2020年正月休みにあれこれ ports を upgrade した、ら、amavisd-new が起動しなくなったった。
(!)Net::Server: 2020/01/07-15:57:40 Can't connect to TCP port 10024 on 127.0.0.1 [Address already in use]\n at line 64 in file /usr/local/lib/perl5/site_perl/Net/Server/Proto/TCP.pm
1基のamavisd-newだけではなく、複数のサーバ機で発生したので、ちょっと焦る(^^ゞ
Clamav と併用して使用する場合、以前は amavisd-new のユーザ・グループを clamav:clamav にして、clamav との連携を図るコトになっていたのだが、どうやらそれが非推奨となった模様。
結果として amavisd-new のユーザ・グループは、ports のオリジナル設定の vscan:vscan として、clamav の側はroot:wheelとする事でこのエラーを回避出来ました。
/usr/ports/security/amavisd-new/Makefile
AMAVISUSER?= vscan AMAVISGROUP?= vscan
# rm -r /var/amavis
# pkg delete amavisd-new-2.12.0,1
# portinstall security/amavisd-new
/usr/local/etc/amavisd.conf
$daemon_user = 'vscan'; # (no default; customary: vscan or amavis), -u $daemon_group = 'vscan'; # (no default; customary: vscan or amavis), -g
/usr/local/etc/clamd.conf の206行目をコメントアウト
#User clamav
以上
CLAMAVUSER?= clamav CLAMAVGROUP?= clamav CLAMAV_CLAMD_SOCKET?= ${RUNDIR}/clamd.sock CLAMAV_CLAMD_PIDFILE?= ${RUNDIR}/clamd.pid CLAMAV_MILTER_SOCKET?= ${RUNDIR}/clmilter.sock .if ${CLAMAVUSER} == "clamav" USERS= clamav .endif .if ${CLAMAVGROUP} == "clamav" #GROUPS= clamav mail GROUPS= clamav mail vscan .endif
# portupgrade -fr --batch amavisd-new-2.11.1_1,1 && reboot
したところ、
(!)_DIE: Suicide in child_init_hook: BDB can't connect db env. at /var/amavis/db: BDB0087 DB_RUNRECOVERY: Fatal error, run database recovery, No such file or directory. at (eval 93) line 338.
というエラーログが延々でつづける・・・。
/usr/local/etc/amavisd.conf 338行めを
# ['doc', \&do_ole, 'ripole'],
/usr/local/etc/rc.d/amavisd restart
して、復活。 したかと思いきや・・・
(!)_DIE: register_proc: BDB N db_cursor: BDB0060 PANIC: fatal region error detected; run recovery, . at (eval 93) line 220. (!!)TROUBLE in child_init_hook: BDB can't connect db env. at /var/amavis/db: BDB0087 DB_RUNRECOVERY: Fatal error, run database recovery, No such file or directory. at (eval 93) line 338.
となった。
どうやら、古い2015年製w /usr/local/etc/amavisd.conf の設定ファイルの不整合のようなので、amavisd.conf.sample を amavisd.conf へリネームして以下を変更。
13c13 < # @bypass_spam_checks_maps = (1); # controls running of anti-spam code --- > @bypass_spam_checks_maps = (1); # controls running of anti-spam code 20c20 < $mydomain = 'example.com'; # a convenient default for other settings --- > $mydomain = 'smb.net'; # a convenient default for other settings 119c119 < $virus_admin = "virusalert\@$mydomain"; # notifications recip. --- > # $virus_admin = "virusalert\@$mydomain"; # notifications recip. 382,391c382,391 < # ### http://www.clamav.net/ < # ['ClamAV-clamd', < # \&ask_daemon, ["CONTSCAN {}\n", "/var/run/clamav/clamd.sock"], < # qr/\bOK$/m, qr/\bFOUND$/m, < # qr/^.*?: (?!Infected Archive)(.*) FOUND$/m ], < # # NOTE: run clamd under the same user as amavisd - or run it under its own < # # uid such as clamav, add user clamav to the amavis group, and then add < # # AllowSupplementaryGroups to clamd.conf; < # # NOTE: match socket name (LocalSocket) in clamav.conf to the socket name in < # # this entry; when running chrooted one may prefer a socket under $MYHOME. --- > ### http://www.clamav.net/ > ['ClamAV-clamd', > \&ask_daemon, ["CONTSCAN {}\n", "/var/run/clamav/clamd.sock"], > qr/\bOK$/m, qr/\bFOUND$/m, > qr/^.*?: (?!Infected Archive)(.*) FOUND$/m ], > # NOTE: run clamd under the same user as amavisd - or run it under its own > # uid such as clamav, add user clamav to the amavis group, and then add > # AllowSupplementaryGroups to clamd.conf; > # NOTE: match socket name (LocalSocket) in clamav.conf to the socket name in > # this entry; when running chrooted one may prefer a socket under $MYHOME.
