度々、すみません。
原因不明な現象が発生し対応方法に困っている状態です。
■内容
「postfix」と「dovecot」を使用してメールサーバーを構築しているのですが、再起動した後からメールの受信ができない状態になりました。
また、 Postfix + Clamav + ClamSmtp + Spampd + SpamAssassin
を行ってました。
■環境
Debian 4.0 (etch)
Postfix 2.3.8-2
dovecot 1.0.rc15-2
Squirrelmail 2:1.4.9a-2
spamassassin 3.1.7-2
spampd 2.30-16
clamav 0.90.2-1
clamsmtp 1.8-5
■mail.log 内容
問題1
spampd[6344]: WARNING!! Error in process_request eval block: /usr/sbin/spampd: write error: パイプが切断されま
した at /usr/sbin/spampd line 360, <GEN1> line 10.
問題2
postfix/qmgr[6707]: warning: connect to transport spamd: No such file or directory
以下の内容より、環境設定部分になります。
■postfix(main.cf)
alias_database = hash:/etc/postfix/aliases
alias_maps = hash:/etc/postfix/aliases
command_directory = /usr/sbin
config_directory = /etc/postfix
content_filter = scan:127.0.0.1:10026
daemon_directory = /usr/lib/postfix
disable_vrfy_command = yes
home_mailbox = Maildir/
inet_interfaces = all
mailbox_command = /usr/bin/procmail
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
mydomain = ドメイン
myhostname = ドメイン
mynetworks = 127.0.0.0/8
myorigin = $mydomain
receive_override_options = no_address_mappings
relay_domains = $mydestination
relayhost = [smtp.vcgamma.ocn.ne.jp]:587
smtp_destination_recipient_limit = 1
smtp_sasl_auth_enable = yes
smtp_sasl_mechanism_filter = cram-md5, plain, login
smtp_sasl_password_maps = hash:/etc/postfix/isp_passwd
smtp_sasl_security_options = noanonymous
smtp_tls_session_cache_database = btree:${queue_directory}/smtp_scache
smtpd_banner = $myhostname ESMTP unknown
smtpd_helo_required = yes
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = $myhostname
smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key
smtpd_tls_session_cache_database = btree:${queue_directory}/smtpd_scache
smtpd_use_tls = yes
unknown_local_recipient_reject_code = 550
virtual_alias_maps = hash:/etc/postfix/virtual
■postfix(master.cf)
smtp inet n - - - - smtpd
submission inet n - - - - smtpd
-o smtpd_enforce_tls=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
smtps inet n - - - - smtpd
-o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
#628 inet n - - - - qmqpd
pickup fifo n - - 60 1 pickup
cleanup unix n - - - 0 cleanup
qmgr fifo n - n 300 1 qmgr
#qmgr fifo n - - 300 1 oqmgr
tlsmgr unix - - - 1000? 1 tlsmgr
rewrite unix - - - - - trivial-rewrite
bounce unix - - - - 0 bounce
defer unix - - - - 0 bounce
trace unix - - - - 0 bounce
verify unix - - - - 1 verify
flush unix n - - 1000? 0 flush
proxymap unix - - n - - proxymap
smtp unix - - - - - smtp
# When relaying mail as backup MX, disable fallback_relay to avoid MX loops
relay unix - - - - - smtp
-o fallback_relay=
# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq unix n - - - - showq
error unix - - - - - error
discard unix - - - - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - - - - lmtp
anvil unix - - - - 1 anvil
scache unix - - - - 1 scache
#
# ====================================================================
# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
#
# Many of the following services use the Postfix pipe(8) delivery
# agent. See the pipe(8) man page for information about ${recipient}
# and other message envelope options.
# ====================================================================
#
# maildrop. See the Postfix MAILDROP_README file for details.
# Also specify in main.cf: maildrop_destination_recipient_limit=1
#
maildrop unix - n n - - pipe
flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
#
# See the Postfix UUCP_README file for configuration details.
#
uucp unix - n n - - pipe
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
#
# Other external delivery methods.
#
ifmail unix - n n - - pipe
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix - n n - - pipe
flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
scalemail-backend unix - n n - 2 pipe
flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
mailman unix - n n - - pipe
flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
${nexthop} ${user}
# 2007.05.24 追加 #
scan unix - - n - 16 smtp
-o smtp_send_xforward_command=yes
127.0.0.1:10027 inet n - n - 16 smtpd
-o content_filter=
-o receive_override_options=no_unknown_recipient_checks,no_header_body_checks
-o smtpd_helo_restrictions=
-o smtpd_client_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o mynetworks_style=host
-o smtpd_authorized_xforward_hosts=127.0.0.0/8
■clamav(clamd.conf)
LocalSocket /var/run/clamav/clamd.ctl
FixStaleSocket true
User clamav
AllowSupplementaryGroups true
ScanMail true
ScanArchive true
ArchiveMaxRecursion 5
ArchiveMaxFiles 1000
ArchiveMaxFileSize 10M
ArchiveMaxCompressionRatio 250
ArchiveLimitMemoryUsage false
ArchiveBlockEncrypted false
MaxDirectoryRecursion 15
FollowDirectorySymlinks false
FollowFileSymlinks false
ReadTimeout 180
MaxThreads 12
MaxConnectionQueueLength 15
StreamMaxLength 10M
LogSyslog false
LogFacility LOG_LOCAL6
LogClean false
LogVerbose false
PidFile /var/run/clamav/clamd.pid
DatabaseDirectory /var/lib/clamav
#TemporaryDirectory /tmp
TemporaryDirectory /mnt/tmp/clamav
SelfCheck 3600
Foreground false
Debug false
ScanPE true
ScanOLE2 true
ScanHTML true
DetectBrokenExecutables false
MailFollowURLs false
ArchiveBlockMax false
ExitOnOOM false
LeaveTemporaryFiles false
AlgorithmicDetection true
ScanELF true
NodalCoreAcceleration false
IdleTimeout 30
MailMaxRecursion 64
PhishingSignatures true
LogFile /var/log/clamav/clamav.log
LogTime true
LogFileUnlock false
LogFileMaxSize 0
■clamasmtp(clamsmtpd.conf)
