Page 1 of 1

EFA-3.0.2.6 - Fails to relay to smart host unless rebooted

Posted: 27 Jan 2019 04:01
by sunnyg
Hello experts,

I am hoping that someone will be able to help me.

I am running with EFA version 3.0.2.6, I have configured EFA to use a Smart host.

Having spoken to my SMTP provider (Turbo SMTP) they had advised that the following settings should be used:

create a password maps file, for example /etc/postfix/relay_passwd:

smtp.smarthostname.example.com USERNAME:PASSWORD"

Ensure the file has the correct permissions and to create the hash from the maps file by executing:

chown root:root /etc/postfix/relay_passwd
chmod 600 /etc/postfix/relay_passwd
postmap /etc/postfix/relay_passwd

Add the following line to /etc/postfix/main.cf

relayhost = SMARTHOST:587

Finally add to /etc/postfix/main.cf below the "relayhost =" line:

smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/relay_passwd
smtp_sasl_security_options =

Restart Postfix for the changes to take effect: /etc/init.d/postfix restart

as outlined here: https://kb.spamexperts.com/36458-mta-co ... entication

Having followed these steps, I am finding that emails arrive into the Postfix queue, but then just sit there, unless I reboot the EFA host (restarting postfix or mailscanner on there own has no effect).

But then the same issue occurs with new emails being sent, anyone have any thoughts on what could be causing this to occur?


Thanks in advance
Sunny

Re: EFA-3.0.2.6 - Fails to relay to smart host unless rebooted

Posted: 27 Jan 2019 13:09
by jamerson
Hi Sunny,
i know my answer is not what you are looking for, but why not sending out using your mx record ?
its much easer and EFA will use TLS whenever it neede.
Are you using SASL in the authentications ?
Relaying emails on the Provider ISP is never a smarthought.

Re: EFA-3.0.2.6 - Fails to relay to smart host unless rebooted

Posted: 27 Jan 2019 14:50
by shawniverson
sunnyg wrote: 27 Jan 2019 04:01 Having followed these steps, I am finding that emails arrive into the Postfix queue, but then just sit there, unless I reboot the EFA host (restarting postfix or mailscanner on there own has no effect).

But then the same issue occurs with new emails being sent, anyone have any thoughts on what could be causing this to occur?


Thanks in advance
Sunny
What do you see happening in the maillog (/var/log/maillog) ?

Re: EFA-3.0.2.6 - Fails to relay to smart host unless rebooted

Posted: 27 Jan 2019 16:08
by sunnyg
shawniverson wrote: 27 Jan 2019 14:50
sunnyg wrote: 27 Jan 2019 04:01 Having followed these steps, I am finding that emails arrive into the Postfix queue, but then just sit there, unless I reboot the EFA host (restarting postfix or mailscanner on there own has no effect).

But then the same issue occurs with new emails being sent, anyone have any thoughts on what could be causing this to occur?


Thanks in advance
Sunny
What do you see happening in the maillog (/var/log/maillog) ?


Hi,

having reviewed the maillog it seems that CLAMAV is terminating for some reason:

Jan 27 11:01:23 efa MailScanner[12299]: Virus Scanning: Found 1 viruses
Jan 27 11:01:23 efa MailScanner[12299]: Spam Checks: Starting
Jan 27 11:01:23 efa MailScanner[12299]: Deleted 1 messages from processing-database
Jan 27 11:01:23 efa MailScanner[12299]: MailWatch: Logging message B7BF420083.A1FA5 to SQL
Jan 27 11:01:23 efa MailScanner[12348]: MailWatch: B7BF420083.A1FA5: Logged to MailWatch SQL
Jan 27 11:01:23 efa MailScanner[12299]: New Batch: Scanning 1 messages, 2891 bytes
Jan 27 11:01:23 efa MailScanner[12299]: Virus and Content Scanning: Starting
Jan 27 11:01:23 efa postfix/smtpd[12937]: connect from localhost[127.0.0.1]
Jan 27 11:01:23 efa postfix/smtpd[12937]: lost connection after CONNECT from localhost[127.0.0.1]
Jan 27 11:01:23 efa postfix/smtpd[12937]: disconnect from localhost[127.0.0.1] commands=0/0
Jan 27 11:01:23 efa MailScanner[12299]: Clamd::ERROR:: COULD NOT CONNECT TO CLAMD, RECOMMEND RESTARTING DAEMON :: .
Jan 27 11:01:23 efa MailScanner[12299]: Virus Scanning: Clamd found 1 infections
Jan 27 11:01:23 efa MailScanner[12299]: Virus Scanning: No virus scanners worked, so message batch was abandoned and retried!



I have confirmed that if I start the clamav service the email gets sent, so i need to figure out why clamav is terminating on its own..

I see the following reported when I start the deamon:
Starting Clam AntiVirus Daemon: LibClamAV Error: yyerror(): /var/lib/clamav/antidebug_antivm.yar line 497 undefined identifier "pe"
LibClamAV Error: yyerror(): /var/lib/clamav/antidebug_antivm.yar line 512 undefined identifier "pe"
LibClamAV Error: yyerror(): /var/lib/clamav/antidebug_antivm.yar line 528 undefined identifier "pe"
LibClamAV Error: yyerror(): /var/lib/clamav/antidebug_antivm.yar line 544 undefined identifier "pe"
LibClamAV Error: yyerror(): /var/lib/clamav/antidebug_antivm.yar line 557 undefined identifier "pe"
LibClamAV Error: yyerror(): /var/lib/clamav/antidebug_antivm.yar line 603 undefined identifier "pe"
LibClamAV Error: yyerror(): /var/lib/clamav/antidebug_antivm.yar line 614 undefined identifier "pe"


but from what i have been able to find out these can be safely ignored.

freshclam, reports that the definitions are upto date, but that ClamAV is outdated, i however do not seem to be able to update this to 0.101.1:

ClamAV update process started at Sun Jan 27 11:07:12 2019
WARNING: Your ClamAV installation is OUTDATED!
WARNING: Local version: 0.100.2 Recommended version: 0.101.1
DON'T PANIC! Read https://www.clamav.net/documents/upgrading-clamav

Re: EFA-3.0.2.6 - Fails to relay to smart host unless rebooted

Posted: 27 Jan 2019 17:46
by shawniverson
Disable the yara rules and remove them.

Re: EFA-3.0.2.6 - Fails to relay to smart host unless rebooted

Posted: 27 Jan 2019 19:52
by sunnyg
shawniverson wrote: 27 Jan 2019 17:46 Disable the yara rules and remove them.
Thanks shawniverson, I actually ended up just renaming /var/lib/clamav/antidebug_antivm.yar, and starting clamd, so far for the last 20 minutes the service hasn't stopped, but will monitor further and see if remains running.