Антивирус + Антиспам
#1
Отправлено 06 Август 2009 - 08:18
2009-08-06 09:12:55 1MYvHb-0000js-HG == test@pupkin.ru R=drweb_router T=drweb_transport defer (-1): smtp transport process returned non-zero status 0x0100: exit code 1
2009-08-06 09:12:55 1MYvHb-0000js-HG Frozen
Письмо сразу не приходит, но через некоторое время письмо доходит до адресата. Вопрос это ошибка или так и должно быть?
#2
Отправлено 17 Август 2009 - 08:22
#3
Отправлено 09 Октябрь 2009 - 07:49
Хочу сразу добавить, что как только в конфиге Exim-а отключаю строки обработки почты dr.Web-ом, почта летает на ура.
(Складывается впечатление что dr.Web не успевает обработать письмо по этому дает статус (-1) )
exim.conf (настройки dr.web)
drweb_router:
driver = accept
condition = "${if eq {$received_protocol} {drweb-scanned}{0}{1}}"
retry_use_local_part
transport = drweb_transport
drweb_transport:
driver = smtp
port = 2424
protocol = lmtp
hosts_override = yes
hosts = 127.0.0.1
allow_localhost = yes
user = drweb
#4
Отправлено 09 Октябрь 2009 - 14:33
#5
Отправлено 09 Октябрь 2009 - 15:16
Oct 9 15:59:06 relay drweb-sender: [80df000] sender INFO Try restore lost msg absar8sHu
Oct 9 15:59:06 relay drweb-sender: [80df000] sender.RequestQueue INFO put msg [from: <test@rambler.ru>; to:<test@pupkin.ru>; id: absar8sHu] to queue for processing after 0 sec
/var/log/exim/exim_mainlog
2009-10-08 10:43:29 1Mvmin-0006xQ-1e <= test@rambler.ru H=mailc.rambler.ru [81.19.66.27] P=esmtp S=6683 id=!&!AAAAAAAAAAAYAAAAAAAAANwRGfqN0CVJmhfcAzxb5EqCggAAEAAAAGrXklladp9Ks4JiGiFe/iQBAAAAAA==@rambler.ru from <test@rambler.ru> for test@pupkin.ru
2009-10-08 10:43:29 1Mvmin-0006xQ-1e == test@pupkin.ru R=drweb_router T=drweb_transport defer (-1): smtp transport process returned non-zero status 0x0100: exit code 1
2009-10-08 10:43:29 1Mvmin-0006xQ-1e Frozen
Все логи какие я смог найти.
#6
Отправлено 09 Октябрь 2009 - 15:41
что в настройках логгирования maild?
#7
Отправлено 09 Октябрь 2009 - 16:39
more /var/log/messages | grep drweb
Oct 9 17:23:59 relay drweb-monitor: [8158000] ERROR cannot start component "drweb-sender" from application "MAILD": component "drweb-sender" wrong answer
Oct 9 17:24:00 relay drweb-monitor: [8158000] ERROR application "MAILD" cannot start
Oct 9 17:24:00 relay drweb-monitor: [8158000] ERROR start applications error: some applications didn't started
ps -ax | grep drweb
94759 ?? Ss 0:00.01 /usr/local/drweb/drweb-monitor -c /usr/local/etc/drweb/monitor.conf
94760 ?? S 0:00.07 /usr/local/drweb/drweb-agent -c /usr/local/etc/drweb/agent.conf
94761 ?? S 0:02.09 /usr/local/drweb/drweb-notifier local:/var/drweb/ipc/.agent
94766 ?? S 0:01.35 /usr/local/drweb/drweb-sender local:/var/drweb/ipc/.agent
94788 ?? Is 0:00.04 /usr/local/drweb/drwebd
94789 ?? I 0:00.00 /usr/local/drweb/drwebd
94790 ?? I 0:00.00 /usr/local/drweb/drwebd
94791 ?? I 0:00.00 /usr/local/drweb/drwebd
94792 ?? I 0:00.00 /usr/local/drweb/drwebd
94793 ?? I 0:00.00 /usr/local/drweb/drwebd
94794 ?? I 0:00.00 /usr/local/drweb/drwebd
94795 ?? I 0:00.00 /usr/local/drweb/drwebd
94796 ?? I 0:00.00 /usr/local/drweb/drwebd
94797 ?? I 0:00.00 /usr/local/drweb/drwebd
94798 ?? I 0:00.00 /usr/local/drweb/drwebd
94799 ?? I 0:00.00 /usr/local/drweb/drwebd
94800 ?? I 0:00.00 /usr/local/drweb/drwebd
94801 ?? I 0:00.00 /usr/local/drweb/drwebd
94802 ?? I 0:00.00 /usr/local/drweb/drwebd
94803 ?? I 0:00.00 /usr/local/drweb/drwebd
