Probably i found something
I dont know how this program work but i think that it make a select for all lines containing postfix\/cleanup, and they are 21000
problem is in function doit($input)
it solves putting sleep(10); before the SELECT but obviously i cant know how i do
Search found 388 matches
- 19 Feb 2021 09:11
- Forum: 4.x Bugs
- Topic: milter cpu at 100%
- Replies: 13
- Views: 10421
- 19 Feb 2021 08:47
- Forum: 4.x Bugs
- Topic: milter cpu at 100%
- Replies: 13
- Views: 10421
Re: milter cpu at 100%
Today same thing
program search a string that at now contains about 21000 recs and do a select
[root@EFA42 log]# grep postfix\/cleanup maillog | wc
21052 224074 3943351
but it do it forever, i lauched same program manually and stays forever
program search a string that at now contains about 21000 recs and do a select
[root@EFA42 log]# grep postfix\/cleanup maillog | wc
21052 224074 3943351
but it do it forever, i lauched same program manually and stays forever
- 18 Feb 2021 14:56
- Forum: 4.x Bugs
- Topic: milter cpu at 100%
- Replies: 13
- Views: 10421
Re: milter cpu at 100%
with a rapid look to the program seems that it uses some entries from maillog
so is possible that priogram made same thing forever depending on what is in the log
i solved with
logrotate -vf /etc/logrotate.conf
but there is in act a potential bug
so is possible that priogram made same thing forever depending on what is in the log
i solved with
logrotate -vf /etc/logrotate.conf
but there is in act a potential bug
- 18 Feb 2021 14:37
- Forum: 4.x Bugs
- Topic: milter cpu at 100%
- Replies: 13
- Views: 10421
milter cpu at 100%
During work i found that mysqll cpu was at 100% for hours There was same select running forever each time i watch with a different messageid The only way to stop it was to rename program and then kill its pid mv /usr/bin/mailwatch/tools/Postfix_relay/mailwatch_milter_relay.php /usr/bin/mailwatch/too...
- 18 Feb 2021 07:56
- Forum: 4.x Bugs
- Topic: Virus Scanning: Denial Of Service attack detected!
- Replies: 40
- Views: 44434
Re: Virus Scanning: Denial Of Service attack detected!
no more problems after YARA disabling .....
[root@EFA42 spamassassin]# grep "Denial of Service" /var/log/maillog
Feb 16 10:04:08 EFA42 MailScanner[470406]: Viruses marked as silent: Denial of Service attack in message!
[root@EFA42 spamassassin]# grep "Denial of Service" /var/log/maillog
Feb 16 10:04:08 EFA42 MailScanner[470406]: Viruses marked as silent: Denial of Service attack in message!
- 18 Feb 2021 07:55
- Forum: 4.x Bugs
- Topic: SPF of DMARC problem
- Replies: 3
- Views: 2746
Re: SPF of DMARC problem
These are my DMARC spamassassin rules with a workaround for this problem When dmarc pass i give a bonus When dmarc fail i check spf that comes from spamassassin before give a real fail, if it pass i assume that it dont fail header SA_DMARC_NONE Authentication-Results =~ /gruppocomet\.it.+dmarc=none/...
- 17 Feb 2021 17:32
- Forum: 4.x Bugs
- Topic: SPF of DMARC problem
- Replies: 3
- Views: 2746
Re: SPF of DMARC problem
another solution can be to make postfix generate header with spf check
dnf install pypolicyd-spf
but install fails :
file /usr/bin/spfquery from install of python3-pyspf-2.0.14-8.el8.noarch conflicts with file from package perl-Mail-SPF-Query-1.999.1-1.eFa.el8.noarch
dnf install pypolicyd-spf
but install fails :
file /usr/bin/spfquery from install of python3-pyspf-2.0.14-8.el8.noarch conflicts with file from package perl-Mail-SPF-Query-1.999.1-1.eFa.el8.noarch
- 17 Feb 2021 16:11
- Forum: 4.x Bugs
- Topic: SPF of DMARC problem
- Replies: 3
- Views: 2746
SPF of DMARC problem
I posted about a dmarc problem and i think to found a real bug in opendmarc Opendmarc reads opendkim results from header and initially i have not verified it, If i dont make a verify, opendkim can only use spf results to validate, but in header i have no spf results So i put SPFSelfValidate true In ...
