Several Issues with 3.0.7

General eFa discussion
Post Reply
ramtech
Posts: 56
Joined: 20 Sep 2013 01:31

Several Issues with 3.0.7

Post by ramtech »

Hi all,
i have used EFA several time before and love it. I have just installed a new install (VM 3.0.5 upgraded to 3.0.7) and I'm having quite a few issues.
  • No GeoIP Lookups succeed.
  • Clamd was failing causing the emails to just keep reappearing back in the list and never delivering
  • Lots of false positives with the defaults (Normally we find it excellent out of the box with only a few tweaks needed)
I haven't been able to solve the GeoIP issue yet. This is my main question.

The Clamd issue was a bit confusing. Before I knew it was Clamd causing the issue, I restarted the whole VM. No joy. I restarted mailscanner with still no joy. I searched the /var/log/mailog to find a fair few Clamd errors (46000 to be precise). I restarted the Clamd daemon and it failed to stop, but started up again okay. After this mail started being processed correctly. The 70 emails that had been received turned into 6.5Gb and 50000 emails processed and finally fell into the end user mailboxes.

The false positives, i will have to starting checking one by one and find out what is going on and why we suddenly have some many issues.

So question one is, any suggestions on how to fix the GeoIP lookups? {Solved! See edits below} :arrow:

Question two is, any known reason why we would be having more FP issues than previous versions.

Edit:
I have just found this in a SpamAssassin Lint Test..

Code: Select all

metadata: RelayCountry: failed to load 'Geo::IP', skipping: Error opening /usr/local/share/GeoIP/GeoIP.dat at (eval 46) line 4973, <DATA> line 717.
Any guesses what this means? This file doesn't exist on my system as it seems to be a symbolic link to /var/www/html/mailscanner/temp/GeoIP.dat which isn't there. How can it evaluate it and fail at a line number if it isn't there?

Another Edit:
I have re downloaded the GeoIP Database from the GUI. I restarted the MailScanner service and re-ran the SA Lint test (No errors this time). This seems to have resolved the GeoIP issue for anyone's future reference.

Code: Select all

sudo service MailScanner restart
So apart from the lots more FPs, all my questions seem answered (by me :) ) now. Any help with the FPs would be appreciated.
User avatar
shawniverson
Posts: 3644
Joined: 13 Jan 2014 23:30
Location: Indianapolis, Indiana USA
Contact:

Re: Several Issues with 3.0.7

Post by shawniverson »

Can you share a spam report on one of the FPs?

As for clamd issue, how much memory does your EFA have?
ramtech
Posts: 56
Joined: 20 Sep 2013 01:31

Re: Several Issues with 3.0.7

Post by ramtech »

Hi Shaun,
1GB RAM on the VM. It is the 3.0.5 VM downloaded from one of the mirrors.

I will get a Spam report and forward it through. as soon as I am back there.
User avatar
darky83
Site Admin
Posts: 540
Joined: 30 Sep 2012 11:03
Location: eFa
Contact:

Re: Several Issues with 3.0.7

Post by darky83 »

1GB ram is just not enough, 2GB is the minimum but 4GB is recommended.

Out of the box we have configured the machine with 2GB, and from 3.0.0.7 and forward this will be 4GB

Try increasing your memory to 4GB :)
Version eFa 4.x now available!
ramtech
Posts: 56
Joined: 20 Sep 2013 01:31

Re: Several Issues with 3.0.7

Post by ramtech »

Ta Shawn.
I hadn't read that anywhere so just left the standard. (It was at 2GB btw)
I have upped it to 4Gb now so we'll see how that goes.
ramtech
Posts: 56
Joined: 20 Sep 2013 01:31

Re: Several Issues with 3.0.7

Post by ramtech »

It's a bit more stable now with 4GB. I've booted it a few times and all okay, so I assume you're correct Shawn. The Clamd issue was insufficient RAM.

