Amavis / Sendmail Problem
Hi there, I'm running a SuSE 7.2 as a Mail-Server. Since my last OnlineUpdate, which updated sendmail, I have the problem, that amavis is not started anymore. "rcamavis satus" tells me "amavis:OK", but the following thing is in the /var/log/boot.msg Starting virus-scanning for sendmail (amavis)<notice>startproc: execve (/usr/sbin/amavis-milter) [ /usr/sbin/amavis-milter -p local:/var/run/amavis.sock failed ], [ PWD=/ BOOT_FILE=/boot/vmlinuz HOSTNAME=bart CONSOLE=/dev/console PREVLEVEL=N AUTOBOOT=YES MACHTYPE=i386-suse-linux LINES=25 SHLVL=2 COLUMNS=80 BOOT_IMAGE=linux SHELL=/bin/bash HOSTTYPE=i386 OSTYPE=linux HOME=/ TERM=linux PATH=/sbin:/bin:/usr/sbin:/usr/bin RUNLEVEL=3 INIT_VERSION=sysvinit-2.78 _=/sbin/startproc DAEMON=/usr/sbin/amavis-milter ] done Does anybody have a clue what happened there? I use Sophos sweep for scanning and it works. I even checked /usr/sbin/amavis for changes but everything looks perfect. Thanks Uwe
Uwe Boigs wrote: [ line wrapping after 72 chars, please ]
I'm running a SuSE 7.2 as a Mail-Server. Since my last OnlineUpdate, which updated sendmail, I have the problem, that amavis is not started anymore.
What fact tells you amavis is not running anymore? What's the output of "ps auxw | grep -i amavis"? Does /var/run/amavis.sock exist? What's the output of "fuser /var/run/amavis.sock" (do this as "root")
"rcamavis satus" tells me "amavis:OK",
So I would assume amavis is running.
but the following thing is in the /var/log/boot.msg
Starting virus-scanning for sendmail (amavis)<notice>startproc: execve (/usr/sbin/amavis-milter) [ /usr/sbin/amavis-milter -p local:/var/run/amavis.sock failed ], [...]
The word "failed" can be explained very easily. It's a buglet in /etc/init.d/amavis :-) So, open /etc/init.d/amavis in your favorite text editor and scroll to the line startproc $AMAVIS_BIN -p local:/var/run/amavis.sock >/dev/null 2>&1 \ failed (that's actually a one liner!). Simply remove the word "failed" after 2>&1 at the end of line mentioned above :-) Moreover, at least an "amavis <version> blah" message should appear in /var/log/mail when a mail is sent. For full logging, set $log_level = 5 in /usr/sbin/amavis (default is 0). If no "amavis" line appears in the log at all, please show me the output of "grep amavis-milter /etc/sendmail.cf" HTH P.S. If anyone is interested in up-to-date amavis RPMs (amavisd 0.1 / amavis 0.3.12) for SuSE Linux 7.2, please drop me a note. (sorry, I built only up-to-date RPMs for 7.2 and not for any later version) best regards, Rainer Link
Rainer Link wrote:
What fact tells you amavis is not running anymore?
I detected that the ...amavis[13770] : starting. ... lines are missing in my /var/log/mail. This happened the same day I updated sendmail with YOU.
What's the output of "ps auxw | grep -i amavis"? Does /var/run/amavis.sock exist?
That gives me the following output: root 623 0.0 0.1 3424 484 ? S Jun13 0:00 /usr/sbin/amavis-milter -p local:/var/run/amavis.sock failed
What's the output of "fuser /var/run/amavis.sock" (do this as "root")
/var/run/amavis.sock: 621 622 623
"rcamavis satus" tells me "amavis:OK",
So I would assume amavis is running.
Thats what I thought, but as I said before, my Virus Testfile which was previously detected through amavis passes easily.
Moreover, at least an "amavis <version> blah" message should appear in /var/log/mail when a mail is sent. For full logging, set $log_level = 5 in /usr/sbin/amavis (default is 0). If no "amavis" line appears in the log at all, please show me the output of "grep amavis-milter /etc/sendmail.cf"
Unfortunately these lines are missing, thats exactly how I became aware of that problem. If no "amavis" line appears in the
log at all, please show me the output of "grep amavis-milter /etc/sendmail.cf"
"grep amavis-milter /etc/sendmail.cf" returns nothing. I guess thats not the way it's supposed to be!? :-( Thank you for your help Uwe
Uwe Boigs wrote:
What's the output of "ps auxw | grep -i amavis"? Does /var/run/amavis.sock exist?
That gives me the following output: root 623 0.0 0.1 3424 484 ? S Jun13 0:00 /usr/sbin/amavis-milter -p local:/var/run/amavis.sock failed
Hm, there should be two more amavis-milter processes (with the PID 621 and 622, see below). The "failed" is due of the /etc/init.d/amavis buglet as mentioned before. Could you try "pstree -p | grep amavis" please?
What's the output of "fuser /var/run/amavis.sock" (do this as "root")
/var/run/amavis.sock: 621 622 623
[..]
log at all, please show me the output of "grep amavis-milter /etc/sendmail.cf"
"grep amavis-milter /etc/sendmail.cf" returns nothing. I guess thats not the way it's supposed to be!? :-(
My fault, should be "grep milter-amavis /etc/sendmail.cf" or more simple just "grep amavis /etc/sendmail.cf" What's the output of "rpm -V amavis-sendmail"? Could you try: rcsendmail stop rcamavis stop rm -rf /var/run/amavis.sock rcamavis start rcsendmail start and then send the eicar test file virus? best regards, Rainer Link
Hey Rainer, Rainer Link wrote:
My fault, should be "grep milter-amavis /etc/sendmail.cf" or more simple just "grep amavis /etc/sendmail.cf"
What's the output of "rpm -V amavis-sendmail"?
Could you try: rcsendmail stop rcamavis stop rm -rf /var/run/amavis.sock rcamavis start rcsendmail start
and then send the eicar test file virus?
due to lack of ideas what to do, I downloaded a more recent amavis rpm, installed it and restarted sendmail afterwards. To my surprise it solved the problem. Everything is working fine by now and the eicar test file virus was detected. I wish I would know, and could tell you what the reason was, but unfortunatelly I still don't have a clue. Thanx a lot for all your help, which at least encouraged me to hang on. Kind regards Uwe
Uwe Boigs wrote:
due to lack of ideas what to do, I downloaded a more recent amavis rpm, installed it and restarted sendmail afterwards. To my surprise it solved the problem.
Ok. Btw, the most recent one (at least currently) is available at http://www.amavis.org/dist/RPM/SuSE-7.2 (read the installation instruction carefully, as some changes to the origignal package have been made)
Everything is working fine by now and the eicar test file virus was detected. I wish I would know, and could tell you what the reason was, but unfortunatelly I still don't have a clue.
I currently do not have a clue either :-(
Thanx a lot for all your help, which at least encouraged me to hang on. You're welcome.
best regards, Rainer Link
participants (2)
-
Rainer Link
-
Uwe Boigs