HowTo test EFAv5

[shawniverson]

Sounds like the shell tried to interpret a special character in your provided password. I'll see if I can prevent that.

[ajmind]

Your problem is likely SELinux, since you changed the path of the quarantine directory. If you look in /var/log/audit/audit.log you'll likely see a lot of denied operations.

Thank you for this hint, I have corrected the SELinux security context as it was not like on my eFav4 box used in production:

Code: Select all

semanage fcontext -a -t mscan_spool_t /var/spool/MailScanner/quarantine

While checking the default SELinux context I have noted difference between eFav4 (CentOs7) and eFav5 (Rocky Linux 9.x):

eFav4:

Code: Select all

[root@IT1MAILGW1 etc]# matchpathcon -V /var/spool/MailScanner/*
/var/spool/MailScanner/archive verified.
/var/spool/MailScanner/incoming verified.
/var/spool/MailScanner/milterin verified.
/var/spool/MailScanner/milterout verified.
/var/spool/MailScanner/quarantine verified.
/var/spool/MailScanner/ramdisk_store verified.
/var/spool/MailScanner/spamassassin verified.

eFav5:

Code: Select all

[root@it1mailgw5 ~]# matchpathcon -V /var/spool/MailScanner/*
/var/spool/MailScanner/archive verified.
/var/spool/MailScanner/incoming has context system_u:object_r:tmpfs_t:s0, should be system_u:object_r:mscan_spool_t:s0
/var/spool/MailScanner/milterin verified.
/var/spool/MailScanner/milterout verified.
/var/spool/MailScanner/quarantine verified.
/var/spool/MailScanner/ramdisk_store verified.
/var/spool/MailScanner/spamassassin verified.

After correction and reboot the status is always as above, but so far it seems to be no functional problem.

[tesme33]

Hi
i can see the same on my eFa4 (CentOS7).

Code: Select all

[root@efa4 ~]# matchpathcon -V /var/spool/MailScanner/*
/var/spool/MailScanner/archive verified.
/var/spool/MailScanner/incoming has context system_u:object_r:tmpfs_t:s0, should be system_u:object_r:mscan_spool_t:s0
/var/spool/MailScanner/milterin verified.
/var/spool/MailScanner/milterout verified.
/var/spool/MailScanner/quarantine verified.
/var/spool/MailScanner/ramdisk_store verified.
/var/spool/MailScanner/spamassassin verified.

Just for Info.

Yours

[e-d-i-t]

Same here on both EFA4 and EFA5.

Code: Select all

/var/spool/MailScanner/incoming has context system_u:object_r:tmpfs_t:s0, should be system_u:object_r:mscan_spool_t:s0

But never experienced a problem actually? What should not work? Quarantine of virus contained mails? That is seldom and actually gives me always the same error that I can't remember...

[shawniverson]

This is not an issue. This directory is on a temp filesystem which is why the discrepancy. The eFa SELinux ruleset already handles it accordingly.

[sergio_eristoff]

Hello!

I would like to test the new EFA 5 and have a few questions:

- Will it be possible to upgrade directly to the stable version
- What are the system requirements for EFA 5 or are they the same as for EFA4?

Thank you!

[tesme33]

Hi
i would like to support testing on AlmaLinux9 or Rocky 9.
Can anybody point me to a kickstart location for information how to start ?

Thx

[shawniverson]

Hello!

I would like to test the new EFA 5 and have a few questions:

- Will it be possible to upgrade directly to the stable version

After installing the test version, when the stable version is released you can switch the repo over to the stable version.

- What are the system requirements for EFA 5 or are they the same as for EFA4?

The same.

[shawniverson]

Hi
i would like to support testing on AlmaLinux9 or Rocky 9.
Can anybody point me to a kickstart location for information how to start ?

Thx

viewtopic.php?p=19751#p19751

[tesme33]

Hi
thanks for the quick reply.

I got it installed on a AlmaLinux 9.4. No issues to install.

Below you find the first issue. Look like clamd went crazy.

