opendmarc.service failed - kills mailscanner?
Re: opendmarc.service failed - kills mailscanner?
New post 'cause the other is getting long.
If helpful, I have the email that caused the above issue. When the eFa server the second time, it was sent to the plain postfix backup server.
I confirmed that flushing the cache to send it from backup to primary causes eFa to crash.
Steve
If helpful, I have the email that caused the above issue. When the eFa server the second time, it was sent to the plain postfix backup server.
I confirmed that flushing the cache to send it from backup to primary causes eFa to crash.
Steve
-
- Posts: 6
- Joined: 16 May 2023 17:42
Re: opendmarc.service failed - kills mailscanner?
Here is some more debug info:
May 16 13:22:28 efa postfix/smtpd[4227]: 4QLDNh0K3LzB6HKt: client=mailoutp.awi-potsdam.de[139.75.1.113]
May 16 13:22:28 efa postfix/cleanup[4235]: 4QLDNh0K3LzB6HKt: message-id=<050b7265188649de82b5915b078eba02@awi.de>
May 16 13:22:28 efa opendkim[2623]: 4QLDNh0K3LzB6HKt: mailoutp.awi-potsdam.de [139.75.1.113] not internal
May 16 13:22:28 efa opendkim[2623]: 4QLDNh0K3LzB6HKt: not authenticated
May 16 13:22:28 efa opendkim[2623]: 4QLDNh0K3LzB6HKt: DKIM verification successful
May 16 13:22:28 efa opendmarc[2622]: 4QLDNh0K3LzB6HKt: ignoring invalid ARC-Authentication-Results header "i=1;#012#011smtpd-out;#012#011none"
May 16 13:22:29 efa postfix/cleanup[4235]: 4QLDNh0K3LzB6HKt: milter-reject: END-OF-MESSAGE from mailoutp.awi-potsdam.de[139.75.1.113]: 4.7.1 Service unavailable - try again later; from=<x@awi.de> to=<y@z.net> proto=ESMTP helo=<mailoutp.awi-potsdam.de>
May 15 15:27:26 efa kernel: opendmarc[745]: segfault at 0 ip 00007f32b05d3a84 sp 00007f32ad98e118 error 4 in libbsd.so.0.11.7[7f32b05c7000+14000]
May 15 17:47:26 efa kernel: opendmarc[15643]: segfault at 0 ip 00007f0bd70ada84 sp 00007f0bcefd8118 error 4 in libbsd.so.0.11.7[7f0bd70a1000+14000]
May 16 08:57:27 efa kernel: opendmarc[10935]: segfault at 0 ip 00007fa7dfafaa84 sp 00007fa7cdfd6118 error 4 in libbsd.so.0.11.7[7fa7dfaee000+14000]
May 16 10:07:27 efa kernel: opendmarc[15674]: segfault at 0 ip 00007f9b47aeea84 sp 00007f9b456aa118 error 4 in libbsd.so.0.11.7[7f9b47ae2000+14000]
May 16 11:17:27 efa kernel: opendmarc[12461]: segfault at 0 ip 00007f747f131a84 sp 00007f747cced118 error 4 in libbsd.so.0.11.7[7f747f125000+14000]
May 16 12:27:27 efa kernel: opendmarc[25279]: segfault at 0 ip 00007f6919502a84 sp 00007f69160bc118 error 4 in libbsd.so.0.11.7[7f69194f6000+14000]
May 16 12:44:40 efa kernel: opendmarc[4205]: segfault at 0 ip 00007f35f91bca84 sp 00007f35f6d78118 error 4 in libbsd.so.0.11.7[7f35f91b0000+14000]
May 16 13:22:28 efa kernel: opendmarc[8947]: segfault at 0 ip 00007f4cfb02ca84 sp 00007f4cf8be8118 error 4 in libbsd.so.0.11.7[7f4cfb020000+14000]
May 16 14:47:28 efa kernel: opendmarc[7859]: segfault at 0 ip 00007f854d62ca84 sp 00007f85499e5118 error 4 in libbsd.so.0.11.7[7f854d620000+14000]
May 16 15:12:27 efa kernel: opendmarc[10097]: segfault at 0 ip 00007f40410eaa84 sp 00007f403e4a5118 error 4 in libbsd.so.0.11.7[7f40410de000+14000]
May 16 15:57:27 efa kernel: opendmarc[13646]: segfault at 0 ip 00007f87b58f7a84 sp 00007f87b34b3118 error 4 in libbsd.so.0.11.7[7f87b58eb000+14000]