My current dilemma is /var/log/maillog filling up with the following...

Code: Select all

Mar  4 15:14:54 MPHOEFA dccifd[1230]: no working DCC servers dcc1.dcc-servers.net dcc2.dcc-servers.net dcc3.dcc-servers.net ... at 137.208.8.63 74.92.232.243
Mar  4 15:14:56 MPHOEFA dccifd[1230]: no working DCC servers dcc1.dcc-servers.net dcc2.dcc-servers.net dcc3.dcc-servers.net ... at 137.208.8.63 74.92.232.243
Mar  4 15:14:59 MPHOEFA dccifd[1230]: continue not asking DCC 59 seconds after 2 failures
Mar  4 15:15:01 MPHOEFA dccifd[1230]: continue not asking DCC 57 seconds after 2 failures
Mar  4 15:25:50 MPHOEFA dccifd[1230]: no working DCC servers dcc1.dcc-servers.net dcc2.dcc-servers.net dcc3.dcc-servers.net ... at 137.208.8.63 74.92.232.243
Mar  4 15:27:52 MPHOEFA dccifd[1230]: no working DCC servers dcc1.dcc-servers.net dcc2.dcc-servers.net dcc3.dcc-servers.net ... at 137.208.8.63 74.92.232.243
Mar  4 15:31:27 MPHOEFA dccifd[1230]: no working DCC servers dcc1.dcc-servers.net dcc2.dcc-servers.net dcc3.dcc-servers.net ... at 137.208.8.63 74.92.232.243
Mar  4 15:33:51 MPHOEFA dccifd[1230]: no working DCC servers dcc1.dcc-servers.net dcc2.dcc-servers.net dcc3.dcc-servers.net ... at 137.208.8.63 74.92.232.243
Mar  4 15:33:59 MPHOEFA dccifd[1230]: continue not asking DCC 24 seconds after 1 failures
Mar  4 15:34:07 MPHOEFA dccifd[1230]: continue not asking DCC 16 seconds after 1 failures
Mar  4 15:43:46 MPHOEFA dccifd[1230]: no working DCC servers dcc1.dcc-servers.net dcc2.dcc-servers.net dcc3.dcc-servers.net ... at 137.208.8.63 74.92.232.243
Mar  4 15:46:22 MPHOEFA dccifd[1230]: no working DCC servers dcc1.dcc-servers.net dcc2.dcc-servers.net dcc3.dcc-servers.net ... at 137.208.8.63 74.92.232.243
Any suggestions on that one? I assume some sort of firewall issue but can't find any info on what protocol or ports it's trying to talk on.

Edit:
Found it on another forum. The following ACL on my Cisco solved my problem...

Code: Select all

permit udp any eq 6277 host <my.ext.ip.add> gt 1023
User avatar
darky83
Site Admin
Posts: 540
Joined: 30 Sep 2012 11:03
Location: eFa
Contact:

Re: Several Issues with 3.0.7

Post by darky83 »

Bit late response :) but its also in the wiki, make sure you have all the needed ports open.

https://efa-project.org/wiki/FAQ#What_f ... _needed.3F
Version eFa 4.x now available!
ramtech
Posts: 56
Joined: 20 Sep 2013 01:31

Re: Several Issues with 3.0.7

Post by ramtech »

Thanks for that. I looked in the wiki but obviously had a man look. Sorry.

For any other Cisco ISR users out there that are hiding behind ACLs, as opposed to CBAC or ZBFW I had to do the following on my IN WAN ACL...

Code: Select all

ip access-list extended aclInternetInbound
 permit tcp any any established
 permit udp any eq 6277 host <WAN.EXT.IP.ADDR> gt 1023
 permit udp any eq 24441 host <WAN.EXT.IP.ADDR> gt 1023
 ... ! the rest of your ACL
!
interface <WAN.INTERFACE>
 ip access-group aclInternetInbound in
 
Post Reply