Code: Select all

------
[  756.157760] MailScanner: wa invoked oom-killer: gfp_mask=0x140cca(GFP_HIGHUSER_MOVABLE|__GFP_COMP), order=0, oom_score_adj=0
[  756.157772] CPU: 3 PID: 2993 Comm: MailScanner: wa Kdump: loaded Not tainted 5.14.0-427.18.1.el9_4.x86_64 #1
[  756.157776] Hardware name: netcup KVM Server, BIOS VPS 500 G10s 08/02/2023
[  756.157779] Call Trace:
[  756.157792]  <TASK>
[  756.157796]  dump_stack_lvl+0x34/0x48
[  756.157830]  dump_header+0x4a/0x201
[  756.157839]  oom_kill_process.cold+0xb/0x10
[  756.157842]  out_of_memory+0xed/0x2e0
[  756.157861]  __alloc_pages_slowpath.constprop.0+0x6e8/0x960
[  756.157875]  __alloc_pages+0x21d/0x250
[  756.157877]  folio_alloc+0x17/0x50
[  756.157889]  __filemap_get_folio+0x1cd/0x330
[  756.157896]  filemap_fault+0x404/0x700
[  756.157899]  ? next_uptodate_page+0x160/0x1f0
[  756.157902]  ? filemap_map_pages+0x2c2/0x540
[  756.157905]  __do_fault+0x37/0x1f0
[  756.157915]  do_read_fault+0xf4/0x1d0
[  756.157917]  ? do_nanosleep+0x91/0x190
[  756.157937]  do_pte_missing+0x1a9/0x400
[  756.157940]  __handle_mm_fault+0x32b/0x670
[  756.157945]  handle_mm_fault+0xcd/0x290
[  756.157948]  do_user_addr_fault+0x1b4/0x6a0
[  756.157964]  exc_page_fault+0x62/0x150
[  756.157974]  asm_exc_page_fault+0x22/0x30
[  756.157981] RIP: 0033:0x7fcb67d5e62c
[  756.158007] Code: Unable to access opcode bytes at RIP 0x7fcb67d5e602.
[  756.158007] RSP: 002b:00007ffcbe531f80 EFLAGS: 00010202
[  756.158013] RAX: 0000000000000000 RBX: 0000557170fa42a0 RCX: 00007fcb678d403a
[  756.158014] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  756.158016] RBP: 0000557175b4c008 R08: 0000557173421e28 R09: 0000000000000000
[  756.158017] R10: 00007ffcbe531f40 R11: 0000000000000246 R12: 0000557173413bd0
[  756.158018] R13: 0000557175b4c000 R14: 000055716f469d00 R15: 00007fcb681a1000
[  756.158022]  </TASK>
[  756.158025] Mem-Info:
[  756.158030] active_anon:601482 inactive_anon:281834 isolated_anon:0
                active_file:525 inactive_file:26 isolated_file:0
                unevictable:4 dirty:0 writeback:0
                slab_reclaimable:6866 slab_unreclaimable:11564
                mapped:4706 shmem:8602 pagetables:3641
                sec_pagetables:0 bounce:0
                kernel_misc_reclaimable:0
                free:21423 free_pcp:788 free_cma:0
[  756.158036] Node 0 active_anon:966128kB inactive_anon:2567136kB active_file:1896kB inactive_file:308kB unevictable:16kB isolated(anon):0kB isolated(file):0kB mapped:18824kB dirty:0kB writeback:0kB shmem:34408kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 290816kB writeback_tmp:0kB kernel_stack:7088kB pagetables:14564kB sec_pagetables:0kB all_unreclaimable? no
[  756.158042] Node 0 DMA free:14700kB boost:0kB min:276kB low:344kB high:412kB reserved_highatomic:0KB active_anon:84kB inactive_anon:52kB active_file:0kB inactive_file:4kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  756.158048] lowmem_reserve[]: 0 2657 3607 3607 3607
[  756.158051] Node 0 DMA32 free:53312kB boost:0kB min:49580kB low:61972kB high:74364kB reserved_highatomic:0KB active_anon:564548kB inactive_anon:2117084kB active_file:0kB inactive_file:1428kB unevictable:16kB writepending:0kB present:3129196kB managed:2758784kB mlocked:16kB bounce:0kB free_pcp:1448kB local_pcp:204kB free_cma:0kB
[  756.158057] lowmem_reserve[]: 0 0 949 949 949
[  756.158059] Node 0 Normal free:17680kB boost:0kB min:17720kB low:22148kB high:26576kB reserved_highatomic:0KB active_anon:322800kB inactive_anon:528696kB active_file:308kB inactive_file:716kB unevictable:0kB writepending:0kB present:1048576kB managed:972796kB mlocked:0kB bounce:0kB free_pcp:1704kB local_pcp:416kB free_cma:0kB
[  756.158067] lowmem_reserve[]: 0 0 0 0 0
[  756.158071] Node 0 DMA: 0*4kB 1*8kB (M) 1*16kB (M) 1*32kB (M) 1*64kB (M) 0*128kB 1*256kB (M) 2*512kB (UM) 1*1024kB (M) 0*2048kB 3*4096kB (M) = 14712kB
[  756.158084] Node 0 DMA32: 819*4kB (UME) 668*8kB (UME) 405*16kB (UE) 220*32kB (UME) 143*64kB (UME) 74*128kB (UME) 32*256kB (UME) 9*512kB (UME) 0*1024kB 0*2048kB 0*4096kB = 53564kB
[  756.158095] Node 0 Normal: 127*4kB (UME) 440*8kB (UME) 329*16kB (UME) 154*32kB (UME) 50*64kB (UME) 4*128kB (UM) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 17932kB