May 16 17:07:27 efa kernel: opendmarc[16090]: segfault at 0 ip 00007fa06cf11a84 sp 00007fa0696be118 error 4 in libbsd.so.0.11.7[7fa06cf05000+14000]
May 16 17:32:28 efa kernel: opendmarc[8752]: segfault at 0 ip 00007f5ddfb25a84 sp 00007f5dcffda118 error 4 in libbsd.so.0.11.7[7f5ddfb19000+14000]
Thanks
Gerald
May 16 13:22:28 efa postfix/smtpd[4227]: 4QLDNh0K3LzB6HKt: client=mailoutp.awi-potsdam.de[139.75.1.113]
May 16 13:22:28 efa postfix/cleanup[4235]: 4QLDNh0K3LzB6HKt: message-id=<050b7265188649de82b5915b078eba02@awi.de>
May 16 13:22:28 efa opendkim[2623]: 4QLDNh0K3LzB6HKt: mailoutp.awi-potsdam.de [139.75.1.113] not internal
May 16 13:22:28 efa opendkim[2623]: 4QLDNh0K3LzB6HKt: not authenticated
May 16 13:22:28 efa opendkim[2623]: 4QLDNh0K3LzB6HKt: DKIM verification successful
May 16 13:22:28 efa opendmarc[2622]: 4QLDNh0K3LzB6HKt: ignoring invalid ARC-Authentication-Results header "i=1;#012#011smtpd-out;#012#011none"
May 16 13:22:29 efa postfix/cleanup[4235]: 4QLDNh0K3LzB6HKt: milter-reject: END-OF-MESSAGE from mailoutp.awi-potsdam.de[139.75.1.113]: 4.7.1 Service unavailable - try again later; from=<x@awi.de> to=<y@z.net> proto=ESMTP helo=<mailoutp.awi-potsdam.de>
May 15 15:27:26 efa kernel: opendmarc[745]: segfault at 0 ip 00007f32b05d3a84 sp 00007f32ad98e118 error 4 in libbsd.so.0.11.7[7f32b05c7000+14000]
May 15 17:47:26 efa kernel: opendmarc[15643]: segfault at 0 ip 00007f0bd70ada84 sp 00007f0bcefd8118 error 4 in libbsd.so.0.11.7[7f0bd70a1000+14000]
May 16 08:57:27 efa kernel: opendmarc[10935]: segfault at 0 ip 00007fa7dfafaa84 sp 00007fa7cdfd6118 error 4 in libbsd.so.0.11.7[7fa7dfaee000+14000]
May 16 10:07:27 efa kernel: opendmarc[15674]: segfault at 0 ip 00007f9b47aeea84 sp 00007f9b456aa118 error 4 in libbsd.so.0.11.7[7f9b47ae2000+14000]
May 16 11:17:27 efa kernel: opendmarc[12461]: segfault at 0 ip 00007f747f131a84 sp 00007f747cced118 error 4 in libbsd.so.0.11.7[7f747f125000+14000]
May 16 12:27:27 efa kernel: opendmarc[25279]: segfault at 0 ip 00007f6919502a84 sp 00007f69160bc118 error 4 in libbsd.so.0.11.7[7f69194f6000+14000]
May 16 12:44:40 efa kernel: opendmarc[4205]: segfault at 0 ip 00007f35f91bca84 sp 00007f35f6d78118 error 4 in libbsd.so.0.11.7[7f35f91b0000+14000]
May 16 13:22:28 efa kernel: opendmarc[8947]: segfault at 0 ip 00007f4cfb02ca84 sp 00007f4cf8be8118 error 4 in libbsd.so.0.11.7[7f4cfb020000+14000]
May 16 14:47:28 efa kernel: opendmarc[7859]: segfault at 0 ip 00007f854d62ca84 sp 00007f85499e5118 error 4 in libbsd.so.0.11.7[7f854d620000+14000]
May 16 15:12:27 efa kernel: opendmarc[10097]: segfault at 0 ip 00007f40410eaa84 sp 00007f403e4a5118 error 4 in libbsd.so.0.11.7[7f40410de000+14000]
May 16 15:57:27 efa kernel: opendmarc[13646]: segfault at 0 ip 00007f87b58f7a84 sp 00007f87b34b3118 error 4 in libbsd.so.0.11.7[7f87b58eb000+14000]
May 16 17:07:27 efa kernel: opendmarc[16090]: segfault at 0 ip 00007fa06cf11a84 sp 00007fa0696be118 error 4 in libbsd.so.0.11.7[7fa06cf05000+14000]
May 16 17:32:28 efa kernel: opendmarc[8752]: segfault at 0 ip 00007f5ddfb25a84 sp 00007f5dcffda118 error 4 in libbsd.so.0.11.7[7f5ddfb19000+14000]
Thanks
Gerald
Re: opendmarc.service failed - kills mailscanner?
