The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

spamd failed email messages

Discussion in 'E-mail Discussions' started by binkatl, Jan 24, 2005.

  1. binkatl

    binkatl Registered

    Joined:
    Dec 18, 2004
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    I'm receiving an email message about every 5 minutes from my server, indicating that spamd failed and a restart was attempted.

    I have spamd turned off in the Service Manager, and Spamassasin turned off in the Tweak Settings menu. Why am I still receiving this message? I've tried restarting cPanel, also, but it hasn't helped.

    Any ideas... thanks!
     
  2. dalem

    dalem Well-Known Member
    PartnerNOC

    Joined:
    Oct 24, 2003
    Messages:
    2,577
    Likes Received:
    40
    Trophy Points:
    48
    Location:
    SLC
    cPanel Access Level:
    DataCenter Provider
    restart exim
     
  3. binkatl

    binkatl Registered

    Joined:
    Dec 18, 2004
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    I was very hopeful that this would work, but it hasn't. I've already received 2 more emails since I restarted Exim... the problem still exists.

    Any other thoughts?
     
  4. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    /bin/rm -fv /var/run/chkservd/spamd
    /etc/init.d/chkservd restart


    That should do it ;)
     
  5. binkatl

    binkatl Registered

    Joined:
    Dec 18, 2004
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    Thanks, Chirpy! That did the trick.
     
  6. station

    station Member

    Joined:
    Jul 21, 2004
    Messages:
    18
    Likes Received:
    0
    Trophy Points:
    1
    Why turn spamd off?

    I've been having the same problem as binkatl, and before I dissable spamd and spamAssasin, I was hopeing someone might shed some light on this subject.
    My questions are: is this over kill? have I duplicated a function here somewhere? With this setup what would be the most effective exim config? Should I deactivate something?
    My objective is for all spam to die at the front door, and virus to bounce with a warning, plus leave the option of individual users to create their own black and white lists if desired.

    Your suggestion chirpy to turn spamd off makes me wonder, what does it do? Is it integrated into spamassassin? I think there's alot of crossover dependences here and if I turn one off how does it effect the other pieces?

    The following is my server set up for email:
    WHM 9.9.9
    Cpanel 9.9.9-S15
    Fedora i686

    Exim
    Exiscan + Clam
    Clamav
    Clamd
    spamd
    spamAssasin

    cpanel addon Modules:
    pro- Version: 1.0rc8
    spamdconf - Version: 0.3
    clamavconnector - Version: 0.80-1.0RC1.2

    cpanel config:
    service manager, - spamd = enabled
    tweak settings, - mail catch-all = fail
    - spamassassin = enabled
    - track origin = enabled

    RSkin's Spam+Virus Protection for cPanel server using
    Exim+Exiscan+ Clamav+RBL+ Spamassassin+SARE+ Razor+DCC anti spam tut

    Vipul's Razor razor.sourceforge.net/ razor-agents-2.67 and razor-agents-sdk-2.03

    Distributed Checksum Clearinghouse ( DCC )www.rhyolite.com/anti-spam/dcc/

    SpamAssassin Rules Emporium (SARE) rulesemporium.com/

    RulesDuJour www.exit0.us/index.php?pagename=RulesDuJour
    For added info to anyone reading and trying to do the same, my whm/exim config /System filter file is: /usr/local/cpanel/base/eximacl/antivirusandspam.exim
    and my whm/exim config editor/ advanced mode/ top window is:
    Code:
    av_scanner = clamd:/var/clamd
    
    acl_smtp_connect = acl_check_host
    
    acl_smtp_mail = acl_check_sender
    
    domainlist rv_rbl_receiver_domain_whitelist = lsearch;/usr/local/cpanel/base/eximacl/rv_rbl_receiver_domain_whitelist
      
    hostlist rv_rbl_server_ip_whitelist = net-iplsearch;/usr/local/cpanel/base/eximacl/rv_rbl_server_ip_whitelist
      
    addresslist rv_rbl_sender_address_whitelist= lsearch*@;/usr/local/cpanel/base/eximacl/rv_rbl_sender_address_whitelist
      
    addresslist rv_spam_sender_address_whitelist= lsearch*@;/usr/local/cpanel/base/eximacl/rv_spam_sender_address_whitelist
    