# The address to send scanned mail to.
# This option is required unless TransparentProxy is enabled
OutAddress: 10025
# The maximum number of connection allowed at once.
# Be sure that clamd can also handle this many connections
#MaxConnections: 64
# Amount of time (in seconds) to wait on network IO
#TimeOut: 180
# Address to listen on (defaults to all local addresses on port 10025)
Listen: 127.0.0.1:10026
# The address clamd is listening on
ClamAddress: /var/run/clamav/clamd.ctl
# A header to add to all scanned email
#ScanHeader: X-AV-Checked: ClamAV using ClamSMTP
Header: X-AV-Checked: ClamAV using ClamSMTP
# Directory for temporary files
#TempDirectory: /var/spool/clamsmtp
TempDirectory: /mnt/tmp/clamav
# PidFile: location of PID file
PidFile: /var/run/clamsmtp/clamsmtpd.pid
# Whether or not to bounce email (default is to silently drop)
#Bounce: off
# Whether or not to keep virus files
#Quarantine: off
# Enable transparent proxy support
#TransparentProxy: off
# User to run as
User: clamsmtp
■spampd(/etc/default/spampd)
# Defaults file for spampd, the spam proxy daemon
# (spampd is using spamassassin to scan mails)
# On boolean options, 0 means off/no/false, 1 means on/yes/true
# Wether or not to start spampd (0/1)
STARTSPAMPD=1
# where to put the PID file
PIDFILE=/var/run/spampd.pid
# The IP to listen on
LISTENHOST=127.0.0.1
# The port to listen on
LISTENPORT=10025
# The host to forward the connection to
DESTHOST=127.0.0.1
# The port to forward the connection to
DESTPORT=10027
# How many parallel checks can be done in parallel
CHILDREN=3
# user ID to run as
USERID=spampd
# group ID to run as
GRPID=spampd
# Wether or not to tag all messages (0/1)
TAGALL=1
# Wether or not to use auto-whitelisting (0/1)
AUTOWHITELIST=0
# Wether or not to do only local checks
# if this is turned on, no network based checks
# (like DNS-Blacklists) are done. (0/1)
LOCALONLY=1
# Wether to prefer INET (network,1) for syslog logging
# instead of UNIX (unix domain socket,0) (0/1)
LOGINET=0
# Any additional parameters you want to pass to spampd
#
# The following sample entry enables use of a config file
# by spampd which can be used to override parameters from
# the system-wide SpamAssassin configuration
#
#ADDOPTS="--config=/etc/spampd.conf"
ADDOPTS=""
■spamassassin(/etc/default/spamassassin)
# Duncan Findlay
# WARNING: please read README.spamd before using.
# There may be security risks.
# Change to one to enable spamd
#ENABLED=0
ENABLED=1
# Options
# See man spamd for possible options. The -d option is automatically added.
# SpamAssassin uses a preforking model, so be careful! You need to
# make sure --max-children is not set to anything higher than 5,
# unless you know what you're doing.
OPTIONS="--create-prefs --max-children 5 --helper-home-dir"
# Pid file
# Where should spamd write its PID to file? If you use the -u or
# --username option above, this needs to be writable by that user.
# Otherwise, the init script will not be able to shut spamd down.
PIDFILE="/var/run/spamd.pid"
# Set nice level of spamd
#NICE="--nicelevel 15"
mail.logの内容の「問題1」と「問題2」の内容が原因不明の内容になります。
問題解決方法があるのでしたらご教授お願い致します。
宜しくお願い致します。
ここに上げられた内容だけでは、 Postfix + Clamav + ClamSmtp + Spampd + SpamAssassin がどう関係しているのかが見えませんが、@ITのスレのことでいいんですよね。あちらは尻切れトンボになっているようですが・・。
http://www.atmarkit.co.jp/bbs/phpBB/viewtopic.php?topic=38597&forum=10&7
よしさんが、上記で参照先として提示している内容はかなり特殊なやり方のため、おやじには全体として正しいのかどうかの判断はできません。従って、フォローもできませんので、どうしても参照先の方法にこだわるなら参照先に相談されたほうが良いと思います。
ただ、参照先はおやじのサイトのように細かく書かれていないので、真似てできるような記述内容ではありません。誤解がないように言っておきますが、書かれているとおりやればできるのだろうと思いますが、説明が省略されていたり、前コンテンツをみて重ねないとわからなかったり、ここのパラメータがどういう意味を持つか書かれていないのでわかりにくいということです。
つまり、Postfixで各モジュールがどのようにメールを配送しているかをしっかり理解しつつ、Postfixが各デーモンとどのように連携しているかを理解できなければ、参照先の内容で設定するのは困難と思います。
よしさんが提示された全てのconfigを見たわけではありませんが、明らかにメールの配送が参照先に書かれているとおり設定されていないため、まともには動作するとは思えません。
具体的には、postfixを含め各たデーモンのlisten/outputポートがうまく連携していませんし、postfixからfilterに渡すcheck_client_accessの設定もできていませんよね。
何故、参照先どおり設定しないのでしょうか? 設定の意味を理解して変更されているならいいのですが、明らかに不整合があるので??? もし理解できないなら、参照先の内容を自分で動かすのは無理ではないかと思います。素直に素人のおやじがやったようにAmavisd-newでも利用したほうがいいのでは?
なお、configはコメント行は削除してください。