The is a known issue with opendmarc.
See https://github.com/trusteddomainproject ... issues/236
The fix is to edit the file /usr/lib/systemd/system/opendmarc.service and change the [Service] section to match the below by adding the restart directives.
After editing, run the commands below, and your eFa should not crash when encountering and ARC header it cannot process.
See https://github.com/trusteddomainproject ... issues/236
The fix is to edit the file /usr/lib/systemd/system/opendmarc.service and change the [Service] section to match the below by adding the restart directives.
Code: Select all
[Service]
Type=forking
PIDFile=/run/opendmarc/opendmarc.pid
EnvironmentFile=-/etc/sysconfig/opendmarc
ExecStart=/usr/sbin/opendmarc $OPTIONS
ExecReload=/bin/kill -USR1 $MAINPID
User=opendmarc
Group=opendmarc
Restart=always
RestartSec=3
Code: Select all
systemctl daemon-reload
service opendmarc restart
Re: opendmarc.service failed - kills mailscanner?
Question in case anyone knows.
Before I tried the solution above for a restart of the opendmarc service, I tried adding the opendmarc service to /etc/sysconfig/eFa-Monitor file with the line change
It didn't seem to work, as the service wasn't restarted. Anyone know what I missed?
Steve
Before I tried the solution above for a restart of the opendmarc service, I tried adding the opendmarc service to /etc/sysconfig/eFa-Monitor file with the line change
Code: Select all
MonitoredServices=("mysqld=mysqld" "MailScanner=mailscanner" "master=postfix" "httpd=httpd" "clamd=clamd@scan" "unbound=unbound" "dccifd=adcc" "MSMilter=msmilter" "OpenDMARC=opendmarc")
Steve
-
- Posts: 6
- Joined: 16 May 2023 17:42
Re: opendmarc.service failed - kills mailscanner?
Hi there,
to restart the daemon when the service crashes, is not a solution, as mails from awi.de cannot be processed and never reach the destionation.
I tried the ignore.hosts file in /etc/opendmarc to except the awi.de domain from dmarc processing, unforunately the sender ceased to send us mails meanwhile!
Yours
Gerald
to restart the daemon when the service crashes, is not a solution, as mails from awi.de cannot be processed and never reach the destionation.
I tried the ignore.hosts file in /etc/opendmarc to except the awi.de domain from dmarc processing, unforunately the sender ceased to send us mails meanwhile!
Yours
Gerald
Re: opendmarc.service failed - kills mailscanner?
Btw. Awi.de is not even on blacklist if i check with mx toolbox. Whats up with this domain?
-
- Posts: 6
- Joined: 16 May 2023 17:42
Re: opendmarc.service failed - kills mailscanner?
It must be the domain name itself which crashes opendmarc. I think it's a weird conicidence.
Can somone of the eFa developers check this with opendmarc development?
It seems that subdomains of awi.de are affected as well.
the dmarc-record seems to be fine
dig _dmarc.awi.de txt
; <<>> DiG 9.18.12-0ubuntu0.22.04.1-Ubuntu <<>> _dmarc.awi.de txt
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19840
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;_dmarc.awi.de. IN TXT
;; ANSWER SECTION:
_dmarc.awi.de. 54 IN TXT "v=DMARC1; p=none; adkim=r; aspf=r; rua=mailto:dmarc@awi.de"
;; Query time: 0 msec
;; SERVER: 127.0.0.53#53(127.0.0.53) (UDP)
;; WHEN: Thu May 18 14:14:58 UTC 2023
;; MSG SIZE rcvd: 113
Can somone of the eFa developers check this with opendmarc development?