Sep 1 00:13:11 guard amavis[23846]: (23846-01) (!!)TROUBLE in process_request: Can't create directory /var/amavis/tmp/amavis-20100901T001311-23846: Too many links at /usr/local/sbin/amavisd line 5291, <GEN14> line 2. Sep 1 00:13:11 guard amavis[23846]: (23846-01) (!)Requesting process rundown after fatal error Sep 1 00:13:11 guard amavis[23847]: (23847-01) (!!)TROUBLE in process_request: Can't create directory /var/amavis/tmp/amavis-20100901T001311-23847: Too many links at /usr/local/sbin/amavisd line 5291, <GEN14> line 2. Sep 1 00:13:11 guard amavis[23847]: (23847-01) (!)Requesting process rundown after fatal error Sep 1 00:13:11 guard amavis[23849]: (23849-01) (!!)TROUBLE in process_request: Can't create directory /var/amavis/tmp/amavis-20100901T001311-23849: Too many links at /usr/local/sbin/amavisd line 5291, <GEN14> line 2. Sep 1 00:13:11 guard amavis[23849]: (23849-01) (!)Requesting process rundown after fatal error
111 5:50 mv tmp tmp-toomany 112 5:50 ll 113 5:50 mv tmp tmp tmp-toomany 114 5:51 mv -rp tmp tmp tmp-toomany 115 5:51 mv tmp tmp tmp-toomany 116 5:51 mv tmp tmp-toomany 117 5:54 mv -f tmp tmp-toomany 118 5:54 pwd 119 5:56 ll 120 5:56 cd tmp 121 5:57 ll 122 5:57 rm -r amavis-201004* 123 5:58 rm -r amavis-201005* 124 5:58 rm -r amavis-201006* 125 5:59 rm -r amavis-201007* 126 6:02 echo /var/virusmails/amavis-201007* | xargs rm 127 6:02 pwd 128 6:02 echo /usr/var/amavis/tmp/amavis-201007* | xargs rm 129 6:03 echo /usr/var/amavis/tmp/amavis-201007* | xargs rm -r 130 6:04 history
http://city-rabbit.blogspot.com/2009/09/antivirus-scanner.html
2010年3月25日午前、メールサーバの挙動がおかしい。のに気づく。
Mar 25 04:55:51 hotshot postfix/anvil[5763]: statistics: max connection rate 2/60s for (smtp:116.74.160.186) at Mar 25 04:54:43 Mar 25 04:55:51 hotshot postfix/anvil[5763]: statistics: max connection count 2 for (smtp:173.49.95.140) at Mar 25 04:52:34 Mar 25 04:55:51 hotshot postfix/anvil[5763]: statistics: max cache size 3 at Mar 25 04:52:47 Mar 25 04:55:54 hotshot postfix/smtpd[5761]: connect from unknown[70.99.243.17] Mar 25 04:56:24 hotshot postfix/smtpd[5761]: warning: 17.243.99.70.list.dsbl.org: RBL lookup error: Host or domain name not found. Name service error for name=17.243.99.70.list.dsbl.org type=A: Host not found, try again Mar 25 04:56:24 hotshot postfix/smtpd[5761]: 681B456441: client=unknown[70.99.243.17] Mar 25 04:56:28 hotshot postfix/cleanup[5817]: 681B456441: message-id=<20100324135552.dmcfphohtdbd@mx1.hotpinktrouttree.net> Mar 25 04:56:28 hotshot postfix/qmgr[1323]: 681B456441: from=<Ashtonaic@hotpinktrouttree.net>, size=10163, nrcpt=1 (queue active) Mar 25 04:56:31 hotshot postfix/smtpd[5761]: disconnect from unknown[70.99.243.17] Mar 25 04:56:46 hotshot amavis[5853]: (!!)TROUBLE in child_init_hook: BDB no dbS: Lock table is out of available locker entries, . at (eval 97) line 27. Mar 25 04:56:46 hotshot amavis[5853]: (!)_DIE: Suicide in child_init_hook: BDB no dbS: Lock table is out of available locker entries, . at (eval 97) line 27. Mar 25 04:56:46 hotshot postfix/smtp[5850]: 681B456441: to=<swalter@smb.net>, relay=127.0.0.1[127.0.0.1]:10024, delay=46, delays=29/0.01/0.01/17, dsn=4.4.2, status=deferred (lost connection with 127.0.0.1[127.0.0.1] while sending end of data -- message may be sent more than once) Mar 25 04:56:46 hotshot amavis[5855]: (!!)TROUBLE in child_init_hook: BDB no dbS: Lock table is out of available locker entries, . at (eval 97) line 27.
の様な始まりで、延々
Mar 25 11:18:01 hotshot amavis[46448]: (!!)TROUBLE in child_init_hook: BDB no dbS: Lock table is out of available locker entries, . at (eval 97) line 27. Mar 25 11:18:01 hotshot amavis[46448]: (!)_DIE: Suicide in child_init_hook: BDB no dbS: Lock table is out of available locker entries, . at (eval 97) line 27. Mar 25 11:18:01 hotshot amavis[46447]: (!!)TROUBLE in child_init_hook: BDB no dbS: Lock table is out of available locker entries, . at (eval 97) line 27. Mar 25 11:18:01 hotshot amavis[46447]: (!)_DIE: Suicide in child_init_hook: BDB no dbS: Lock table is out of available locker entries, . at (eval 97) line 27.
頻発する・・・・
Mar 28 21:20:35 hotshot postfix/smtpd[34519]: 8D5995645C: client=bl16-146-28.dsl.telepac.pt[188.81.146.28] Mar 28 21:20:36 hotshot postfix/cleanup[34532]: 8D5995645C: message-id=<20100328122035.8D5995645C@hotshot.smb.net> Mar 28 21:20:36 hotshot postfix/qmgr[1325]: 8D5995645C: from=<iqiabyga8190@telepac.pt>, size=7454, nrcpt=1 (queue active) Mar 28 21:20:37 hotshot postfix/smtpd[34519]: disconnect from bl16-146-28.dsl.telepac.pt[188.81.146.28] Mar 28 21:20:50 hotshot amavis[34536]: (!!)TROUBLE in child_init_hook: BDB no dbS: Lock table is out of available locker entries, . at (eval 97) line 27. Mar 28 21:20:50 hotshot amavis[34536]: (!)_DIE: Suicide in child_init_hook: BDB no dbS: Lock table is out of available locker entries, . at (eval 97) line 27.