    log_selector = +address_rewrite+all_parents+arguments+connection_reject+delay_delivery+delivery_size+
    dnslist_defer+incoming_interface+incoming_port+lost_incoming_connection+queue_run+rec
    eived_sender+received_recipients+retry_defer+sender_on_delivery+size_reject+skip_deliver
    y+smtp_confirmation+smtp_connection+smtp_protocol_error+smtp_syntax_error+subject+tl
    s_cipher+tls_peerdn
    The log selector list gives me a complete readout when using the command tail -f /var/log/exim_mainlog

    and begin acl window 1 is:
    Code:
    #!!# This ACL is used at the start of an incoming connection.
    #!!# The tests are run in order until the connection is
    #!!# either accepted or denied.
    acl_check_host:
    
    ##
    # Reject email sent from mail server IP listed in the blacklist
    ##
    deny message = Host $sender_host_address is blocked
    hosts = /usr/local/cpanel/base/eximacl/rv_server_ip_blacklist
    delay = 20s
    
    accept
    
    #!!# This ACL is used for the MAIL FROM: command in an
    #!!# incoming SMTP transaction. The tests are run in order until the
    #!!# sender address is either accepted or denied.
    acl_check_sender:
    
    ##
    # Reject email sent from sender listed in the blacklist
    ## 
    deny message = Sender $sender_address is blocked
    senders = /usr/local/cpanel/base/eximacl/rv_sender_address_blacklist
    delay = 20s
    
    accept
    and window 2 is: (see next post)

    If anyone adept at reading exim config files sees a blatant error or suggestions to improve the functionality of all this setup I'm all ears. in fact Im not so sure that I have this set up as well as I might like.

    TIA , and have a great day! :D
     
  7. station

    station Member

    Joined:
    Jul 21, 2004
    Messages:
    18
    Likes Received:
    0
    Trophy Points:
    1
    begin acl window 2 is:

    Code:
    #!!# ACL that is used after the RCPT command
    check_recipient:
      # we accept if the source is local SMTP (i.e. not over TCP/IP).
      # We do this by testing for an empty sending host field.
      accept  hosts = :
    # Always accept mail to postmaster & abuse for any local domain 
    
    accept domains = +local_domains 
    local_parts = postmaster:abuse 
    
    ### Reject email sent from server listed in DNS blacklists. ### 
    deny message = Message rejected because $sender_fullhost is blacklisted at $dnslist_domain see $dnslist_text
    !hosts = +relay_hosts
    !authenticated = *
    # RBL Bypass Local Domain List
    !domains = +rv_rbl_receiver_domain_whitelist
    # RBL Whitelist Incoming hosts
    !hosts = +rv_rbl_server_ip_whitelist
    # RBL Bypass Sender Domain List
    !senders = +rv_rbl_sender_address_whitelist
    # The following is a list of RBL to check for spam.
    dnslists = bl.spamcop.net :\
               list.dsbl.org : \
               malaysia.blackholes.us  :\
               singapore.blackholes.us :\
               porn.rhs.mailpolice.com 
               #combined.njabl.org :\
    message = your mail server $sender_host_address is in a black list \
                     at $dnslist_domain ($dnslist_text) 
    
    
      # Accept bounces to lists even if callbacks or other checks would fail
      warn     message      = X-WhitelistedRCPT-nohdrfromcallback: Yes
               condition    = \
               ${if and {{match{$local_part}{(.*)-bounces\+.*}} \
                         {exists {/usr/local/cpanel/3rdparty/mailman/lists/${lc:$1}/config.pck}}} \
                    {yes}{no}}
    
      accept   condition    = \
               ${if and {{match{$local_part}{(.*)-bounces\+.*}} \
                         {exists {/usr/local/cpanel/3rdparty/mailman/lists/${lc:$1}/config.pck}}} \
                    {yes}{no}}
    
    
      # Accept bounces to lists even if callbacks or other checks would fail
      warn     message      = X-WhitelistedRCPT-nohdrfromcallback: Yes
               condition    = \
               ${if and {{match{$local_part}{(.*)-bounces\+.*}} \
                         {exists {/usr/local/cpanel/3rdparty/mailman/lists/${lc:$1}_${lc:$domain}/config.pck}}} \
                    {yes}{no}}
    
      accept   condition    = \
               ${if and {{match{$local_part}{(.*)-bounces\+.*}} \
                         {exists {/usr/local/cpanel/3rdparty/mailman/lists/${lc:$1}_${lc:$domain}/config.pck}}} \
                    {yes}{no}}
    
