1 (edited by sulliwane 2014-05-19 21:41:22)

Topic: virus_scan FAILED and mail.log mad, Spam Attack? Help [SOLVED]

==== Required information ====
- iRedMail version: 0.8.6
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): LDAP
- Linux/BSD distribution name and version: Ubuntu 12.04
- Related log if you're reporting an issue: /var/log/mail.log


Impossible to send/receive mails this morning. I check /var/log/mail.err :

May 18 23:13:47 ns3098045 amavis[22052]: (22052-01) (!!)TROUBLE in check_mail: virus_scan FAILED: AV: ALL VIRUS SCANNERS FAILED
May 18 23:15:33 ns3098045 amavis[4640]: (04640-14) (!!)WARN: all primary virus scanners failed, considering backups 

Then I check /var/log/mail.log :

May 19 08:30:28 ns3098045 postfix/postdrop[25480]: warning: mail_queue_enter: create file maildrop/960772.25480: Permission denied
May 19 08:30:28 ns3098045 postfix/postdrop[25851]: warning: mail_queue_enter: create file maildrop/973424.25851: Permission denied
May 19 08:30:29 ns3098045 postfix/postdrop[20819]: warning: mail_queue_enter: create file maildrop/17363.20819: Permission denied
May 19 08:30:29 ns3098045 postfix/postdrop[14258]: warning: mail_queue_enter: create file maildrop/74294.14258: Permission denied

I have a 3 new lines written every second...?!

Then I check the size of mail.log :

root@ns35:/home# ls -ahl /var/log/mail.log
-rw-r----- 1 syslog adm 1.1G May 19 08:32 /var/log/mail.log

The I check the size of my server partition :

root@ns3098045:/home/victor# df -h
Filesystem             Size  Used Avail Use% Mounted on
rootfs                  20G   13G  5.8G  69% /
udev                   987M  4.0K  987M   1% /dev
tmpfs                  200M  300K  200M   1% /run
/dev/sda1               20G   13G  5.8G  69% /
none                   5.0M     0  5.0M   0% /run/lock
none                   997M  4.0K  997M   1% /run/shm
/dev/sda3              898G  274M  852G   1% /home
/home/victor/.Private  898G  274M  852G   1% /home/victor/Private

and with top command, I see that PERL process is 100%.

After this, I feel there is a problem but I don't really know what. So I re-enabled greylisting in clubringer, and restarted my server. Now it seems quiet....

I'd be grateful if somebody could explain me what happened. My mail server worked perfectly for 3 months...Is it a spam attack?

Am I supposed to take any action?

Thank you for any help,


2 (edited by sulliwane 2014-05-19 16:19:53)

Re: virus_scan FAILED and mail.log mad, Spam Attack? Help [SOLVED]

Few months ago, I realized I messed up my /var permissions. I might have done a

 chown root: /var 

After that, I spent hours repairing the /var permissions based on another Ubuntu server.

So today I checked /var/spool/postfix/ and give Postdrop correct permissions.

Then i fixed Postfix permissions using :

 root@ns345:/etc/postfix# postfix -c /etc/postfix set-permissions
chown: cannot access `/usr/lib/postfix/dict_cdb.so': No such file or directory

Then I checked postfix permissions status :

 root@ns345:/etc/postfix# postfix check
postfix/postfix-script: warning: /var/spool/postfix/etc/ssl/certs/ca-certificates.crt and /etc/ssl/certs/ca-certificates.crt differ

And now mail.log and mail.err are quiet !

I can send and receive emails again. I guess I almost solved the problem, even If I don't understand why after 3 months it suddenly stopped working...

Any feedback would be appreciated of course,
thank you.


Re: virus_scan FAILED and mail.log mad, Spam Attack? Help [SOLVED]

Had this failure on all my iredmail installations after a yum update. (centos)
problem was a chmod change on /var/spool/amavisd/tmp

chmod -cR 755 /var/spool/amavisd/tmp
was fixing the problem.


Re: virus_scan FAILED and mail.log mad, Spam Attack? Help [SOLVED]

Hi Frankstar,

thanks for your answer. For Ubuntu it's in /var/lib/amavisd/tmp, but I already fixed this directory permissions 3 months ago.

I'm more and more sure that my error is related to the bad command I run 3 month ago by mistake, and that messed up the permissions in /var. The best would be to install another iredmail on another ubuntu server, and look again on the remaining permissions differences.

I think my problem is kind of solved smile

Thanks anyway for your help !