ので、取り敢えず、
hotshot# portupgrade p5-BerkeleyDB-0.36 ---> Upgrading 'p5-BerkeleyDB-0.36' to 'p5-BerkeleyDB-0.41' (databases/p5-BerkeleyDB) ---> Building '/usr/ports/databases/p5-BerkeleyDB' ===> Cleaning for p5-BerkeleyDB-0.41 => BerkeleyDB-0.41.tar.gz doesn't seem to exist in /usr/ports/distfiles/. => Attempting to fetch from ftp://ftp.funet.fi/pub/languages/perl/CPAN/modules/by-module/BerkeleyDB/. BerkeleyDB-0.41.tar.gz 100% of 180 kB 98 kBps ===> Extracting for p5-BerkeleyDB-0.41 hotshot# amavisd reload Daemon [1101] terminated by SIGTERM, waiting for dust to settle... becoming a new daemon... hotshot#
してみる。
それでも、トラブル。ので、 http://www.mail-archive.com/amavis-user@lists.sourceforge.net/msg14610.html
あたりをみて、db4 をインストールして、DB_CONFIG のサンプルを手に入れる。
164 13:48 locate db4 165 13:49 portinstall databases/db4 166 13:52 rehash hotshot# portinstall databases/db48
/var/amavis/db/DB_CONFIG
# $OpenLDAP: pkg/ldap/servers/slapd/DB_CONFIG,v 1.3.2.4 2007/12/18 11:53:27 ghenry Exp $ # Example DB_CONFIG file for use with slapd(8) BDB/HDB databases. # # See the Oracle Berkeley DB documentation # <http://www.oracle.com/technology/documentation/berkeley-db/db/ref/env/db_config.html> # for detail description of DB_CONFIG syntax and semantics. # # Hints can also be found in the OpenLDAP Software FAQ # <http://www.openldap.org/faq/index.cgi?file=2> # in particular: # <http://www.openldap.org/faq/index.cgi?file=1075> # Note: most DB_CONFIG settings will take effect only upon rebuilding # the DB environment. # one 0.25 GB cache set_cachesize 0 268435456 1 # Data Directory #set_data_dir db #http://wiki.zimbra.com/index.php?title=OpenLDAP_Performance_Tuning_6.0#Berkeley_DB_DB_CONFIG_tuning set_lk_max_locks 3000 set_lk_max_objects 1500 set_lk_max_lockers 1500 # Transaction Log settings set_lg_regionmax 262144 set_lg_bsize 2097152 #set_lg_dir logs # Note: special DB_CONFIG flags are no longer needed for "quick" # slapadd(8) or slapindex(8) access (see their -q option).
Apr 6 15:28:20 hotshot amavis[1114]: Module Razor2::Client::Version 2.84 Apr 6 15:28:20 hotshot amavis[1114]: Module Socket6 0.23 Apr 6 15:28:20 hotshot amavis[1114]: Module Time::HiRes 1.9719 Apr 6 15:28:20 hotshot amavis[1114]: Module URI 1.37 Apr 6 15:28:20 hotshot amavis[1114]: Module Unix::Syslog 1.1 Apr 6 15:28:20 hotshot amavis[1114]: Amavis::DB code loaded Apr 6 15:28:20 hotshot amavis[1114]: Amavis::Cache code loaded Apr 6 15:28:20 hotshot amavis[1114]: SQL base code NOT loaded Apr 6 15:28:20 hotshot amavis[1114]: SQL::Log code NOT loaded Apr 6 15:28:20 hotshot amavis[1114]: SQL::Quarantine NOT loaded Apr 6 15:28:20 hotshot amavis[1114]: Lookup::SQL code NOT loaded Apr 6 15:28:20 hotshot amavis[1114]: Lookup::LDAP code NOT loaded Apr 6 15:28:20 hotshot amavis[1114]: AM.PDP-in proto code loaded Apr 6 15:28:20 hotshot amavis[1114]: SMTP-in proto code loaded Apr 6 15:28:20 hotshot amavis[1114]: Courier proto code NOT loaded Apr 6 15:28:20 hotshot amavis[1114]: SMTP-out proto code loaded Apr 6 15:28:20 hotshot amavis[1114]: Pipe-out proto code NOT loaded Apr 6 15:28:20 hotshot amavis[1114]: BSMTP-out proto code NOT loaded Apr 6 15:28:20 hotshot amavis[1114]: Local-out proto code loaded Apr 6 15:28:20 hotshot amavis[1114]: OS_Fingerprint code NOT loaded Apr 6 15:28:20 hotshot amavis[1114]: ANTI-VIRUS code loaded Apr 6 15:28:20 hotshot amavis[1114]: ANTI-SPAM code loaded Apr 6 15:28:20 hotshot amavis[1114]: ANTI-SPAM-EXT code NOT loaded Apr 6 15:28:20 hotshot amavis[1114]: ANTI-SPAM-C code NOT loaded Apr 6 15:28:20 hotshot amavis[1114]: ANTI-SPAM-SA code loaded Apr 6 15:28:20 hotshot amavis[1114]: Unpackers code loaded Apr 6 15:28:20 hotshot amavis[1114]: DKIM code loaded Apr 6 15:28:20 hotshot amavis[1114]: Tools code NOT loaded Apr 6 15:28:20 hotshot amavis[1114]: Found $file at /usr/local/bin/file Apr 6 15:28:20 hotshot amavis[1114]: No $altermime, not using it Apr 6 15:28:20 hotshot amavis[1114]: Internal decoder for .mail Apr 6 15:28:20 hotshot amavis[1114]: Internal decoder for .asc Apr 6 15:28:20 hotshot amavis[1114]: Internal decoder for .uue Apr 6 15:28:20 hotshot amavis[1114]: Internal decoder for .hqx Apr 6 15:28:20 hotshot amavis[1114]: Internal decoder for .ync Apr 6 15:28:20 hotshot amavis[1114]: Found decoder for .F at /usr/local/bin/unfreeze Apr 6 15:28:20 hotshot amavis[1114]: Found decoder for .Z at /usr/bin/uncompress Apr 6 15:28:20 hotshot amavis[1114]: Found decoder for .gz at /usr/bin/gzip -d
Apr 6 17:00:44 hotshot amavis[1113]: Amavis::Cache code loaded Apr 6 17:00:44 hotshot amavis[1113]: SQL base code NOT loaded Apr 6 17:00:44 hotshot amavis[1113]: SQL::Log code NOT loaded Apr 6 17:00:44 hotshot amavis[1113]: SQL::Quarantine NOT loaded Apr 6 17:00:44 hotshot amavis[1113]: Lookup::SQL code NOT loaded Apr 6 17:00:44 hotshot amavis[1113]: Lookup::LDAP code NOT loaded Apr 6 17:00:44 hotshot amavis[1113]: AM.PDP-in proto code loaded Apr 6 17:00:44 hotshot amavis[1113]: SMTP-in proto code loaded Apr 6 17:00:44 hotshot amavis[1113]: Courier proto code NOT loaded Apr 6 17:00:44 hotshot amavis[1113]: SMTP-out proto code loaded Apr 6 17:00:44 hotshot amavis[1113]: Pipe-out proto code NOT loaded Apr 6 17:00:44 hotshot amavis[1113]: BSMTP-out proto code NOT loaded Apr 6 17:00:44 hotshot amavis[1113]: Local-out proto code loaded Apr 6 17:00:44 hotshot amavis[1113]: OS_Fingerprint code NOT loaded Apr 6 17:00:44 hotshot amavis[1113]: ANTI-VIRUS code loaded Apr 6 17:00:44 hotshot amavis[1113]: ANTI-SPAM code loaded Apr 6 17:00:44 hotshot amavis[1113]: ANTI-SPAM-EXT code NOT loaded Apr 6 17:00:44 hotshot amavis[1113]: ANTI-SPAM-C code NOT loaded Apr 6 17:00:44 hotshot amavis[1113]: ANTI-SPAM-SA code loaded Apr 6 17:00:44 hotshot amavis[1113]: Unpackers code loaded Apr 6 17:00:44 hotshot amavis[1113]: DKIM code loaded Apr 6 17:00:44 hotshot amavis[1113]: Tools code NOT loaded Apr 6 17:00:44 hotshot amavis[1113]: Found $file at /usr/local/bin/file Apr 6 17:00:44 hotshot amavis[1113]: No $altermime, not using it Apr 6 17:00:44 hotshot amavis[1113]: Internal decoder for .mail