[  756.158106] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[  756.158108] 9193 total pagecache pages
[  756.158109] 0 pages in swap cache
[  756.158109] Free swap  = 0kB
[  756.158110] Total swap = 0kB
[  756.158110] 1048441 pages RAM
[  756.158111] 0 pages HighMem/MovableOnly
[  756.158112] 111706 pages reserved
[  756.158112] 0 pages cma reserved
[  756.158113] 0 pages hwpoisoned
[  756.158113] Tasks state (memory values in pages):
[  756.158114] [  pid  ]   uid  tgid total_vm      rss pgtables_bytes swapents oom_score_adj name
[  756.158118] [    482]     0   482     6741      416    73728        0          -250 systemd-journal
[  756.158123] [    496]     0   496     8319      666    86016        0         -1000 systemd-udevd
[  756.158126] [    571]     0   571     4539      676    57344        0         -1000 auditd
[  756.158129] [    592]    81   592     2693      192    57344        0          -900 dbus-broker-lau
[  756.158132] [    593]    81   593     1282       64    49152        0          -900 dbus-broker
[  756.158137] [    603]     0   603    89717     6344   192512        0             0 firewalld
[  756.158140] [    605]     0   605    19798       32    53248        0             0 irqbalance
[  756.158143] [    607]     0   607    24325       96    69632        0             0 qemu-ga
[  756.158145] [    618]     0   618     5299      590    81920        0             0 systemd-logind
[  756.158148] [    627]   997   627    21229      105    65536        0             0 chronyd
[  756.158150] [   1065]     0  1065    64605     1179   135168        0             0 NetworkManager
[  756.158153] [   1383]     0  1383    46179     2283   167936        0             0 php-fpm
[  756.158155] [   1394]     0  1394     3965      320    69632        0         -1000 sshd
[  756.158158] [   1424]     0  1424   181478     4328   188416        0             0 fail2ban-server
[  756.158160] [   1439]     0  1439     2161      192    57344        0             0 crond
[  756.158162] [   1504]    27  1504   748079    27938   520192        0             0 mariadbd
[  756.158165] [   1571]    48  1571    46723     3242   180224        0             0 php-fpm
[  756.158167] [   1572]    48  1572    46723     3153   180224        0             0 php-fpm
[  756.158170] [   1573]    48  1573    46724     3121   180224        0             0 php-fpm
[  756.158172] [   1574]    48  1574    46723     3182   180224        0             0 php-fpm
[  756.158174] [   1575]    48  1575    46723     3226   180224        0             0 php-fpm
[  756.158176] [   1603]     0  1603     5693      726    81920        0           100 systemd
[  756.158178] [   1609]     0  1609     6582     1335    90112        0           100 (sd-pam)
[  756.158180] [   1712]   991  1712     6901      416    94208        0             0 freshclam
[  756.158183] [   1729]     0  1729    43257      400    94208        0             0 rsyslogd
[  756.158185] [   1744]     0  1744     3220      320    61440        0             0 login
[  756.158187] [   1757]     0  1757     3371      224    69632        0             0 dovecot
[  756.158190] [   1818]     0  1818     1111       35    45056        0             0 dccifd
[  756.158192] [   1819]     0  1819    38507      904    65536        0             0 dccifd
[  756.158194] [   1825]    97  1825     2396      160    61440        0             0 anvil
[  756.158196] [   1827]     0  1827     2431      192    57344        0             0 log
[  756.158201] [   1828]   989  1828    63152     6112   159744        0             0 unbound
[  756.158203] [   1829]     0  1829     3069      480    65536        0             0 config
[  756.158205] [   1831]     0  1831     5064      806    77824        0             0 httpd
[  756.158208] [   1835]   990  1835   645682   580702  4808704        0             0 clamd
[  756.158210] [   2185]   985  2185     9440     5461   110592        0             0 sqlgrey
[  756.158212] [   2990]    89  2990    15371    10776   155648        0             0 MailWatch SQL
[  756.158214] [   2992]    89  2992    12995     9643   135168        0             0 MailScanner: ma
[  756.158217] [   2993]    89  2993    54309    46125   466944        0             0 MailScanner: wa