It seems that subdomains of awi.de are affected as well.
the dmarc-record seems to be fine
dig _dmarc.awi.de txt
; <<>> DiG 9.18.12-0ubuntu0.22.04.1-Ubuntu <<>> _dmarc.awi.de txt
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19840
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;_dmarc.awi.de. IN TXT
;; ANSWER SECTION:
_dmarc.awi.de. 54 IN TXT "v=DMARC1; p=none; adkim=r; aspf=r; rua=mailto:dmarc@awi.de"
;; Query time: 0 msec
;; SERVER: 127.0.0.53#53(127.0.0.53) (UDP)
;; WHEN: Thu May 18 14:14:58 UTC 2023
;; MSG SIZE rcvd: 113
Re: opendmarc.service failed - kills mailscanner?
Have you tried adding the domains you want email from to the IgnoreMailFrom directive in opendmarc.conf file?
That may allow mail from the domain to process through the other filters.
Code: Select all
IgnoreMailFrom awi.de
-
- Posts: 6
- Joined: 16 May 2023 17:42
Re: opendmarc.service failed - kills mailscanner?
As I wrote, I already put the domain awi.de in /etc/opendmarc/ignore.hosts
but this is a workaround, not a fix!
Yours
Gerald
but this is a workaround, not a fix!
Yours
Gerald
-
- Posts: 6
- Joined: 16 May 2023 17:42
Re: opendmarc.service failed - kills mailscanner?
The entry in ignore.hosts did not help really, as they use a bunch of outgoing mailers
I tried IgnoreDomain in /etc/opdndmarc.conf now.
Can anybody file a bug report for opendmarc?
Thanks
Gerald
I tried IgnoreDomain in /etc/opdndmarc.conf now.
Can anybody file a bug report for opendmarc?
Thanks
Gerald
Re: opendmarc.service failed - kills mailscanner?
We have been also hit with this problem for the first time in June o nour Efa v4 box.
Fortunately the related e-mail comes from one single IP/domain address, so I put it in /etc/opendmarc/ignore.hosts.
Interestingly the domain is also related to a German based company. (teuto.net)
I have seen a patch on the project github page from May 2023:
[url]https://github.com/trusteddomainproject ... issues/242[/url)
But I wonder why this is not implemented in eFa? Unfortunately I am not a coder to do it myself ...
Andreas
Fortunately the related e-mail comes from one single IP/domain address, so I put it in /etc/opendmarc/ignore.hosts.
Interestingly the domain is also related to a German based company. (teuto.net)
I have seen a patch on the project github page from May 2023:
[url]https://github.com/trusteddomainproject ... issues/242[/url)
But I wonder why this is not implemented in eFa? Unfortunately I am not a coder to do it myself ...
Andreas
Re: opendmarc.service failed - kills mailscanner?
We have been also hit with this problem for the first time in June o nour Efa v4 box.
Fortunately the related e-mail comes from one single IP/domain address, so I put it in /etc/opendmarc/ignore.hosts.
Interestingly the domain is also related to a German based company. (teuto.net)
I have seen a patch on the project github page from May 2023:
[url]https://github.com/trusteddomainproject ... issues/242[/url)
But I wonder why this is not implemented in eFa? Unfortunately I am not a coder to do it myself ...
Andreas
Code: Select all
opendmarc[2430]: 4W0s5802MNzCVjQy: ignoring invalid ARC-Authentication-Results header "i=1;#012#011mailrelay.teuto.net;#012 #011none"
Interestingly the domain is also related to a German based company. (teuto.net)
I have seen a patch on the project github page from May 2023:
[url]https://github.com/trusteddomainproject ... issues/242[/url)
But I wonder why this is not implemented in eFa? Unfortunately I am not a coder to do it myself ...
Andreas
- shawniverson
- Posts: 3757
- Joined: 13 Jan 2014 23:30
- Location: Indianapolis, Indiana USA
- Contact:
Re: opendmarc.service failed - kills mailscanner?
1) eFa uses stock RPM for OpenDMARC from distributionajmind wrote: ↑03 Jul 2024 13:05 [url]https://github.com/trusteddomainproject ... issues/242[/url)
But I wonder why this is not implemented in eFa? Unfortunately I am not a coder to do it myself ...
Andreas
2) the PR hasn't been merged yet