Hi all,
I'm having a weird problem on a mailserver. The setup is postfix-2.1.5-3 and
amavisd-new-2.1.2-5 with clamav-0.80-2.1,
BitDefender-Console-Antivirus-7.0.1-3, and
antivir-2.1.1-4. OS is SUSE 9.2 with all updates applied.
All users can receive mail, except one person who's mail gets sent to root.
For each mail a "message undelivered mail gets set to root too, with
Command died with status 99: "/usr/sbin/amavis"
as the only hint. From the amavis logs I see:
Nov 29 09:41:22 mpost /usr/sbin/amavisd[26107]: (client-XXr5Y7VL)
AM.CL /var/spool/amavis/amavis-client-XXr5Y7VL: <root(a)company.com> ->
<amanda(a)company.com>
Nov 29 09:41:22 mpost /usr/sbin/amavisd[26107]: (client-XXr5Y7VL) body hash:
d8e8fca2dc0f896fd7cb4cb0031ba249
Nov 29 09:41:22 mpost /usr/sbin/amavisd[26107]: (client-XXr5Y7VL) Checking:
<root(a)company.com> -> <amanda(a)company.com>
Nov 29 09:41:22 mpost /usr/sbin/amavisd[26107]: (client-XXr5Y7VL) Cached virus
check expired, TTL = 180 s
Nov 29 09:41:22 mpost /usr/sbin/amavisd[26107]: (client-XXr5Y7VL) cached
d8e8fca2dc0f896fd7cb4cb0031ba249 from <root(a)company.com> (1,0,0)
Nov 29 09:41:22 mpost /usr/sbin/amavisd[26107]: (client-XXr5Y7VL) Using (Clam
Antivirus - clamscan): /usr/bin/clamscan --stdout --no-summary
-r /var/spool/amavis/amavis-client-XXr5Y7VL/parts
Nov 29 09:41:24 mpost /usr/sbin/amavisd[26107]: (client-XXr5Y7VL)
run_av: /usr/bin/clamscan exit
0, /var/spool/amavis/amavis-client-XXr5Y7VL/parts/p001: OK
Nov 29 09:41:24 mpost /usr/sbin/amavisd[26107]: (client-XXr5Y7VL) Using
(H+BEDV AntiVir or CentralCommand Vexira Antivirus): /usr/bin/antivir
--allfiles -noboot -nombr -rs -s
-z /var/spool/amavis/amavis-client-XXr5Y7VL/parts
Nov 29 09:41:25 mpost /usr/sbin/amavisd[26107]: (client-XXr5Y7VL)
run_av: /usr/bin/antivir exit 0, AntiVir / Linux Version 2.1.2-15
+gui\nCopyright (c) 1994-2004 by H+BEDV Datentechnik GmbH.\nAll rights
reserved.\n\nLoading /usr/lib/AntiVir/antivir.vdf ...\n\nVDF version:
6.28.0.94 created 28 Nov 2004\n\nAntiVir license: 149999 for Evaluation
License for SuSE Linux\n\nchecking drive/path
(list): /var/spool/amavis/amavis-client-XXr5Y7VL/parts\n\n------ scan results
------\n directories: ...1\n scanned
files: ...1\n...alerts: ...0\n...suspicious: ...0\n...scan time:
00:00:01\n--------------------------\nThank you for using AntiVir.
Nov 29 09:41:25 mpost /usr/sbin/amavisd[26107]: (client-XXr5Y7VL) Using
(BitDefender): /usr/bin/bdc --all --arc
--mail /var/spool/amavis/amavis-client-XXr5Y7VL/parts
Nov 29 09:41:27 mpost /usr/sbin/amavisd[26107]: (client-XXr5Y7VL)
run_av: /usr/bin/bdc exit 0, BDC/Linux-Console v7.0 (build 2490) (i386) (Dec
10 2003 16:11:35)\nCopyright (C) 1996-2003 SOFTWIN SRL. All rights reserved.
\n\n\n\nResults:
\nFolders ...:1\nFiles ...:1\nPacked ...:0\nArchives ...:0\nInfected
files :0\nSuspect files ...:0\nWarnings ...:0\nI/O errors ...:0\n
Nov 29 09:41:29 mpost /usr/sbin/amavisd[26107]: (client-XXr5Y7VL) spam_scan:
hits=-2.574 tests=ALL_TRUSTED,AWL,DNS_FROM_RFC_WHOIS
Nov 29 09:41:29 mpost /usr/sbin/amavisd[26107]: (client-XXr5Y7VL) SPAM-TAG,
<root(a)company.com> -> <amanda(a)company.com>, No, hits=-2.574
tagged_above=-2200 required=9 tests=ALL_TRUSTED, AWL, DNS_FROM_RFC_WHOIS
Nov 29 09:41:29 mpost /usr/sbin/amavisd[26107]: (client-XXr5Y7VL) FWD via
SMTP: [127.0.0.1]:10025 <root(a)company.com> -> <amanda(a)company.com>
Nov 29 09:41:29 mpost /usr/sbin/amavisd[26107]: (client-XXr5Y7VL) AUTH not
needed, user='', MTA offers ''
Nov 29 09:41:29 mpost /usr/sbin/amavisd[26107]: (client-XXr5Y7VL)
mail_via_smtp: 250 2.6.0 Ok, id=client-XXr5Y7VL, from MTA: 250 Ok: queuedas
1603F11E98
Nov 29 09:41:29 mpost /usr/sbin/amavisd[26107]: (client-XXr5Y7VL) Passed,
<root(a)company.com> -> <amanda(a)company.com>, Message-ID:
<41AAD2A2.mailK7K1UA1PW(a)mpost.company.com>, Hits: -2.574
Nov 29 09:41:29 mpost /usr/sbin/amavisd[26107]: (client-XXr5Y7VL) Passed
CLEAN, <root(a)company.com> -> <amanda(a)company.com>, Hits: -2.574, tag=-2200,
tag2=9, kill=9, L/Y/0/0
Nov 29 09:41:29 mpost /usr/sbin/amavisd[26107]: (client-XXr5Y7VL) WARN: no
recips left (forgot to set $forward_method=undef using milter?),250 2.6.0 Ok,
id=client-XXr5Y7VL, from MTA: 250 Ok: queued as 1603F11E98
Nov 29 09:41:29 mpost /usr/sbin/amavisd[26107]: (client-XXr5Y7VL) mail
checking ended: setreply=250 2.6.0 Ok,%20id=client-XXr5Y7VL,%20from%20MTA:
%20250%20Ok:%20queued%20as%201603F11E98\nreturn_value=discard\nexit_code=99
Nov 29 09:41:29 mpost /usr/sbin/amavisd[26107]: (client-XXr5Y7VL) TIMING
[total 6841 ms] - got data: 8 (0%), body_hash: 6 (0%), mkdir parts: 3 (0%),
mime_decode: 38 (1%), get-file-type1: 27 (0%), decompose_part: 1 (0%),
parts_decode: 0 (0%), AV-scan-1: 2120 (31%), AV-scan-2: 1036 (15%),
AV-scan-3: 2030 (30%), spam-wb-list: 7 (0%), SA msg read: 3 (0%), SA parse: 7
(0%), SA check: 1359 (20%), update_cache: 4 (0%), fwd-connect: 30 (0%),
fwd-mail-from: 5 (0%), fwd-rcpt-to: 10 (0%), write-header: 11 (0%), fwd-data:
1 (0%), fwd-data-end: 76 (1%), fwd-rundown:9 (0%), main_log_entry: 43 (1%),
update_snmp: 0 (0%), unlink-1-files: 2 (0%), rmdir: 0 (0%), unlink-1-files: 1
(0%), rmdir: 0 (0%), rundown: 3 (0%)
Nov 29 09:41:29 mpost /usr/sbin/amavisd[26107]: (client-XXr5Y7VL) load: 5 %,
total idle 449.889 s, busy 23.596 s
Postfix logs give me:
Nov 29 09:41:29 mpost postfix/qmgr[25477]: 1603F11E98:
from=<root(a)company.com>, size=895, nrcpt=1 (queue active)
Nov 29 09:41:29 mpost postfix/pipe[26195]: 43D1B11E96:
to=<amanda(a)company.com>, orig_to=<amanda>, relay=vscan, delay=7,
status=bounced (Command died with status 99: "/usr/sbin/amavis")
Nov 29 09:41:29 mpost postfix/local[26187]: 1603F11E98:
to=<hansdp(a)company.com>, orig_to=<amanda(a)company.com>, relay=local, delay=0,
status=sent (delivered to maildir)
Nov 29 09:41:29 mpost postfix/qmgr[25477]: 1603F11E98: removed
Nov 29 09:41:29 mpost postfix/cleanup[26167]: AB45111E97:
message-id=<20041129074129.AB45111E97(a)mpost.company.com>
Nov 29 09:41:29 mpost postfix/qmgr[25477]: AB45111E97: from=<>, size=2128,
nrcpt=1 (queue active)
Nov 29 09:41:29 mpost postfix/qmgr[25477]: 43D1B11E96: removed
Nov 29 09:41:29 mpost postfix/local[26187]: AB45111E97:
to=<hansdp(a)company.com>, orig_to=<root(a)company.com>, relay=local, delay=0,
status=sent (delivered to maildir)
I thought I'd make a temporary user and alias her mail to that user, but the
new user had the same problem. Now I'm baffled.
Anybody know what causes this? Even a simple test mail sent with mailx from
command line causes this to happen.
Thanks
--
Kind regards
Hans du Plooy
Newington Consulting Services
hansdp at newingtoncs dot co dot za