[  756.158219] [   2997]     0  2997    46673     4059   180224        0             0 php
[  756.158221] [   2998]     0  2998    46673     4047   180224        0             0 php
[  756.158223] [   3013]    89  3013    54328    46119   466944        0             0 MailScanner: wa
[  756.158225] [   3023]    89  3023    54315    46068   466944        0             0 MailScanner: wa
[  756.158228] [   3033]    89  3033    54345    46130   466944        0             0 MailScanner: wa
[  756.158230] [   3926]     0  3926    57272       81    73728        0             0 gpg-agent
[  756.158232] [   3928]     0  3928    20388      574    73728        0             0 scdaemon
[  756.158234] [   5815]    48  5815    46723     3121   180224        0             0 php-fpm
[  756.158237] [   5834]    89  5834    16921    12159   172032        0             0 MSMilter Daemon
[  756.158239] [   5897]  1000  5897     5693      725    90112        0           100 systemd
[  756.158241] [   5899]  1000  5899    43717     1663   102400        0           100 (sd-pam)
[  756.158243] [   5906]  1000  5906     1887      160    61440        0             0 bash
[  756.158245] [   6165]  1000  6165     4928      352    77824        0             0 sudo
[  756.158250] [   6186]     0  6186     3932      320    65536        0             0 su
[  756.158252] [   6187]     0  6187     1887      160    61440        0             0 bash
[  756.158254] [   7159]     0  7159     2574      832    61440        0             0 eFa-Configure
[  756.158256] [   8232]    48  8232     5568      717    81920        0             0 httpd
[  756.158258] [   8233]    48  8233   605802     4604   487424        0             0 httpd
[  756.158260] [   8234]    48  8234   556634     3463   417792        0             0 httpd
[  756.158262] [   8235]    48  8235   556634     3556   417792        0             0 httpd
[  756.158265] [   8503]     0  8503     9545       76    69632        0             0 master
[  756.158267] [   8596]    89  8596    11429      224    90112        0             0 pickup
[  756.158269] [   8597]    89  8597    11476      288    81920        0             0 qmgr
[  756.158271] [   8883]   987  8883     8541      320    77824        0             0 opendkim
[  756.158274] [   8913]    89  8913    11710      320    90112        0             0 tlsmgr
[  756.158276] [   8914]   988  8914     5529      448    53248        0             0 opendmarc
[  756.158278] [   8937]    48  8937   556634     3455   413696        0             0 httpd
[  756.158280] [  10892]     0 10892    10582     6634   118784        0             0 miniserv.pl
[  756.158282] [  11623]     0 11623     4811      480    81920        0             0 sshd
[  756.158284] [  11627]  1000 11627     4859      459    81920        0             0 sshd
[  756.158286] [  11628]  1000 11628     1858      192    57344        0             0 bash
[  756.158288] [  12865]     0 12865     3862      326    69632        0             0 crond
[  756.158290] [  12867]     0 12867     1781        0    57344        0             0 sh
[  756.158293] [  12869]     0 12869     1814       96    57344        0             0 eFa-Monitor-cro
[  756.158295] [  12923]     0 12923     9465        0    61440        0             0 postmap
[  756.158299] [  12925]  1000 12925     2649      160    61440        0             0 top
[  756.158301] [  12936]     0 12936     1814       88    49152        0             0 eFa-Monitor-cro
[  756.158303] [  12937]     0 12937     2521       32    61440        0             0 ps
[  756.158305] [  12938]     0 12938     1607        0    49152        0             0 grep
[  756.158307] [  12939]     0 12939     3867      262    69632        0             0 crond
[  756.158309] [  12940]     0 12940     3867      274    69632        0             0 crond
[  756.158311] [  12943]     0 12943    10618     6639   118784        0             0 miniserv.pl
[  756.158313] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/system.slice/system-clamd.slice/clamd@scan.service,task=clamd,pid=1835,uid=990
[  756.158378] Out of memory: Killed process 1835 (clamd) total-vm:2582728kB, anon-rss:2322680kB, file-rss:128kB, shmem-rss:0kB, UID:990 pgtables:4696kB oom_score_adj:0

