Hey all,
For the last 8 months I have been running a postfix / mail scanner setup based on Johnny Hughes' excellent tutorial. For the firs 7 months I have had no issues. This past month I have been having instances where the user gets an smtp error while trying to send email. Restarting the postfix service is all it takes to resolve this issue. The problem is that it has begun to occur more and more often. It is now up to once every day. I have found nothing unusual in the mail or messages logs. As I am an ultra newbie I am unsure of the next step to take to resolve this. I have search through the past messages on this list and can find nothing. Anyone have any ideas?
Thanks,
Jason Ross
Jason Ross spake the following on 8/9/2007 1:39 PM:
Hey all,
For the last 8 months I have been running a postfix / mail scanner setup based on Johnny Hughes' excellent tutorial. For the firs 7 months I have had no issues. This past month I have been having instances where the user gets an smtp error while trying to send email. Restarting the postfix service is all it takes to resolve this issue. The problem is that it has begun to occur more and more often. It is now up to once every day. I have found nothing unusual in the mail or messages logs. As I am an ultra newbie I am unsure of the next step to take to resolve this. I have search through the past messages on this list and can find nothing. Anyone have any ideas?
Thanks,
Jason Ross
Have you done any normal maintenance such as OS upgrades? Software fixes? Did you do one about a month ago?
Jason Ross spake the following on 8/9/2007 3:36 PM:
No I have not. We are a small company and the owner freaks out when it comes to any down time of email so I have just maintained the original install. No updates.
Can you give some more details, like OS type/version, postfix version, MailScanner version, ETC. Probably many security holes if it has been sitting un-patched for 8 months. I think the owner would freak out more if his server gets rootkitted because of some unpatched security hole, don't you think?
I patch running mail servers all the time, the downtime is usually only minutes, and if it is that busy, a remote ssh session will let you do it later in the evening.
I am currently runningCentos 4.3 postfix-2.2.10-1.RHEL4.2 mailscanner-4.57.6-1
Your OS is out of date, but not terribly in the grand scheme of things. This list probably remembers running CentOS 4.3 for quite a bit and it was rock solid. I'd start with the SMTP error message. Try to be as specific as possible when posting to lists. If the SMTP error is your symptom, give us the EXACT smtp error. This may simply be a problem where your system hit a "default install" performance ceiling and/or ran out of resources. Errors of this nature usually just require tweaking the config.
Regards, Ken
Ken,
I dont know that there is a specific error, it acts the same as if you put in a bad password. Once I restart postfix, it goes right through.
jason
Ken Price wrote:
I am currently runningCentos 4.3 postfix-2.2.10-1.RHEL4.2 mailscanner-4.57.6-1
Your OS is out of date, but not terribly in the grand scheme of things. This list probably remembers running CentOS 4.3 for quite a bit and it was rock solid. I'd start with the SMTP error message. Try to be as specific as possible when posting to lists. If the SMTP error is your symptom, give us the EXACT smtp error. This may simply be a problem where your system hit a "default install" performance ceiling and/or ran out of resources. Errors of this nature usually just require tweaking the config.
Regards, Ken
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Jason Ross spake the following on 8/9/2007 4:18 PM:
I am currently running Centos 4.3 postfix-2.2.10-1.RHEL4.2 mailscanner-4.57.6-1
The problem is I'm not yet smart enough to patch it quickly.
But would patching it fix the issue or create more???
If so how would I roll back quickly?
First thing I would do is run yum update to bring the system patches up to speed.
You will have a kernel update if you haven't updated for 8 months, so you will need a reboot.
Then you can use the following script to backup your mailscanner installation. It is set up to run as root, and keep its stuff there. *******<cut>***** #!/bin/bash
cp -a /etc/MailScanner /etc/MailScanner.$(date +%Y%m%d) cp -a /usr/lib/MailScanner /usr/lib/MailScanner.$(date +%Y%m%d) cp -a /usr/sbin/MailScanner /usr/sbin/MailScanner.$(date +%Y%m%d)
echo cp -a --remove-destination /etc/MailScanner.$(date +%Y%m%d) /etc/MailScanner > /root/restorems-$(date +%Y%m%d).sh echo cp -a --remove-destination /usr/lib/MailScanner.$(date +%Y%m%d) /usr/lib/MailScanner >> /root/restorems-$(date +%Y%m%d).sh echo cp -a --remove-destination /usr/sbin/MailScanner.$(date +%Y%m%d) /usr/sbin/MailScanner>> /root/restorems-$(date +%Y%m%d).sh chmod +x /root/restorems-$(date +%Y%m%d).sh
echo rm -fr /etc/MailScanner.$(date +%Y%m%d) > /root/delmsback-$(date +%Y%m%d).sh echo rm -fr /usr/lib/MailScanner.$(date +%Y%m%d) >> /root/delmsback-$(date +%Y%m%d).sh echo rm -fr /usr/sbin/MailScanner.$(date +%Y%m%d) >> /root/delmsback-$(date +%Y%m%d).sh echo rm -fr /root/restorems-$(date +%Y%m%d).sh >> /root/delmsback-$(date +%Y%m%d).sh echo rm -fr /root/delmsback-$(date +%Y%m%d).sh >> /root/delmsback-$(date +%Y%m%d).sh
chmod +x /root/delmsback-$(date +%Y%m%d).sh
*******<cut>*****
This will back up your mailscanner setup with the current date. You can then install the latest from Julian's install tarball and be sure you run the update_mailscanner_conf and update_languages_conf scripts. Then you can restart MailScanner.
