Results 1 to 1 of 1

Thread: Antivirus/antispam issue - all messages deferred

Hybrid View

  1. #1
    Join Date
    Feb 2011
    Location
    Poland
    Posts
    6
    Rep Power
    4

    Default Antivirus/antispam issue - all messages deferred

    Hello,

    I need urgent help because I have no idea what is going on This happened all of sudden, no reconfiguration was made - all mails are being deferred and it seems that it has something to do with Amavis... se logs:

    Aug 26 15:36:40 poczta postfix/smtpd[11363]: connect from mail-pb0-f47.google.com[209.85.160.47]
    Aug 26 15:36:40 poczta postfix/smtpd[11363]: setting up TLS connection from mail-pb0-f47.google.com[209.85.160.47]
    Aug 26 15:36:40 poczta postfix/smtpd[11363]: Anonymous TLS connection established from mail-pb0-f47.google.com[209.85.160.47]: TLSv1 with cipher RC4-SHA (128/128 bits)
    Aug 26 15:36:41 poczta postfix/smtpd[11363]: EA21C1062062: client=mail-pb0-f47.google.com[209.85.160.47]
    Aug 26 15:36:42 poczta postfix/cleanup[11369]: EA21C1062062: message-id=<CAC2infSq=JCav-3gwWf-FQ4H7dTJR8WzQOD6MA73CF6b7WT00g@mail.gmail.com>
    Aug 26 15:36:42 poczta postfix/qmgr[674]: EA21C1062062: from=<xxxxx@gmail.com>, size=1461, nrcpt=1 (queue active)
    Aug 26 15:36:42 poczta amavis[517]: (00517-02) ESMTP::10024 /opt/zimbra/data/amavisd/tmp/amavis-20120826T152215-00517: <xxxxx@gmail.com> -> <yyyyy@myzimbradomain.com> SIZE=1461 Received: from poczta.europoles.pl ([127.0.0.1]) by localhost (poczta.europoles.pl [127.0.0.1]) (amavisd-new, port 10024) with ESMTP for <yyyyy@myzimbradomain.com>; Sun, 26 Aug 2012 15:36:42 +0200 (CEST)
    Aug 26 15:36:42 poczta amavis[517]: (00517-02) dkim: VALID Author+Sender+MailFrom signature by i=@gmail.com, From: <xxxxx@gmail.com>, a=rsa-sha256, c=relaxed/relaxed, s=20120113, d=gmail.com
    Aug 26 15:36:42 poczta amavis[517]: (00517-02) Checking: kAWDVResF2Eg [209.85.160.47] <xxxxx@gmail.com> -> <yyyyy@myzimbradomain.com>
    Aug 26 15:36:42 poczta amavis[517]: (00517-02) p001 1 Content-Type: text/plain, size: 3 B, name:
    Aug 26 15:36:43 poczta amavis[517]: (00517-02) SPAM-TAG, <xxxxx@gmail.com> -> <yyyyy@myzimbradomain.com>, No, score=-2.6 tagged_above=-10 required=10 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham
    Aug 26 15:36:43 poczta amavis[517]: (00517-02) mail_via_smtp: session failed: Can't connect to INET4 socket 127.0.0.1: Connection refused
    Aug 26 15:36:43 poczta amavis[517]: (00517-02) (!)FWD via SMTP: <xxxxx@gmail.com> -> <yyyyy@myzimbradomain.com>, 450 4.4.1 Can't connect to INET4 socket 127.0.0.1: Connection refused, MTA([127.0.0.1]:10025), id=00517-02
    Aug 26 15:36:43 poczta amavis[517]: (00517-02) Blocked MTA-BLOCKED, [209.85.160.47] [209.85.160.47] <xxxxx@gmail.com> -> <yyyyy@myzimbradomain.com>, Message-ID: <CAC2infSq=JCav-3gwWf-FQ4H7dTJR8WzQOD6MA73CF6b7WT00g@mail.gmail.com>, mail_id: kAWDVResF2Eg, Hits: -2.6, size: 1461, dkim_id=@gmail.com, 603 ms