---

[doggy101]

I'm getting the same error while installing on alma linux 8 which supposed to be supported with the efa 4 script?

is there a way around this ( by the way also the mysql error is present in my rollout)

Hi,

First, greate news and thanks for EFA v5 beta ...
I don't know where to this topic (no EFA v5 Bugs), so I put it here ...

I successfully install EFA v5 on top of Rocky Linux 9.
After initial configuration I type "OK"

and get this errors:
[eFa] - Starting MariaDB and Configuring
/usr/bin/mysqladmin: connect to server at 'localhost.localdomain' failed
error: 'Host '127.0.0.1' is not allowed to connect to this MariaDB server'
ERROR 1067 (42000) at line 58: Invalid default value for 'lastsent'

and

[eFa] - Setting IP settings
cp: cannot stat '/etc/sysconfig/network-scripts/ifcfg-ens33': No such file or directory
[eFa] - Error initializing system! Please try again...

In Rocky Linux 9 all network profiles are stored in "/etc/NetworkManager/system-connections/" and not in "/etc/sysconfig/network-scripts/"

How to go around this ...

[tesme33]

I'm getting the same error while installing on alma linux 8 which supposed to be supported with the efa 4 script?

is there a way around this ( by the way also the mysql error is present in my rollout)

Hi,

First, greate news and thanks for EFA v5 beta ...
I don't know where to this topic (no EFA v5 Bugs), so I put it here ...

I successfully install EFA v5 on top of Rocky Linux 9.
After initial configuration I type "OK"

and get this errors:
[eFa] - Starting MariaDB and Configuring
/usr/bin/mysqladmin: connect to server at 'localhost.localdomain' failed
error: 'Host '127.0.0.1' is not allowed to connect to this MariaDB server'
ERROR 1067 (42000) at line 58: Invalid default value for 'lastsent'

and

[eFa] - Setting IP settings
cp: cannot stat '/etc/sysconfig/network-scripts/ifcfg-ens33': No such file or directory
[eFa] - Error initializing system! Please try again...

In Rocky Linux 9 all network profiles are stored in "/etc/NetworkManager/system-connections/" and not in "/etc/sysconfig/network-scripts/"

How to go around this ...

Strange i today installed from a AlmaLinux 9 Minimal without issues.
What is didnt touch is the IP configuration inside of eFa-Configure as this was not showing anything.

The rest worked. Besides the more or less frequent clamd crashes.

Did you use a AlmaLinux 8 MINIMAL ?
And i was using testing for the bash script invokation. Did you use dev ?

[doggy101]

no I used:

eFa4 can be installed on any system you want as long as it supports CentOS 7, CentOS 8, AlmaLinux 8, or RockyLinux 8 and the system is dedicated to eFa4.

curl -sSL https://install.efa-project.org | bash

[doggy101]

just installed Alma 9 and used the EFA5 script, installation went fine, config script as well

but afterwards the webinterface was accessible once and then it was not reachable anymore also the efa configure menu freezes up when selecting webmin or fail2ban the others I have not tried yet

increased the memory which fixed it

[tesme33]

Hi
on eFA5 i have for some whitelisting actions the following effect.