94804 ?? I 0:00.00 /usr/local/drweb/drwebd
more /usr/local/etc/drweb/maild_exim.conf
[General]
BaseDir = /var/drweb
MaxTimeoutForThreadActivity = 30s
IpcTimeout = 2m
Hostname = relay.pupkin.ru
[Logging]
Level = Debug
IpcLevel = Debug
SyslogFacility = Mail
[MailBase]
MaxStoredMessages = 100000
MaxStorageSize = 0
MaxPoolSize = 0
SendTimeout = 30s
FrozenTimeout = 2h
DeleteTimeout = 48h
BackupPeriod = 0
BackupName = /var/drweb/msgs/db/maildb.backup
[Filters]
LibDir = /usr/local/drweb/maild/plugins
Settings = Vaderetro: max_size = 400k | log_level=debug, headersfilter: max_size = 400k | log_level=debug, drweb: max_size = 10m
BeforeQueueFilters = vaderetro
MaxSizeBeforeQueueFilters = 0
AfterQueueFilters =
MaxSizeAfterQueueFilters = 0
PluginsBaseDir = /var/drweb/plugins
[Stat]
Send = yes
SendPeriod = 10m
Timeout = 30s
[Reports]
Send = yes
SendPeriod = 24h
Mail =
Names =
MaxPoolSize = 100
TopListSize = 20
[Maild]
ProtectedNetworks = 127.0.0.0/8
ProtectedDomains = pupkin.ru
IncludeSubdomains = yes
InMaxThreads = 20
OutMaxThreads = 1
RedirectMail = denis56@pupkin.ru
Quarantine = /var/drweb/infected
QuarantineFilesMode = 0660
QuarantineFilenamesMode = Std
QuarantineFilenamesPrefix = drweb.quarantine.
LicenseLimit = pass
EmptyFrom = continue
ProcessingErrors = pass
RulesLogLevel = Info
PidFile = /var/drweb/run/drweb-maild.pid
# These reply strings will be used as SMTP reply if message has been rejected.
# You can specify only text part of reply: 550 5.7.0 Text part of reply.
# Text must be quoted if it contains whitespaces.
UseCustomReply = no
ReplyEmptyFrom = "Dr.WEB Maild: Messages from <> are blocked by administrator."
ReplyError = "Dr.WEB Maild: Message is rejected due to software error."
[Receiver]
address = inet:2424@127.0.0.1
MaxThreads = 20
ProcessingErrors = reject
StalledProcessingInterval = 10m
OneCommandTimeout = 5m
OneMessageTimeout = 10m
AddReceivedHeader = no
ReturnReject = no
[Sender]
StalledProcessingInterval = 10m
SendingIntervals = 0s, 30s, 60s, 10m, 30m, 1h, 2h
Method = pipe
MailerName = Exim
Address = /usr/local/exim/bin/exim
Options =
InMaxThreads = 20
OutMaxThreads = 20
HeloCmdTimeout = 5m
MailFromCmdTimeout = 5m
RcptToCmdTimeout = 5m
DataCmdTimeout = 2m
DataBlockTimeout = 3m
EndOfDataTimeout = 10m
OtherCmdsTimeout = 2m
PipeTimeout = 2m
SendDSN = yes
[Notifier]
TemplatesBaseDir = /usr/local/etc/drweb/maild/templates
LngBaseDir = /usr/local/etc/drweb/maild/lng
AdminMail = denis56@pupkin.ru
FilterMail = DrWEB-MAIL-DAEMON@pupkin.ru
NotifyLangs = ru
TemplatesParserLogLevel = Info
RulesLogLevel = Info
[Rule] # default
notify = block
notify.Virus = allow(any)
notify.Cured = allow(admin:sender)
notify.Skip = allow(sender)
notify.Archive = allow(admin:sender)
notify.Error = allow(admin:sender)
notify.Rule = allow(admin)
notify.License = allow(admin)
notify.Malware = allow(any)
html = yes
scan = all
[Rule:viruses1]
notify = block
notify = allow(admin)
quarantine = no
[Rule:viruses2]
notify = allow
notify = block(sender)
quarantine = yes
[Users]
[Viruses]
"VBS\.Generic\.95" rule=viruses1
"VBS\.Generic\.348" rule=viruses1
"Win32\.Klez" rule=viruses1
"Win32\.Hazafi" rule=viruses1
"Win32\.Funlove" rule=viruses2
"Win32\.Valhala" rule=viruses2
"Win32\.Dumaru" rule=viruses2
"Win32\.Mail" rule=viruses1
"Win32\.HLLM" rule=viruses1
"Win32\.Grum" rule=viruses1
#8
Отправлено 09 Октябрь 2009 - 17:02
какие ошибки до