    Aug 26 15:36:43 poczta amavis[517]: (00517-02) TIMING-SA total 490 ms - parse: 1.37 (0.3%), extract_message_metadata: 23 (4.8%), poll_dns_idle: 208 (42.4%), get_uri_detail_list: 0.56 (0.1%), tests_pri_-1000: 3 (0.6%), tests_pri_-950: 0.84 (0.2%), tests_pri_-900: 0.87 (0.2%), tests_pri_-400: 48 (9.8%), check_bayes: 47 (9.6%), tests_pri_0: 234 (47.7%), check_spf: 206 (42.1%), check_pyzor: 0.18 (0.0%), tests_pri_500: 2.00 (0.4%), learn: 156 (31.8%), get_report: 2 (0.4%)
    Aug 26 15:36:43 poczta amavis[517]: (00517-02) TIMING [total 627 ms] - SMTP greeting: 1 (0%)0, SMTP EHLO: 1 (0%)0, SMTP pre-MAIL: 1 (0%)0, lookup_ldap: 11 (2%)2, SMTP pre-DATA-flush: 1 (0%)2, SMTP DATA: 19 (3%)5, check_init: 0 (0%)5, digest_hdr: 3 (0%)6, digest_body_dkim: 20 (3%)9, gen_mail_id: 2 (0%)9, mime_decode: 25 (4%)13, get-file-type1: 12 (2%)15, decompose_part: 1 (0%)15, parts_decode: 0 (0%)15, check_header: 1 (0%)15, spam-wb-list: 2 (0%)16, SA parse: 2 (0%)16, SA check: 483 (77%)93, update_cache: 7 (1%)94, decide_mail_destiny: 1 (0%)94, fwd-end-chkpnt: 6 (1%)95, prepare-dsn: 1 (0%)95, main_log_entry: 5 (1%)96, SMTP pre-response: 0 (0%)96, SMTP response: 0 (0%)96, unlink-1-files: 0 (0%)96, rundown: 23 (4%)100
    Aug 26 15:36:43 poczta amavis[517]: (00517-02) smtp session rundown, cache off, smtp:[127.0.0.1]:10025, state down
    Aug 26 15:36:43 poczta postfix/smtp[11370]: EA21C1062062: to=<yyyyy@myzimbradomain.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=1.6, delays=0.96/0.01/0/0.6, dsn=4.4.1, status=deferred (host 127.0.0.1[127.0.0.1] said: 450 4.4.1 id=00517-02 - Temporary MTA failure on relaying, Can't connect to INET4 socket 127.0.0.1: Connection refused, MTA([127.0.0.1]:10025), id=00517-02 (in reply to end of DATA command))
    Aug 26 15:37:12 poczta postfix/smtpd[11363]: disconnect from mail-pb0-f47.google.com[209.85.160.47]
    Aug 26 15:37:15 poczta postfix/qmgr[674]: 22E3D1061FDC: from=<xxxxx@gmail.com>, size=1773, nrcpt=1 (queue active)
    Aug 26 15:37:15 poczta postfix/qmgr[674]: BF7551061FFE: from=<yyyyy@myzimbradomain.com>, size=626, nrcpt=1 (queue active)
    Aug 26 15:37:15 poczta amavis[524]: (00524-02) ESMTP::10024 /opt/zimbra/data/amavisd/tmp/amavis-20120826T152715-00524: <yyyyy@myzimbradomain.com> -> <xxxxx@gmail.com> SIZE=626 Received: from poczta.europoles.pl ([127.0.0.1]) by localhost (poczta.europoles.pl [127.0.0.1]) (amavisd-new, port 10024) with ESMTP for <xxxxx@gmail.com>; Sun, 26 Aug 2012 15:37:15 +0200 (CEST)
    Aug 26 15:37:15 poczta amavis[524]: (00524-02) Checking: CuOK4SE+avXT MYNETS [46.149.251.186] <yyyyy@myzimbradomain.com> -> <xxxxx@gmail.com>