- i select the email i want to whitelist
- i select: Move selected entries to whitelist
- press sent.
and then i have a blank border see attached picture.

Bildschirmfoto 2024-05-31 um 11.54.39.png (40.54 KiB) Viewed 825010 times

[tesme33]

Hi
another issue seems to be clamd.

Im having a VM with 4 vCPU and 4GB mem. Normaly idling around.
Just before the issue happens it gets sluggish.

Code: Select all

[  756.157760] MailScanner: wa invoked oom-killer: gfp_mask=0x140cca(GFP_HIGHUSER_MOVABLE|__GFP_COMP), order=0, oom_score_adj=0
[  756.158313] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/system.slice/system-clamd.slice/clamd@scan.service,task=clamd,pid=1835,uid=990
[ 4460.908804] crond invoked oom-killer: gfp_mask=0x140cca(GFP_HIGHUSER_MOVABLE|__GFP_COMP), order=0, oom_score_adj=0
[ 4460.909229] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/system.slice/system-clamd.slice/clamd@scan.service,task=clamd,pid=13000,uid=990
[ 9512.629161] miniserv.pl invoked oom-killer: gfp_mask=0x140cca(GFP_HIGHUSER_MOVABLE|__GFP_COMP), order=0, oom_score_adj=0
[ 9512.629726] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/system.slice/system-clamd.slice/clamd@scan.service,task=clamd,pid=27294,uid=990
[14750.983057] NetworkManager invoked oom-killer: gfp_mask=0x140cca(GFP_HIGHUSER_MOVABLE|__GFP_COMP), order=0, oom_score_adj=0
[14750.983458] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/system.slice/system-clamd.slice/clamd@scan.service,task=clamd,pid=44863,uid=990
[17226.025520] firewall-cmd invoked oom-killer: gfp_mask=0x140cca(GFP_HIGHUSER_MOVABLE|__GFP_COMP), order=0, oom_score_adj=0
[17226.025989] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/system.slice/system-clamd.slice/clamd@scan.service,task=clamd,pid=61634,uid=990
[19149.047759] httpd invoked oom-killer: gfp_mask=0x140cca(GFP_HIGHUSER_MOVABLE|__GFP_COMP), order=0, oom_score_adj=0
[19149.048487] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/system.slice/system-clamd.slice/clamd@scan.service,task=clamd,pid=69344,uid=990
[25278.239602] NetworkManager invoked oom-killer: gfp_mask=0x140cca(GFP_HIGHUSER_MOVABLE|__GFP_COMP), order=0, oom_score_adj=0
[25278.239949] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/system.slice/system-clamd.slice/clamd@scan.service,task=clamd,pid=75695,uid=990
[30203.831090] systemd invoked oom-killer: gfp_mask=0x140cca(GFP_HIGHUSER_MOVABLE|__GFP_COMP), order=0, oom_score_adj=0
[30203.831635] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/system.slice/system-clamd.slice/clamd@scan.service,task=clamd,pid=92865,uid=990
[36326.030795] httpd invoked oom-killer: gfp_mask=0x140cca(GFP_HIGHUSER_MOVABLE|__GFP_COMP), order=0, oom_score_adj=0
[36326.032111] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/system.slice/system-clamd.slice/clamd@scan.service,task=clamd,pid=108360,uid=990
[39976.512910] f2b/f.sshd invoked oom-killer: gfp_mask=0x140cca(GFP_HIGHUSER_MOVABLE|__GFP_COMP), order=0, oom_score_adj=0
[39976.513617] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/system.slice/system-clamd.slice/clamd@scan.service,task=clamd,pid=125633,uid=990
[43050.744945] f2b/a.sshd invoked oom-killer: gfp_mask=0x140cca(GFP_HIGHUSER_MOVABLE|__GFP_COMP), order=0, oom_score_adj=0
[43050.745441] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/system.slice/system-clamd.slice/clamd@scan.service,task=clamd,pid=136443,uid=990
[44339.609640] php invoked oom-killer: gfp_mask=0x140cca(GFP_HIGHUSER_MOVABLE|__GFP_COMP), order=0, oom_score_adj=0
[44339.610031] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/system.slice/system-clamd.slice/clamd@scan.service,task=clamd,pid=145704,uid=990
[51024.960800] awk invoked oom-killer: gfp_mask=0x140cca(GFP_HIGHUSER_MOVABLE|__GFP_COMP), order=0, oom_score_adj=0
[51024.961345] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/system.slice/system-clamd.slice/clamd@scan.service,task=clamd,pid=150376,uid=990
[53510.533133] NetworkManager invoked oom-killer: gfp_mask=0x140cca(GFP_HIGHUSER_MOVABLE|__GFP_COMP), order=0, oom_score_adj=0
[53510.533565] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/system.slice/system-clamd.slice/clamd@scan.service,task=clamd,pid=170701,uid=990
[56618.932590] NetworkManager invoked oom-killer: gfp_mask=0x140cca(GFP_HIGHUSER_MOVABLE|__GFP_COMP), order=0, oom_score_adj=0
[56618.932929] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/system.slice/system-clamd.slice/clamd@scan.service,task=clamd,pid=178413,uid=990
[65107.543720] f2b/f.mailwatch invoked oom-killer: gfp_mask=0x140cca(GFP_HIGHUSER_MOVABLE|__GFP_COMP), order=0, oom_score_adj=0
[65107.544081] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/system.slice/system-clamd.slice/clamd@scan.service,task=clamd,pid=187791,uid=990
[70029.989701] sshd invoked oom-killer: gfp_mask=0x140cca(GFP_HIGHUSER_MOVABLE|__GFP_COMP), order=0, oom_score_adj=0
[70029.990461] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/system.slice/system-clamd.slice/clamd@scan.service,task=clamd,pid=212405,uid=990
[73754.343881] systemd invoked oom-killer: gfp_mask=0x140cca(GFP_HIGHUSER_MOVABLE|__GFP_COMP), order=0, oom_score_adj=0
[73754.344393] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/system.slice/system-clamd.slice/clamd@scan.service,task=clamd,pid=228148,uid=990

