages: 44831
Total delivery attempts for completed messages: 44831
Average delivery attempts per completed message: 1.06225
Bytes in completed messages: 1814360224
Bytes weighted by success: 1913692364
Average message qtime (s): 0.109091

Total delivery attempts: 44843
  success: 44824
  failure: 8
  deferral: 11
Total ddelay (s): 4890.192803
Average ddelay per success (s): 0.109098
Total xdelay (s): 5176.758301
Average xdelay per delivery attempt (s): 0.115442
Time span (days): 54.1986
Average concurrency: 0.00110549

[crazybob]

Chick this, not an answer, but similar problem   http://forums.contribs.org/index.php/topic,45830.0.html

[agodin]

Turning Virus Scanning off for emails has resolved this for us, not a solution but a temporary fix at least

[ber]

Hi System is up to date...

clamd is stopped??? cant start it???

anyone advise how to disable ClamAV or is this the daemon?

[agodin]

Easy way to disable is to use the web admin (https://ipaddress/server-manager then go to E-mail then Change e-mail filtering settings, turn the Virus Scanning to disabled until we can find proper solution

[agodin]

Even though our systems are updated regularly, there is a clamav update there for installation

Did this manually

yum update clamav

signal-event post-upgrade; signal-event reboot

After reboot reactivated Virus Scanning on E-mail settings and all good now, will monitor and rollout to our other installs...

Hope this helps others
Cheers

Anthony Godin

[ber]

Hi Gordon, i disabled the virus scan and a email popped through- IO have noticed that i'm not getting the clamav updates in my logs up until about 1-2 months ago??
Ive run the yum script and had an error:


[root@server ~]# yum update clamav
==============================================================
WARNING: Additional commands may be required after running yum
==============================================================
Loading "smeserver" plugin
Loading "installonlyn" plugin
Loading "fastestmirror" plugin
Loading "protect-packages" plugin
Existing lock /var/run/yum.pid: another copy is running. Aborting.
================================================================
No new rpms were installed. No additional commands are required.

I'm gonna reboot after doing a reconfigure and then take the settings back to normal and see how it goes- thanks for the help- much appreciated- was sweating for a while there.

Regards John Henry NZL.

[agodin]

It's OK to delete the yum.pid when you get this message 'Existing lock /var/run/yum.pid: another copy is running. Aborting.' if you have rebooted, as you know there cannot be a yum process running still

Sometimes the update gets caught if you loose connection or other network issues (or reboot etc) but the lock file can get left behind.

We have done the update on 6 servers all showing same fault and now all operational again - will continue testing and checking and see...

Regards
Anthony Godin

[ber]

Hi Anthony, sorry I'm a newbie at this, especially command line etc...
I dont understand the reply, I'm new to linux, Ive been getting by, by just doing everything from the browser- times like these i have to get under the hood- it just scares me.

[ber]

Ive checked my ClamAV logs and its outdated- can you advise how i can update the program:

2010-04-16 16:33:24.395011500 LibClamAV Warning: ***********************************************************
2010-04-16 16:33:24.395117500 LibClamAV Warning: ***  This version of the ClamAV engine is outdated.     ***
2010-04-16 16:33:24.395174500 LibClamAV Warning: *** DON'T PANIC! Read http://www.clamav.net/support/faq ***
2010-04-16 16:33:24.395226500 LibClamAV Warning: ***********************************************************
2010-04-16 16:33:24.541658500 LibClamAV Error: cli_hex2str(): Malformed hexstring: This ClamAV version has reached End of Life! Please upgrade to version 0.95 or later. For more information see  www.clamav.net/eol-clamav-094 and www.clamav.net/download (length: 169)
2010-04-16 16:33:24.541764500 LibClamAV Error: Problem parsing database at line 742
2010-04-16 16:33:24.549212500 LibClamAV Error: Can't load daily.ndb: Malformed database
2010-04-16 16:33:24.549298500 LibClamAV Error: cli_tgzload: Can't load daily.ndb
2010-04-16 16:33:24.549420500 LibClamAV Error: Can't load /var/clamav/daily.cld: Malformed database
2010-04-16 16:33:24.549630500 ERROR: Malformed database

[agodin]

Have sent you a note if you wish me to contact you.

Basically you need to delete the yum lock file first :
--> rm /var/run/yum.pid

RM = delete/remove

Then run the yum updater, looking specifically at clamav

--> yum update clamav

This should then get the new version for you, showing 2 updates.
When it installs the new version of clamav and its dependancies, it then migrates existing settings and database to new version thus fixing up the database issue.

You then advise the system to update its internal configuration and reboot
--> signal-event post-upgrade; signal-event reboot

After reboot emails should be flowing again as normal

Have done this to about 12 systems today (we love SME) and seems to do the trick for the moment at least

Regards
Anthony