- 17 Feb 2021 10:25
- Forum: 4.x Bugs
- Topic: dmarc fail on paypal
- Replies: 3
- Views: 2631
Re: dmarc fail on paypal
probably solved using Mode sv in opendkim.conf
- 17 Feb 2021 10:10
- Forum: 4.x Bugs
- Topic: dmarc fail on paypal
- Replies: 3
- Views: 2631
Re: dmarc fail on paypal
If i put directive SPFSelfValidate true A new line appear, it tell that opendmarc made itself spf test Authentication-Results: EFA42.gruppocomet.it; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: EFA42.gruppocomet.it; spf=pass smtp.mailfrom=uta.fac@gmail.com so dmarc pass...
- 17 Feb 2021 09:55
- Forum: 4.x Bugs
- Topic: dmarc fail on paypal
- Replies: 3
- Views: 2631
dmarc fail on paypal
I have a lot of dmarc failed also if they are ok in dkim and spf, here an example -0.20 DKIM_VALID Message has at least one valid DKIM or DK signature -0.30 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.20 DKIM_VALID_EF Message has a valid DKIM or DK signature from e...
- 17 Feb 2021 07:33
- Forum: 4.x Bugs
- Topic: Virus Scanning: Denial Of Service attack detected!
- Replies: 40
- Views: 44434
Re: Virus Scanning: Denial Of Service attack detected!
with enable_yararules="yes" i got a "Viruses marked as silent: Denial of Service attack in message!" yesterday with enable_yararules="no" i have no more messages for 24h i think that problem is yara but i dont know what yara database is involved, These are yaras rmoved ...
- 16 Feb 2021 14:58
- Forum: 4.x Bugs
- Topic: Virus Scanning: Denial Of Service attack detected!
- Replies: 40
- Views: 44434
Re: Virus Scanning: Denial Of Service attack detected!
I put enable_yararules="no" 6 hours ago and i have no more denyes
6 hours are not enough but i am confident that can be yara problem
consider that when it give the problem cpu of clam goes at more than 100%
6 hours are not enough but i am confident that can be yara problem
consider that when it give the problem cpu of clam goes at more than 100%
- 16 Feb 2021 09:37
- Forum: 4.x Bugs
- Topic: Virus Scanning: Denial Of Service attack detected!
- Replies: 40
- Views: 44434
Re: Virus Scanning: Denial Of Service attack detected!
I get this morning : Feb 16 10:04:08 EFA42 MailScanner[470406]: Viruses marked as silent: Denial of Service attack in message! Now i try disabling yara rules that i suspect and wait .... enable_yararules="no" /usr/sbin/clamav-unofficial-sigs.sh Removing unused file: /var/lib/clamav-unoffic...
- 15 Feb 2021 16:22
- Forum: 4.x Bugs
- Topic: Virus Scanning: Denial Of Service attack detected!
- Replies: 40
- Views: 44434
Re: Virus Scanning: Denial Of Service attack detected!
I still have NO problem (grep "Denial of Service" /var/log/maillog at 0) I au using databases from this full default list -rw-r--r-- 1 clamupdate clamupdate 98869 Feb 9 08:47 badmacro.ndb -rw-r--r-- 1 clamupdate clamupdate 476644 Feb 14 21:08 blurl.ndb -rw-r--r--. 1 clamupdate clamupdate 3...
- 15 Feb 2021 08:28
- Forum: 4.x Bugs
- Topic: Virus Scanning: Denial Of Service attack detected!