[shawniverson]

4GB is insufficient. clamd plus all the signatures require a lot of memory, which is why we recommend 8GB.

[tesme33]

4GB is insufficient. clamd plus all the signatures require a lot of memory, which is why we recommend 8GB.

Thx overlooked this in the requirements.

Interesting. The eFa4 is running on my side with 2 CPU and 4GB without any hickup since years.
But will try to upgrade the mem of the vServer.

[tesme33]

Hi
the topic around the oom-killer continued to turn around in my head and i started looking around how to limit mem usage for clamd.
And i found this: https://betatim.github.io/posts/clamav-memory-usage/

This seemed to help but it just limited the frequency . So first step taken.
The i had a look into my VPS and i found that there was no SWAP enabled.
So i added 8GB of swap.

Code: Select all

dd if=/dev/zero of=/swapfile bs=1024 count=8000000
mkswap /swapfile
chmod 0600 /swapfile
swapon /swapfile

And added "/swapfile swap swap defaults 0 0 " to my fstab.

Now lets see if this will solve at least my issue.


Just sharing in case anybody has similar issues.

[SteveC]

Just did an install on Alma 9 that went fine.

I enabled it as an outbound relay, and sending went fine.

Incoming does not work. I only created a single account, and email is rejected when I replied to the message from that account.

The maillog messge is: 450 4.1.1 <...> Recipient address rejected: unverified address: No user at this address;

I originally had greylisting enabled. I turned it off because I got impatient.

When greylisting was enabled, there were messages in the log similar to:

451 4.7.1 <...> Recipient address rejected: Intentional policy rejection, please try again later (in reply to RCPT TO command))

I turned greylisting back on to see if that helped. It did not.

I can log in as the user from the website.

From root, I did:

mysql
use mailscanner;
select * from users;

Output shows the user and the admin accounts only.

Probably did something dumb, so I guess I'll reload and try again unless someone has a suggestion.

[shawniverson]

Just did an install on Alma 9 that went fine.

I enabled it as an outbound relay, and sending went fine.

Incoming does not work. I only created a single account, and email is rejected when I replied to the message from that account.