If you need to restore a backup just run the restorems script with the date of your backup.
I would also recommend updating spamassassin, but to get detailed help, we need to know if you are running the spamassassin that came with CentOS, or if you installed from Julian's clamav-spamassassin tarball.
Should I use the graphical update or just yum update? Also are there any updates I should be concerned about? Should I update now, or after I resolve the smtp issue?
RHEL has a decent GUI, however you will be better off ignoring it and getting familiar with administering the box via the command line. Just my opinion.
I'll give my two cents and retire for the evening. I've tried multiple times from 3 different locations (Atlanta & Seattle) to connect to MAIL.MEDVOICE.COM on port 25 ... which I'm assuming is your problem server. I get inconsistent results. Half the time I get a near immediate (<2 seconds) 220 prompt. The rest of the time I get > 10 seconds or timeouts.
I'm not saying you shouldn't update your system. You should. However, I'd start by looking at the following to solve your SMTP problem.
1) Your bandwidth utilization. You have enough left over? Probably yes. But DSL is sometimes "dirty". 2) Your server resource utilization. You have enough CPU and memory in that box? Probably yes. 3) Who does your DNS? Looks like Qwest is authoritative for your domain, do you use their recursive DNS servers too? If yes, this could be a problem. If you don't already, RUN YOUR OWN RECURSIVE DNS for your server!! 4) Do you experience this problem more during certain times of the day?
Email clients are fickle and have short timeouts. When this problem pops up again, try telnetting into your mail server, port 25. Timeout? Error? What? If so, SSH into your server and locally telnet into port 25. Do you experience the same problem from there?
Bandwidth and DNS are the likely culprits. Doesn't mean, however, that your SPAM has increased and is using all available SMTP processes. That also explains the timeouts as the email client has to wait for an available process.
I like MailScanner. It's easy to setup and gives default security to novices, while giving enough flexibility to experts. However, it's not efficient unless you have an someone who knows what they're doing at the helm.
-Ken
Jason Ross spake the following on 8/9/2007 4:56 PM:
Scott,
Sorry 'bout that I thought I was missing something. spamassassin-3.0.6-1.el4
Just have 3 more questions. Should I use the graphical update or just yum update? Also are there any updates I should be concerned about? Should I update now, or after I resolve the smtp issue?
I think the issue is not the updates, although it could be a compromised machine. Don't get me wrong, the updates are important, but I think your problems go deeper than that. If you can mail me off-list, so I can get some details about your domain from the e-mail, I'll do some more research in the morning. I am reading the list through GMANE, so your domain name gets obscured.
Jason Ross wrote:
Hey all,
For the last 8 months I have been running a postfix / mail scanner setup based on Johnny Hughes' excellent tutorial. For the firs 7 months I have had no issues. This past month I have been having instances where the user gets an smtp error while trying to send email. Restarting the postfix service is all it takes to resolve this issue. The problem is that it has begun to occur more and more often. It is now up to once every day. I have found nothing unusual in the mail or messages logs. As I am an ultra newbie I am unsure of the next step to take to resolve this. I have search through the past messages on this list and can find nothing. Anyone have any ideas?
The following details would be nice:
Number of smtpd daemons configured (if you have not changed then it is 100), number of smtpds, cleanups and trivial-rewrites running when you encounter the problem, cpu utilization statistics.
I am not familiar with how mail-scanner is run. I assume it has a fixed number of processes. Are all mail-scanner processes in action during the smtp timeout and taking the majority of cpu resources?
-
Feizhou -
Jason Ross -
Ken Price -
Scott Silva