- Replies: 40
- Views: 44434
Re: Virus Scanning: Denial Of Service attack detected!
To find problem we can use grep "Denial of Service" /var/log/maillog Now my log is clean of there errors becouse i used no unofficial for this weekend Now i started with a limited sets of unofficial db and monitor for error to find offending db using my traffic this is my forst test packag...
- 11 Feb 2021 07:35
- Forum: 4.x Bugs
- Topic: Virus Scanning: Denial Of Service attack detected!
- Replies: 40
- Views: 44434
Re: Virus Scanning: Denial Of Service attack detected!
Yesterday i put in /etc/clamd.d/scan.conf OfficialDatabaseOnly yes this is log today 11/02 at 08.27 and after this no more problem [root@EFA42 batch]# grep "Denial of Service" /var/log/maillog Feb 9 17:33:36 EFA42 MailScanner[131547]: Viruses marked as silent: Denial of Service attack in m...
- 10 Feb 2021 14:58
- Forum: 4.x Bugs
- Topic: Virus Scanning: Denial Of Service attack detected!
- Replies: 40
- Views: 44434
Re: Virus Scanning: Denial Of Service attack detected!
is very difficoult to do, i can try
- 10 Feb 2021 13:32
- Forum: 4.x Bugs
- Topic: Virus Scanning: Denial Of Service attack detected!
- Replies: 40
- Views: 44434
Re: Virus Scanning: Denial Of Service attack detected!
I also have that problem, sigh
- 09 Feb 2021 16:17
- Forum: How-to
- Topic: my 5 plugins 1/2
- Replies: 2
- Views: 1607
my 5 plugins 2/2
sadwl Is a SpamAssassin Plugin that record into a table domain info about envdomain, domain and reverse domain, So using a database browser under pc you can assign a bonus or penality score dinamcally ow Is a SpamAssassin Plugin that build a database WhiteList using data from email that your intern...
- 09 Feb 2021 16:16
- Forum: How-to
- Topic: my 5 plugins 1/2
- Replies: 2
- Views: 1607
my 5 plugins 1/2
Here 5 plugins that i made and that i use in my installation from years, they are tested and in use under efa4 mxpf Mxpf help to hit some non spoofed email for domains that doesnt have SPF or DKIM configured It compare the C mask of sender ip with C mask of all mx records of domain asnpf Asnpf help ...
- 09 Feb 2021 15:56
- Forum: How-to
- Topic: SecuriteInfo patterns for CLAM
- Replies: 0
- Views: 2979
SecuriteInfo patterns for CLAM
Into /etc/freshclam.conf i put patterns from https://www.securiteinfo.com/
It need a registrstion but they consent free daily download
It have large pattern files as you can see in few days it give a great enhance in detection
It need a registrstion but they consent free daily download
It have large pattern files as you can see in few days it give a great enhance in detection
- 09 Feb 2021 07:36
- Forum: Discussion
- Topic: bayes discard messages
- Replies: 10
- Views: 3705
Re: bayes discard messages
also with bayes_auto_learn_threshold_spam 6.00 it takes only over 12
- 09 Feb 2021 07:29
- Forum: Discussion
- Topic: bayes discard messages
- Replies: 10
- Views: 3705
Re: bayes discard messages
did you mean that if i put 5 it is invalid and it stays at 12 ?
- 08 Feb 2021 10:18
- Forum: 4.x Bugs
- Topic: reboot slow after configure
- Replies: 5
- Views: 2089
Re: reboot slow after configure
I found that the problem start only when a system is loaded with messages incoming,
it takes 2 minutes and at the end i can see dracut killing remaining processes
In a system with low traffic it doesnt occur it occurs only when i turn dns to use system
it takes 2 minutes and at the end i can see dracut killing remaining processes
In a system with low traffic it doesnt occur it occurs only when i turn dns to use system