The maillog messge is: 450 4.1.1 <...> Recipient address rejected: unverified address: No user at this address;

Try turning recipient verification off to see if that helps using eFa-Configure in the console. It is under Mail Settings.

[SteveC]

Just did an install on Alma 9 that went fine.

I enabled it as an outbound relay, and sending went fine.

Incoming does not work. I only created a single account, and email is rejected when I replied to the message from that account.

The maillog messge is: 450 4.1.1 <...> Recipient address rejected: unverified address: No user at this address;

Try turning recipient verification off to see if that helps using eFa-Configure in the console. It is under Mail Settings.

That worked and allows emails to be received. The downside is allowing email from any random user to be received and then rejected by the main server.

Thoughts on the cause?

EDIT: I wiped and did the install with CentOS 9, and things are working fine. Only had an issue with fail2ban not starting because of a missing log file.

[pdwalker]

yes, postfix doesn't know how to verify the user.

if you want to use user verification, you have to configure postfix so postfix can know which users are valid.

[tesme33]

Hi
looking into fail2ban i get the following errors.

---

[root@derb fail2ban]# pwd
/etc/fail2ban
[root@derb fail2ban]# fail2ban-client status
Status
|- Number of jail: 3
`- Jail list: mailwatch, postfix-sasl, sshd
[root@derb fail2ban]# fail2ban-client get sshd status
2024-06-08 11:34:37,297 fail2ban [2423664]: ERROR NOK: ('Invalid command (no get action or not yet implemented)',)
Invalid command (no get action or not yet implemented)
[root@derb fail2ban]# fail2ban-client get mailwatch status
2024-06-08 11:36:02,404 fail2ban [2423979]: ERROR NOK: ('Invalid command (no get action or not yet implemented)',)
Invalid command (no get action or not yet implemented)
[root@derb fail2ban]# fail2ban-client get postfix-sasl status
2024-06-08 11:36:13,935 fail2ban [2423983]: ERROR NOK: ('Invalid command (no get action or not yet implemented)',)
Invalid command (no get action or not yet implemented)
[root@derb fail2ban]# fail2ban-client version
1.0.2
[root@derb fail2ban]# more jail.d/efa.local
[sshd]
enabled = true

[postfix-sasl]
enabled = true
filter = postfix[mode=auth]

[mailwatch]
enabled = true
port = http,https
logpath = /var/log/php-fpm/www-error.log

[root@derb fail2ban]# fail2ban-client get postfix-sasl actions
The jail postfix-sasl has the following actions:
firewallcmd-rich-rules
[root@derb fail2ban]# fail2ban-client get sshd actions
The jail sshd has the following actions:
firewallcmd-rich-rules
[root@derb fail2ban]# fail2ban-client get mailwatch actions
The jail mailwatch has the following actions:
firewallcmd-rich-rules

---

[tesme33]

Some addon.
When i use the small script below i can see fail2ban believes it has blocked but nothing is in the ip tabels nor is something visible with the fiewal-cmd.


[

Code: Select all

root@derb fail2ban]# firewall-cmd --list-all
public (active)
  target: default
  icmp-block-inversion: no
  interfaces: eth0
  sources:
  services: cockpit dhcpv6-client smtp ssh
  ports: 80/tcp 443/tcp 587/tcp 10000/tcp
  protocols:
  forward: yes
  masquerade: no
  forward-ports:
  source-ports:
  icmp-blocks:
  rich rules: 

Code: Select all

#!/bin/sh

# https://serverfault.com/questions/841183/how-to-show-all-banned-ip-with-fail2ban
echo " "
echo " IPs and jail"
echo " "

sqlite3 /var/lib/fail2ban/fail2ban.sqlite3 "select ip,jail from bips"

echo " "
echo " unique IPs" -n

echo " "
sqlite3 /var/lib/fail2ban/fail2ban.sqlite3 "select distinct ip from bips"
echo " "


echo " Most banned IPs "

echo " "
sqlite3 /var/lib/fail2ban/fail2ban.sqlite3 "select jail,ip,count(*) as count from bips group by ip order by count desc limit 20"
echo " "

echo " iptables "

echo " "
iptables -L -n | awk '$1=="REJECT" && $4!="0.0.0.0/0"'
echo " "