?Oct 9 17:23:59 relay drweb-monitor: [8158000] ERROR cannot start component "drweb-sender" from application "MAILD": component "drweb-sender" wrong answer
#9
Отправлено 12 Октябрь 2009 - 08:04
ps -ax | grep drweb-
860 ?? Ss 0:00.01 /usr/local/drweb/drweb-monitor -c /usr/local/etc/drweb/monitor.conf
866 ?? S 0:00.08 /usr/local/drweb/drweb-agent -c /usr/local/etc/drweb/agent.conf
931 ?? S 0:02.11 /usr/local/drweb/drweb-notifier local:/var/drweb/ipc/.agent
1009 ?? S 0:02.76 /usr/local/drweb/drweb-sender local:/var/drweb/ipc/.agent
1592 p0 R+ 0:00.00 grep drweb- (bash)
через 2 минуты
root:~>ps -ax | grep drweb-
2211 p0 R+ 0:00.00 grep drweb-
more /var/log/messages
Oct 12 09:00:05 relay drweb-monitor: [8158000] ERROR cannot start component "drweb-sender" from application "MAILD": component "drweb-sender" wrong answer
Oct 12 09:00:06 relay drweb-monitor: [8158000] ERROR application "MAILD" cannot start
Oct 12 09:00:06 relay drweb-monitor: [8158000] ERROR start applications error: some applications didn't started
more /var/drweb/log/drwebd.log
Mon Oct 12 08:39:08 2009 Shutting down daemon (signal 15 received)...
Mon Oct 12 08:40:41 2009 Dr.Web ® daemon for FreeBSD v4.44.1 (4.44.1.0811120)
Mon Oct 12 08:40:41 2009 Copyright © Igor Daniloff, 1992-2008
Mon Oct 12 08:40:41 2009 Doctor Web, Ltd., Moscow, Russia
Mon Oct 12 08:40:41 2009 Support service: http://support.drweb.com
Mon Oct 12 08:40:41 2009 To purchase: http://buy.drweb.com
Mon Oct 12 08:40:41 2009 Shell version: 4.44.0.10060 <API:2.2>
Mon Oct 12 08:40:41 2009 Engine version: 4.44.0.9170 <API:2.2>
Mon Oct 12 08:40:41 2009 Loading /var/drweb/bases/drwtoday.vdb - Ok, virus records: 124
--//--
Mon Oct 12 08:40:52 2009 Loading /var/drweb/bases/drwnasty.vdb - Ok, virus records: 13534
Mon Oct 12 08:40:52 2009 Total virus records: 696103
Mon Oct 12 08:40:52 2009 Key file: /usr/local/drweb/drweb32.key - loaded.
Mon Oct 12 08:40:52 2009 License key number: 0010939944
Mon Oct 12 08:40:52 2009 License key activates: 2009-07-17
Mon Oct 12 08:40:52 2009 License key expires: 2010-07-19
Mon Oct 12 08:40:52 2009 License for Internet gateways: None
Mon Oct 12 08:40:52 2009 License for file-servers: Unlimited
Mon Oct 12 08:40:52 2009 License for mail-servers: 20 e-mail addresses.
Mon Oct 12 08:40:52 2009 Daemon is enabled for protecting 19 e-mail`s:
Mon Oct 12 08:40:52 2009 test1@pupkin.ru
--//--
Mon Oct 12 08:40:52 2009 test19@pupkin.ru
Mon Oct 12 08:40:52 2009 Daemon is installed, active interfaces: /var/drweb/run/.daemon 127.0.0.1:3000
#10
Отправлено 12 Октябрь 2009 - 10:15
#11
Отправлено 12 Октябрь 2009 - 14:26
#12
Отправлено 12 Октябрь 2009 - 14:33
возможно это
/var/log/maillog
#13
Отправлено 12 Октябрь 2009 - 15:25
Прикрепленные файлы:
#14
Отправлено 12 Октябрь 2009 - 16:18
#15
Отправлено 14 Октябрь 2009 - 13:10
Прикрепленные файлы:
#16
Отправлено 14 Октябрь 2009 - 14:06
попробуейте удалить все из
/var/drweb/msgs/out/0
/var/drweb/msgs/out/1
..
/var/drweb/msgs/out/F
/var/drweb/msgs/out/x
и повторить эксперимент (сохранив логи)
Попробуйте так же настроить syslog что бы все логи mail.* шли в один файл - так их потом будет удобнее анализировать.
#17
Отправлено 14 Октябрь 2009 - 15:55
(повторно отправил аналогичное письмо)
Прикрепленные файлы:
#18
Отправлено 14 Октябрь 2009 - 16:42
#19
Отправлено 15 Октябрь 2009 - 07:08
#20
Отправлено 15 Октябрь 2009 - 08:18
Читают тему: 0
0 пользователей, 0 гостей, 0 скрытых