    Aug 26 15:37:15 poczta amavis[526]: (00526-01) ESMTP::10024 /opt/zimbra/data/amavisd/tmp/amavis-20120826T153715-00526: <xxxxx@gmail.com> -> <yyyyy@myzimbradomain.com> SIZE=1773 Received: from poczta.europoles.pl ([127.0.0.1]) by localhost (poczta.europoles.pl [127.0.0.1]) (amavisd-new, port 10024) with ESMTP for <yyyyy@myzimbradomain.com>; Sun, 26 Aug 2012 15:37:15 +0200 (CEST)
    Aug 26 15:37:15 poczta amavis[524]: (00524-02) (!)FWD via SMTP: <yyyyy@myzimbradomain.com> -> <xxxxx@gmail.com>, 450 4.4.1 Can't connect to INET4 socket 127.0.0.1: Connection refused, MTA([127.0.0.1]:10025), id=00524-02
    Aug 26 15:37:15 poczta amavis[524]: (00524-02) Blocked MTA-BLOCKED, MYNETS LOCAL [46.149.251.186] [46.149.251.186] <yyyyy@myzimbradomain.com> -> <xxxxx@gmail.com>, Message-ID: <D1760667-F2AA-422F-AE89-F4A426D354CA@poczta.europoles.pl>, mail_id: CuOK4SE+avXT, Hits: -2.91, size: 626, 264 ms
    Aug 26 15:37:15 poczta amavis[524]: (00524-02) TIMING [total 298 ms] - SMTP greeting: 1 (0%)0, SMTP EHLO: 1 (0%)1, SMTP pre-MAIL: 1 (0%)1, lookup_ldap: 4 (1%)2, SMTP pre-DATA-flush: 1 (0%)3, SMTP DATA: 35 (12%)14, check_init: 0 (0%)14, digest_hdr: 1 (0%)15, digest_body_dkim: 0 (0%)15, gen_mail_id: 1 (0%)15, mime_decode: 26 (9%)24, get-file-type1: 9 (3%)27, decompose_part: 0 (0%)27, parts_decode: 0 (0%)27, check_header: 1 (0%)27, spam-wb-list: 1 (0%)27, SA parse: 1 (0%)28, SA check: 170 (57%)85, update_cache: 4 (1%)86, decide_mail_destiny: 0 (0%)87, fwd-end-chkpnt: 2 (1%)87, prepare-dsn: 1 (0%)87, main_log_entry: 4 (1%)89, SMTP pre-response: 0 (0%)89, SMTP response: 0 (0%)89, unlink-1-files: 0 (0%)89, rundown: 33 (11%)100
    Aug 26 15:37:15 poczta amavis[524]: (00524-02) smtp session rundown, cache off, smtp:[127.0.0.1]:10025, state down
    Aug 26 15:37:15 poczta amavis[526]: (00526-01) dkim: VALID Author+Sender+MailFrom signature by i=@gmail.com, From: <xxxxx@gmail.com>, a=rsa-sha256, c=relaxed/relaxed, s=20120113, d=gmail.com
    Aug 26 15:37:15 poczta amavis[526]: (00526-01) Checking: qCe6FJ6SGgEQ [209.85.212.170] <xxxxx@gmail.com> -> <yyyyy@myzimbradomain.com>
    Aug 26 15:37:15 poczta postfix/smtp[11402]: BF7551061FFE: to=<xxxxx@gmail.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=9016, delays=9015/0.03/0/0.26, dsn=4.4.1, status=deferred (host 127.0.0.1[127.0.0.1] said: 450 4.4.1 id=00524-02 - Temporary MTA failure on relaying, Can't connect to INET4 socket 127.0.0.1: Connection refused, MTA([127.0.0.1]:10025), id=00524-02 (in reply to end of DATA command))
    Aug 26 15:37:15 poczta amavis[526]: (00526-01) p001 1 Content-Type: text/plain, size: 40 B, name:
    Aug 26 15:37:15 poczta amavis[520]: (00520-03) TIMING [total 507 ms] - SMTP greeting: 1 (0%)0, SMTP EHLO: 0 (0%)0, SMTP pre-MAIL: 0 (0%)0, lookup_ldap: 3 (1%)1, lookup_ldap: 3 (1%)1, lookup_ldap: 2 (0%)2, SMTP pre-DATA-flush: 1 (0%)2, SMTP DATA: 43 (8%)10, check_init: 0 (0%)10, digest_hdr: 1 (0%)11, digest_body_dkim: 1 (0%)11, gen_mail_id: 1 (0%)11, mime_decode: 49 (10%)21, get-file-type3: 9 (2%)23, parts_decode: 0 (0%)23, check_header: 1 (0%)23, spam-wb-list: 3 (1%)23, SA parse: 3 (1%)24, SA check: 344 (68%)92, update_cache: 8 (2%)93, decide_mail_destiny: 2 (0%)94, fwd-end-chkpnt: 7 (1%)95, prepare-dsn: 2 (0%)96, main_log_entry: 4 (1%)96, SMTP pre-response: 0 (0%)96, SMTP response: 0 (0%)96, unlink-3-files: 0 (0%)96, rundown: 19 (4%)100
    Aug 26 15:37:15 poczta amavis[520]: (00520-03) smtp session rundown, cache off, smtp:[127.0.0.1]:10025, state down
    Aug 26 15:37:17 poczta amavis[526]: (00526-01) SPAM-TAG, <xxxxx@gmail.com> -> <yyyyy@myzimbradomain.com>, No, score=-2.59 tagged_above=-10 required=10 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, T_TO_NO_BRKTS_FREEMAIL=0.01] autolearn=unavailable
    Aug 26 15:37:17 poczta amavis[526]: (00526-01) mail_via_smtp: session failed: Can't connect to INET4 socket 127.0.0.1: Connection refused
    Aug 26 15:37:17 poczta amavis[526]: (00526-01) (!)FWD via SMTP: <xxxxx@gmail.com> -> <yyyyy@myzimbradomain.com>, 450 4.4.1 Can't connect to INET4 socket 127.0.0.1: Connection refused, MTA([127.0.0.1]:10025), id=00526-01
    Aug 26 15:37:17 poczta amavis[526]: (00526-01) Blocked MTA-BLOCKED, [209.85.212.170] [178.181.228.234] <xxxxx@gmail.com> -> <yyyyy@myzimbradomain.com>, Message-ID: <98AAD41A-F4B0-42D5-9F6C-5BEC89F37B78@gmail.com>, mail_id: qCe6FJ6SGgEQ, Hits: -2.59, size: 1773, dkim_id=@gmail.com, 2583 ms
    Aug 26 15:37:17 poczta amavis[526]: (00526-01) TIMING-SA total 2193 ms - parse: 0.90 (0.0%), extract_message_metadata: 16 (0.7%), poll_dns_idle: 2057 (93.8%), get_uri_detail_list: 0.51 (0.0%), tests_pri_-1000: 2 (0.1%), tests_pri_-950: 0.83 (0.0%), tests_pri_-900: 0.85 (0.0%), tests_pri_-400: 11 (0.5%), check_bayes: 10 (0.5%), tests_pri_0: 263 (12.0%), check_spf: 227 (10.4%), check_pyzor: 0.19 (0.0%), tests_pri_500: 1865 (85.1%), learn: 21 (1.0%), get_report: 1.05 (0.0%)
    Aug 26 15:37:17 poczta amavis[526]: (00526-01) TIMING [total 2584 ms] - ldap-prepare: 5 (0%)0, SMTP greeting: 3 (0%)0, SMTP EHLO: 1 (0%)0, SMTP pre-MAIL: 1 (0%)0, mkdir tempdir: 0 (0%)0, create email.txt: 0 (0%)0, ldap-connect: 245 (9%)10, lookup_ldap: 4 (0%)10, SMTP pre-DATA-flush: 1 (0%)10, SMTP DATA: 0 (0%)10, check_init: 0 (0%)10, digest_hdr: 2 (0%)10, digest_body_dkim: 78 (3%)13, gen_mail_id: 1 (0%)13, mkdir parts: 1 (0%)13, mime_decode: 6 (0%)13, get-file-type1: 7 (0%)14, decompose_part: 1 (0%)14, parts_decode: 0 (0%)14, check_header: 1 (0%)14, spam-wb-list: 1 (0%)14, SA parse: 2 (0%)14, SA check: 2190 (85%)99, update_cache: 4 (0%)99, decide_mail_destiny: 1 (0%)99, fwd-end-chkpnt: 12 (0%)99, prepare-dsn: 1 (0%)99, main_log_entry: 15 (1%)100, SMTP pre-response: 0 (0%)100, SMTP response: 0 (0%)100, unlink-1-files: 0 (0%)100, rundown: 0 (0%)100