      #if it gets here it isn't mailman
      
    #### Dictionary attacks  
      drop hosts = /etc/exim_deny 
            message = Connection denied after dictionary attack 
            log_message = Connection denied from $sender_host_address after dictionary attack 
    
      drop message = Appears to be a dictionary attack 
            log_message = Dictionary attack (after $rcpt_fail_count failures) 
            condition = ${if > {${eval:$rcpt_fail_count}}{3}{yes}{no}} 
            condition = ${run{/etc/exim_deny.pl $sender_host_address }{yes}{no}} 
            !verify = recipient 
                                                                                                                                             
      #sender verifications are required for all messages that are not sent to lists
                                                                                                                                               
      require verify = sender
      accept  domains = +local_domains
      endpass
                                                                                                                                               
      #recipient verifications are required for all messages that are not sent to the local machine
      #this was done at multiple users requests
                                                                                                                                               
      message = "The recipient cannot be verified.  Please check all recipients of this message to verify they are valid."
      verify = recipient
                                                                                                                                               
      accept  domains = +relay_domains
    
      warn  message = ${perl{popbeforesmtpwarn}{$sender_host_name}}
            hosts = +relay_hosts
      accept  hosts = +relay_hosts
                                                                                    
      warn  message = ${perl{popbeforesmtpwarn}{$sender_host_address}}
            condition = ${perl{checkrelayhost}{$sender_host_address}}
      accept  condition = ${perl{checkrelayhost}{$sender_host_address}}
    
      accept  hosts = +auth_relay_hosts
              endpass
              message = $sender_fullhost is currently not permitted to \
                            relay through this server. Perhaps you \
                            have not logged into the pop/imap server in the \
                            last 30 minutes or do not have SMTP Authentication turned on in your email client.
              authenticated = *
    
      deny    message = $sender_fullhost is currently not permitted to \
                            relay through this server. Perhaps you \
                            have not logged into the pop/imap server in the \
                            last 30 minutes or do not have SMTP Authentication turned on in your email client.
    
    
    #!!# ACL that is used after the DATA command
    check_message:
      require verify = header_sender
    ##### clamav ACL, reject virus infected        mails with proper error 
    
    deny message = This message contains malformed MIME ($demime_reason). 
    demime = * 
    condition = ${if >{$demime_errorlevel}{2}{1}{0}} 
    
    deny message = This message contains a virus or other harmful content \ 
    ($malware_name) 
    demime = * 
    malware = * 
    
    deny message = Potentially executable content. If you meant to send this file \ 
    then please package it up as a zip file and resend it. 
    demime =        ade:adp:bas:bat:chm:cmd:com:cpl:crt:eml:exe:hlp:hta:inf:ins:isp:jse:lnk:mdb:mde:msc:msi:msp:pcd:reg:scr:sct:shs:url:vbs:vbe:wsf:wsh:wsc 
    
    # Add X-Scanned Header 
    
    warn message = X-Antivirus-Scanner: Basically clean mail though you should still use an Antivirus 
    
    ##### end clamav ACL 
    
      accept
     
  8. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    Looks OK (of course, I prefer the MailScanner solution). You should put the dictionary attack stuff from my ACL at the top of the middle box, just after:

    accept hosts = :

    There's no point in going through the overhead of RBL lookups if you're going to deny the connection anyway because of a RCPT check failure, which is much quicker.
     
  9. station

    station Member

    Joined:
    Jul 21, 2004
    Messages:
    18
    Likes Received:
    0
    Trophy Points:
    1
    Cut down the overhead

    Thanx for the suggestion chirpy, that's just the sort of thinhg that I was wondering about. How to cut down on the overhead. Ideally a tool which could control all these spam, virus concerns on the server would be great. I can't imagine the work required to stay on top of hundreds of boxes....
    Meanwhile my spamd is still failing to load/boot and I would like to find the cause.
     
  10. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    WRT spamd, have you tried:

    /etc/init.d/chkservd restart

    If that doesn't work, try:
    /scripts/fixspamassassinfailedupdate
     
  11. station

    station Member

    Joined:
    Jul 21, 2004
    Messages:
    18
    Likes Received:
    0
    Trophy Points:
    1
    fixspamassassinfailedupdate

    Ya, Hi chirpy, thanx again, I had restarted the chkservd a couple of times,

    the fixspamassassinfailedupdate is a really cool name for a script. Talk about spelling it out,
    I guess I should spend more time in my script dir,
    unfortunately,my result is:
    Code:
    # ./fixspamassassinfailedupdate
    Spamassassin Update Failed, reinstalling!
    File/Spec/Unix.pm did not return a true value at /usr/lib/perl5/5.8.6/i686-linux/File/Spec.pm line 21.
    Compilation failed in require at /scripts/realperlinstaller line 14.
    BEGIN failed--compilation aborted at /scripts/realperlinstaller line 14.
    and line 14 of realperlinstaller says
    Code:
    use File::Spec;
    So, what's missing in my perl5...file/Spec.pm? it says at line 21
    Code:
    require "File/Spec/$module.pm";
    and my /usr/lib/perl5/5.8.6/i686-linux/File/Spec dir has the following :etc.
    -r--r--r-- 1 root root 1808 Jan 22 04:57 Cygwin.pm
    -r--r--r-- 1 root root 1531 Jan 22 04:57 Epoc.pm
    -r--r--r-- 1 root root 1855 Jan 22 04:57 Functions.pm
    -r--r--r-- 1 root root 11708 Jan 22 04:57 Unix.pm
    so the Unix.pm is not returning atrue value, so what does fixspamassassinfailedupdate consider to be a true value to be recieving from Unix.pm? this is starting to get complicated for a mear gumby as myself.
     
  12. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    You might want to try:

    /scripts/perlinstaller Tie::Hash File::Spec HTML::Parser

    Then try running that fix script again.
     
  13. station

    station Member

    Joined:
    Jul 21, 2004
    Messages:
    18
    Likes Received:
    0
    Trophy Points:
    1
    /scripts/perlinstaller Tie::Hash File::Spec HTML::Parser

    Well, chirpy, This is becoming embarassing, as I feel as if you're acting as my private consultant, I'm going to start having to pay for your help.
    /scripts/perlinstaller Tie::Hash File::Spec HTML::Parser has the same results as the previous command /scripts/fixspamassassinfailedupdate
    I'm sure that in most cases the /scripts/fixspamassassinfailedupdate would fix the spamd failed to load problem but I seam to have an irregular perl installation. Perhaps I should update , or reinstall perl. However, I think that would be abit extream.
    So I'm doing a rebuild RPM database in whm/software,
    now reinstall RPM specpro,
    now reinstall RPM file:
    Code:
    # /scripts/fixspamassassinfailedupdate
    Spamassassin Update Failed, reinstalling!
    File/Spec/Unix.pm did not return a true value at /usr/lib/perl5/5.8.6/i686-linux/File/Spec.pm line 21.
    Compilation failed in require at /scripts/realperlinstaller line 14.
    BEGIN failed--compilation aborted at /scripts/realperlinstaller line 14.
    trying:check repair perl script:/usr/lib/perl5/5.8.6/i686-linux/File/Spec.pm
    I'm obviously taking stabs in the dark, so far with no success. I'm still getting the same results.
     
  14. station

    station Member

    Joined:
    Jul 21, 2004
    Messages:
    18
    Likes Received:
    0
    Trophy Points:
    1
    cgi errors

    Well, I do seam to have a misconfigured perl.
    I've just entered:/usr/local/cpanel/whostmgr/docroot/cgi/diskusage.cgi as a test, and I get the same type of errors.
    Although a basic hello-world.cgi in a domain does work. that obviously doesn't require any libs.
    So I guess I need to reinstall perl. Now it's off to find out how I do that.
    first I'll go to whm/software/update system software, ... everything fine down to:
    make[2]: Leaving directory `/home/cpgdbuild/gd-2.0.33'
    make[1]: Leaving directory `/home/cpgdbuild/gd-2.0.33'
    GD install failed
    and I'm stuck here. So, I'll search around and see if I can find a solution. I believe the main problem was a manual perl update to 5.8.6 which I problably should not have done. ( especially as I am a gumby ) :)
     
  15. station

    station Member

    Joined:
    Jul 21, 2004
    Messages:
    18
    Likes Received:
    0
    Trophy Points:
    1
    Fixing this mess,,

    Dear reader, I know that my posts tend to be a bit long winded, but i find it frustrating when looking for a solution to find someone has had the same problem and they end their post with
    without explaining how. Or they skip a couple of steps in the solution.

    ok, I've found the thread pathtools error which mr. chirpy seams to have been providing solutions, and reading through I decided to look in my /usr/bin where I have the dirs perl, perl5.8.3, and perl 5.8.6

    My symlink is:
    /usr/local/bin/perl -> /usr/bin/perl
    the suggestion
    would maybe apply to me with my 5.8.6 but I doen't know how to do that check.

    My /usr/lib/perl5 has the following:
    drwxr-xr-x 3 root root 4096 Mar 24 2004 5.8.0/
    drwxr-xr-x 3 root root 4096 Mar 24 2004 5.8.1/
    drwxr-xr-x 3 root root 4096 Mar 24 2004 5.8.2/
    drwxr-xr-x 43 root root 4096 Jan 23 23:19 5.8.3/
    drwxr-xr-x 45 root root 4096 Jan 24 00:31 5.8.6/
    drwxr-xr-x 7 root root 4096 Jan 24 00:31 site_perl/
    drwxr-xr-x 6 root root 4096 Mar 24 2004 vendor_perl/

    also suggested was if you upgrade perl use these commands:
    /scripts/rpmup
    /scripts/sysup
    the first one:
    Using RPM Backend: RPM version 4.2.1
    busy updateing aton of stuff, ends with GD install failed, I guess that would be gd 2.0.33
    and half way through the install there is the following error
    Code:
    yum is up to date
    File/Spec/Unix.pm did not return a true value at /usr/lib/perl5/5.8.6/i686-linux/File/Spec.pm line 21.
    Compilation failed in require at /scripts/realperlinstaller line 14.
    BEGIN failed--compilation aborted at /scripts/realperlinstaller line 14.
    Using RPM Backend: RPM version 4.2.1
    installed: freetype-2.1.4-5
    installed: freetype-devel-2.1.4-5
    unknown package perl-CPAN (ok)
    installed: libpng-devel-1.2.5-7
    installed: libjpeg-devel-6b-29
    installed: XFree86-devel-4.3.0-55
    unknown package iconv (ok)
    unknown package jpeg (ok)
    unknown package xpm (ok)
    unknown package png (ok)
    unknown package linuxthreads (ok)
    Building GD..........
    ......
    Done
    GD status [0]
    gd-2.0.33.tar.gz
    so I'm not going to run the second script:/scripts/sysup untill I find what's wrong with the first install, any comments welcome :eek:
     
  16. station

    station Member

    Joined:
    Jul 21, 2004
    Messages:
    18
    Likes Received:
    0
    Trophy Points:
    1
    perl and cpanel

    Learn something new every day,
    I didn't know that cpanel had it's own perl install, as mentioned in this thread about perl and cpanel
    So I've taken a look at my /usr/lib/perl5/ dir and I do have the above mentioned perls, 5.0.0, 5.0.1, 5.0.2, 5.0.3, and 5.0.6. the 0, 1, ans 2 are empty except for a sim pointing to 5.0.3, but the 5.0.3 and the 5.0.6 are full of files. What leaves me wondering is how can I get my system back to perl 5.0.3 with the cpanel version?
    Also, I see chirpy, that you're a busy fellow, answering most questions in this forum. We're lucky you're around.
     
  17. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    TBH, I'd be tempted to remove all but the one you're running (perl -v to check) and then upgrade perl using:
    http://layer1.cpanel.net/perl584installer.tar.gz

    perl v 5.0.anything is quite old now and you should be running at least 5.6.1 and preferrably 5.8.*.
     
  18. station

    station Member

    Joined:
    Jul 21, 2004
    Messages:
    18
    Likes Received:
    0
    Trophy Points:
    1
    Solved

    well, first off I appologize to binkatl for highjacking your post.

    and thanx to chirpy for the solution to my problems, he su'ed into my server and fixed me up real good!
    here's his solution:
    Thanx a tonne,
    and to anyone with server troubles checkout www.configserver.com/ for server admin services. :D
     
Loading...

Share This Page