    Aug 26 15:37:17 poczta amavis[526]: (00526-01) smtp session rundown stale sessions, smtp:[127.0.0.1]:10025, state down
    Aug 26 15:37:17 poczta amavis[526]: (00526-01) extra modules loaded: /opt/zimbra/zimbramon/lib/x86_64-linux-gnu-thread-multi/auto/Net/SSLeay/autosplit.ix, /opt/zimbra/zimbramon/lib/x86_64-linux-gnu-thread-multi/auto/Net/SSLeay/randomize.al, IO/Socket/SSL.pm, Net/LDAP/Extension.pm, Net/SSLeay.pm, unicore/lib/gc_sc/Alnum.pl, unicore/lib/gc_sc/Alpha.pl
    Aug 26 15:37:17 poczta postfix/smtp[11370]: 22E3D1061FDC: to=<yyyyy@myzimbradomain.com>, orig_to=<yyyyy@myzimbraalias.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=9059, delays=9056/0.04/0.01/2.6, dsn=4.4.1, status=deferred (host 127.0.0.1[127.0.0.1] said: 450 4.4.1 id=00526-01 - Temporary MTA failure on relaying, Can't connect to INET4 socket 127.0.0.1: Connection refused, MTA([127.0.0.1]:10025), id=00526-01 (in reply to end of DATA command))
    Aug 26 15:37:28 poczta zmmailboxdmgr[11476]: status requested
    Aug 26 15:37:28 poczta zmmailboxdmgr[11476]: status OK
    Aug 26 15:37:28 poczta zmmailboxdmgr[11484]: status requested
    Aug 26 15:37:28 poczta zmmailboxdmgr[11484]: status OK
    Aug 26 15:38:05 poczta zmmailboxdmgr[11832]: status requested
    Aug 26 15:38:05 poczta zmmailboxdmgr[11832]: status OK
    Aug 26 15:38:30 poczta zmmailboxdmgr[12027]: status requested
    Aug 26 15:38:30 poczta zmmailboxdmgr[12027]: status OK
    Aug 26 15:38:30 poczta zmmailboxdmgr[12035]: status requested
    Aug 26 15:38:30 poczta zmmailboxdmgr[12035]: status OK
    If I disable AV/AS modules everything works... but I have to enter 'zmmtactl restart' manualy also.

    In addition - DNS, trusted networks and everything else was compared to what whas asked in other threads with similiar issue. But I cannot fix it so my Zimbra is running without antispam protection.
    Also I've tested internal connectivity and I'm only unable to telnet to localhost (or by fqdn) on port 10025.
    Last edited by jawe83; 08-26-2012 at 12:32 PM.
    Release 7.2.0_GA_2669.UBUNTU10_64 UBUNTU10_64 NETWORK edition, Patch 7.2.0_P1.

Similar Threads

  1. Stop Antivirus and antispam
    By alimovz in forum Administrators
    Replies: 5
    Last Post: 08-22-2011, 04:19 AM
  2. Replies: 9
    Last Post: 07-14-2011, 02:26 AM
  3. Help cant run MTA/SPELL/antispam/antivirus
    By arman_goku in forum Installation
    Replies: 0
    Last Post: 04-14-2009, 06:31 PM
  4. Antispam/Antivirus forum?
    By ewilen in forum /etc
    Replies: 0
    Last Post: 04-08-2009, 02:39 PM
  5. Distributed Antivirus/AntiSpam how do you do it?
    By jstrat in forum Installation
    Replies: 0
    Last Post: 10-04-2006, 06:28 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •