help: ClamAV - connection refused

LeServal · Mar 16, 2010

I/II

Dear forum members,

I am experimenting around a bit in creating a mailserver with Postfix. It is, so far, local, bearing the name dove.flying. Everything else being fine, I cannot receive any e-mails when I turn on clamav. If I comment out the corresponding lines in main.cf and master.cf which activate clamav, everything is working - mail that I locally send I can also locally retrieve; but not so if clamav shall run as well, then no mail is received. I have installed clamav from the binary packages.

Please let me know what information you need to further analyse the problem. Below you can find the content of some files; I just removed the #-lines manually to enease reading, hope I did not erase anything important. Please let me know what error you deem I am making; I have been intensely fighting with this now for over two weeks.

uname -a:

Code:

FreeBSD dove.flying 8.0-RELEASE FreeBSD 8.0-RELEASE #0: Sat Nov 21 15:48:17 UTC 2009     root@almeida.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC  i386

Permissions on clamd:

Code:

-r-xr-xr-x  1 root  wheel  106692 Oct 21 09:25 /usr/local/sbin/clamd

ClamAV's working directory permissions:

Code:

drwxr-xr-x  2 clamav  clamav  512 Mar 16 08:16 /var/run/clamav/

Contents of this directory - PLEASE NOTE, SOMEHOW THERE IS NO clamd.ctl:

Code:

total 2
-rw-rw----  1 clamav  clamav  3 Mar 16 08:16 clamd.pid
srwxrwxrwx  1 clamav  clamav  0 Mar 16 08:16 clamd.sock

postconf -n:

Code:

biff = no
broken_sasl_auth_clients = yes
command_directory = /usr/local/sbin
config_directory = /usr/local/etc/postfix
content_filter = scan:127.0.0.1:10026
daemon_directory = /usr/local/libexec/postfix
data_directory = /var/db/postfix
debug_peer_level = 2
html_directory = /usr/local/share/doc/postfix
inet_interfaces = all
mail_owner = postfix
mailq_path = /usr/local/bin/mailq
manpage_directory = /usr/local/man
mydomain = flying
myhostname = dove.flying
mynetworks = 127.0.0.0/8
mynetworks_style = host
myorigin = dove.flying
newaliases_path = /usr/local/bin/newaliases
queue_directory = /var/spool/postfix
readme_directory = /usr/local/share/doc/postfix
receive_override_options = no_address_mappings
sample_directory = /usr/local/etc/postfix
sendmail_path = /usr/local/sbin/sendmail
setgid_group = maildrop
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_banner = $myhostname ESMTP $mail_name
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_path = /var/spool/postfix/private/dovecot-auth
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_sender_restrictions = permit_sasl_authenticated, permit_mynetworks
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/ssl/certs/dovecot.pem
smtpd_tls_key_file = /etc/ssl/private/dovecot.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_use_tls = yes
tls_random_source = dev:/dev/urandom
unknown_local_recipient_reject_code = 550

master.cf:

Code:

smtp      inet  n       -       n       -       -       smtpd -o content-filter=spamm:

scan  unix  -  -  n  -  16  smtp -o smtp_send_xforward_command=yes

127.0.0.1:10025  inet  n  -  n  -  16  smtpd
  -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks
  -o smtpd_recipient_restrictions=permit_mynetworks,reject
  -o mynetworks_style=host
  -o smtpd_authorized_xforward_hosts=127.0.0.0/8

pickup    fifo  n       -       n       60      1       pickup
cleanup   unix  n       -       n       -       0       cleanup
qmgr      fifo  n       -       n       300     1       qmgr
tlsmgr    unix  -       -       n       1000?   1       tlsmgr
rewrite   unix  -       -       n       -       -       trivial-rewrite
bounce    unix  -       -       n       -       0       bounce
defer     unix  -       -       n       -       0       bounce
trace     unix  -       -       n       -       0       bounce
verify    unix  -       -       n       -       1       verify
flush     unix  n       -       n       1000?   0       flush
proxymap  unix  -       -       n       -       -       proxymap
proxywrite unix -       -       n       -       1       proxymap
smtp      unix  -       -       n       -       -       smtpd -o content-filter=spamm:
relay     unix  -       -       n       -       -       smtp
	-o smtp_fallback_relay=
showq     unix  n       -       n       -       -       showq
error     unix  -       -       n       -       -       error
retry     unix  -       -       n       -       -       error
discard   unix  -       -       n       -       -       discard
local     unix  -       n       n       -       -       local
virtual   unix  -       n       n       -       -       virtual
lmtp      unix  -       -       n       -       -       lmtp
anvil     unix  -       -       n       -       1       anvil
scache    unix  -       -       n       -       1       scache

spamm      unix  -       n       n       -       -       pipe flags=Rq user=spamd argv=/usr/local/bin/spamm.sh -f ${sender} -- ${recipient}

main.cf:

Code:

queue_directory = /var/spool/postfix
command_directory = /usr/local/sbin
daemon_directory = /usr/local/libexec/postfix
data_directory = /var/db/postfix
mail_owner = postfix
unknown_local_recipient_reject_code = 550
mynetworks_style = host
smtpd_banner = $myhostname ESMTP $mail_name
biff = no
debug_peer_level = 2
debugger_command =
	 PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
	 ddd $daemon_directory/$process_name $process_id & sleep 5
sendmail_path = /usr/local/sbin/sendmail
newaliases_path = /usr/local/bin/newaliases
mailq_path = /usr/local/bin/mailq
setgid_group = maildrop
html_directory = /usr/local/share/doc/postfix
manpage_directory = /usr/local/man
sample_directory = /usr/local/etc/postfix
readme_directory = /usr/local/share/doc/postfix
mydomain = flying
myhostname = dove.flying
mynetworks_style = host
myorigin = dove.flying
mynetworks = 127.0.0.0/8
smtpd_tls_cert_file = /etc/ssl/certs/dovecot.pem
smtpd_tls_key_file = /etc/ssl/private/dovecot.pem
smtpd_use_tls = yes
smtpd_tls_auth_only = yes
smtpd_tls_received_header = yes
smtpd_tls_loglevel = 1
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
inet_interfaces = all
smtpd_sasl_auth_enable = yes
smtpd_sasl_type = dovecot
smtpd_sasl_path = /var/spool/postfix/private/dovecot-auth
smtpd_sasl_authenticated_header = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain = $myhostname
broken_sasl_auth_clients = yes
smtp_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
smtpd_sender_restrictions = permit_sasl_authenticated, permit_mynetworks
tls_random_source = dev:/dev/urandom
content_filter=scan:127.0.0.1:10026
receive_override_options = no_address_mappings

clamd.conf:

Code:

LogFile /var/log/clamav/clamd.log

LogFileMaxSize 10M
PidFile /var/run/clamav/clamd.pid
DatabaseDirectory /var/db/clamav
LocalSocket /var/run/clamav/clamd.sock
FixStaleSocket yes
TCPSocket 3310
TCPAddr 127.0.0.1
User clamav
AllowSupplementaryGroups yes
ScanMail yes

clamsmtpd.conf:

Code:

OutAddress: 10026
Listen: 127.0.0.1:10025
ClamAddress: /var/run/clamav/clamd.sock
User: clamav

rc.conf:

Code:

gateway_enable="YES"
hostname="dove.flying"
ifconfig_sis0="DHCP"
keymap="german.iso"
moused_enable="YES"
moused_flags="-3"
sshd_enable="YES"
sendmail_enable="NONE"
sendmail_submit_enable="NO"
sendmail_outbound_enable="NO"
sendmail_msp_queue_enable="NO"
postfix_enable="YES"
dovecot_enable="YES"
clamd_enable="YES"
clamav_clamd_enable="YES"
clamav_clamd_socket="/var/run/clamav/clamd.sock"
apache22_enable="YES"
apache22_http_accept_enable="YES"
spamd_enable="YES"
spamd_flags="-u spamd -H /var/spool/spamd"


# -- sysinstall generated deltas -- # Sat Mar  6 08:55:36 2010
ifconfig_sis0="DHCP"
hostname="dove.flying"
# -- sysinstall generated deltas -- # Sat Mar  6 21:38:12 2010
ifconfig_sis0="DHCP"
hostname="dove.flying"

I would be extremely gratefuly for any help with this. Thank you in advance for looking at it.

LeServal · Mar 16, 2010

II/II

maillog - if anything works, then only because I turn off clamav:

Code:

(blah...blah... failing stuff)

Mar 16 07:58:42 dove postfix/smtp[1262]: connect to 127.0.0.1[127.0.0.1]:10026: Connection refused
Mar 16 07:58:42 dove postfix/smtp[1262]: 448BD55347F: to=<root@dove.flying>, orig_to=<root>, relay=none, delay=2228, delays=2228/0.01/0/0, dsn=4.4.1, status=deferred (connect to 127.0.0.1[127.0.0.1]:10026: Connection refused)
Mar 16 08:01:06 dove postfix/postfix-script[1394]: stopping the Postfix mail system
Mar 16 08:01:06 dove postfix/master[999]: terminating on signal 15
Mar 16 08:01:06 dove dovecot: Killed with signal 15 (by pid=0 uid=0 code=unknown 0)
Mar 16 08:01:07 dove spamd[894]: spamd: server killed by SIGTERM, shutting down 
Mar 16 08:01:57 dove spamd[892]: logger: removing stderr method 
Mar 16 08:02:02 dove spamd[894]: spamd: server started on port 783/tcp (running version 3.2.5) 
Mar 16 08:02:02 dove spamd[894]: spamd: server pid: 894 
Mar 16 08:02:02 dove spamd[894]: spamd: server successfully spawned child process, pid 901 
Mar 16 08:02:02 dove spamd[894]: spamd: server successfully spawned child process, pid 902 
Mar 16 08:02:02 dove spamd[894]: prefork: child states: IS 
Mar 16 08:02:02 dove spamd[894]: prefork: child states: II 
Mar 16 08:02:05 dove dovecot: Dovecot v1.2.4 starting up
Mar 16 08:02:06 dove postfix/postfix-script[998]: starting the Postfix mail system
Mar 16 08:02:07 dove postfix/master[999]: daemon started -- version 2.6.5, configuration /usr/local/etc/postfix
Mar 16 08:04:20 dove postfix/pickup[1024]: B33FC553480: uid=0 from=<root>
Mar 16 08:04:20 dove postfix/cleanup[1169]: B33FC553480: message-id=<20100316070420.B33FC553480@dove.flying>
Mar 16 08:04:20 dove postfix/qmgr[1025]: B33FC553480: from=<root@dove.flying>, size=302, nrcpt=1 (queue active)
Mar 16 08:04:20 dove postfix/smtp[1171]: connect to 127.0.0.1[127.0.0.1]:10026: Connection refused
Mar 16 08:04:20 dove postfix/smtp[1171]: B33FC553480: to=<root@dove.flying>, orig_to=<root>, relay=none, delay=0.13, delays=0.1/0.03/0/0, dsn=4.4.1, status=deferred (connect to 127.0.0.1[127.0.0.1]:10026: Connection refused)
Mar 16 08:12:12 dove postfix/qmgr[1025]: B33FC553480: from=<root@dove.flying>, size=302, nrcpt=1 (queue active)
Mar 16 08:12:12 dove postfix/smtp[1241]: connect to 127.0.0.1[127.0.0.1]:10026: Connection refused
Mar 16 08:12:12 dove postfix/smtp[1241]: B33FC553480: to=<root@dove.flying>, orig_to=<root>, relay=none, delay=471, delays=471/0.01/0/0, dsn=4.4.1, status=deferred (connect to 127.0.0.1[127.0.0.1]:10026: Connection refused)
Mar 16 08:13:04 dove postfix/postfix-script[1358]: stopping the Postfix mail system
Mar 16 08:13:04 dove postfix/master[999]: terminating on signal 15
Mar 16 08:13:04 dove dovecot: Killed with signal 15 (by pid=0 uid=0 code=unknown 0)
Mar 16 08:13:04 dove spamd[894]: spamd: server killed by SIGTERM, shutting down 
Mar 16 08:13:54 dove spamd[892]: logger: removing stderr method 
Mar 16 08:13:59 dove spamd[894]: spamd: server started on port 783/tcp (running version 3.2.5) 
Mar 16 08:13:59 dove spamd[894]: spamd: server pid: 894 
Mar 16 08:13:59 dove spamd[894]: spamd: server successfully spawned child process, pid 901 
Mar 16 08:13:59 dove spamd[894]: spamd: server successfully spawned child process, pid 902 
Mar 16 08:13:59 dove spamd[894]: prefork: child states: II 
Mar 16 08:14:02 dove dovecot: Dovecot v1.2.4 starting up
Mar 16 08:14:03 dove postfix/postfix-script[998]: starting the Postfix mail system
Mar 16 08:14:04 dove postfix/master[1005]: daemon started -- version 2.6.5, configuration /usr/local/etc/postfix
Mar 16 08:14:32 dove postfix/pickup[1024]: 7EA82553481: uid=0 from=<root>
Mar 16 08:14:32 dove postfix/cleanup[1156]: 7EA82553481: message-id=<20100316071432.7EA82553481@dove.flying>
Mar 16 08:14:32 dove postfix/qmgr[1025]: 7EA82553481: from=<root@dove.flying>, size=293, nrcpt=1 (queue active)
Mar 16 08:14:32 dove postfix/smtp[1158]: connect to 127.0.0.1[127.0.0.1]:10026: Connection refused
Mar 16 08:14:32 dove postfix/smtp[1158]: 7EA82553481: to=<root@dove.flying>, orig_to=<root>, relay=none, delay=0.08, delays=0.05/0.03/0/0, dsn=4.4.1, status=deferred (connect to 127.0.0.1[127.0.0.1]:10026: Connection refused)
Mar 16 08:15:13 dove postfix/postfix-script[1280]: stopping the Postfix mail system
Mar 16 08:15:13 dove postfix/master[1005]: terminating on signal 15
Mar 16 08:15:13 dove dovecot: Killed with signal 15 (by pid=0 uid=0 code=unknown 0)
Mar 16 08:15:14 dove spamd[894]: spamd: server killed by SIGTERM, shutting down 
Mar 16 08:16:04 dove spamd[892]: logger: removing stderr method 
Mar 16 08:16:09 dove spamd[894]: spamd: server started on port 783/tcp (running version 3.2.5) 
Mar 16 08:16:09 dove spamd[894]: spamd: server pid: 894 
Mar 16 08:16:09 dove spamd[894]: spamd: server successfully spawned child process, pid 901 
Mar 16 08:16:09 dove spamd[894]: spamd: server successfully spawned child process, pid 902 
Mar 16 08:16:09 dove spamd[894]: prefork: child states: II 
Mar 16 08:16:12 dove dovecot: Dovecot v1.2.4 starting up
Mar 16 08:16:13 dove postfix/postfix-script[1004]: starting the Postfix mail system
Mar 16 08:16:13 dove postfix/master[1005]: daemon started -- version 2.6.5, configuration /usr/local/etc/postfix
Mar 16 08:16:28 dove postfix/pickup[1024]: C8C18553482: uid=0 from=<root>
Mar 16 08:16:28 dove postfix/cleanup[1156]: C8C18553482: message-id=<20100316071628.C8C18553482@dove.flying>
Mar 16 08:16:28 dove postfix/qmgr[1025]: C8C18553482: from=<root@dove.flying>, size=293, nrcpt=1 (queue active)
Mar 16 08:16:28 dove postfix/smtp[1158]: connect to 127.0.0.1[127.0.0.1]:10026: Connection refused
Mar 16 08:16:28 dove postfix/smtp[1158]: C8C18553482: to=<root@dove.flying>, orig_to=<root>, relay=none, delay=0.08, delays=0.05/0.03/0/0, dsn=4.4.1, status=deferred (connect to 127.0.0.1[127.0.0.1]:10026: Connection refused)

graudeejs · Mar 16, 2010

I've yet to read your post, but you could take a look at this
http://forums.freebsd.org/showthread.php?t=10728

graudeejs · Mar 16, 2010

I think you need to add something like this in master.cf

Code:

# For injecting mail back into postfix from the filter
IP_of_jail:10026 inet  n -       n       -       16      smtpd
        -o content_filter=
        -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks
        -o smtpd_helo_restrictions=
        -o smtpd_client_restrictions=
        -o smtpd_sender_restrictions=
        -o smtpd_recipient_restrictions=permit_mynetworks,reject
        -o mynetworks_style=host
        -o smtpd_authorized_xforward_hosts=IP_of_jail

LeServal · Mar 16, 2010

Thank you.

I think I have such a line as you mentioned, do I not?

But in the very interesting link you passed, I noticed I had forgotten to set

clamsmtpd_enable="YES"

in rc.conf...

If anything else is discovered, please mention it; this evening I shall attempt another configuration experiment.

LeServal · Mar 16, 2010

Thank you.

I think I have such a line as you mentioned, do I not?

But in the very interesting link you passed, I noticed I had forgotten to set

Code:

clamsmtpd_enable="YES"

in rc.conf...

If anything else is discovered, please mention it; this evening I shall attempt another configuration experiment.

graudeejs · Mar 16, 2010

in your config you have port 10025, I have 10026...

LeServal · Mar 16, 2010

It did NOT work. Starting clamsmtpd in rc.conf resulted either it it telling me on startup that the port 10025 was already used, or, if in master.cf I am using port 10026, it started fine, but when I tried to send a message it was returned (i.e., failed to be delivered) with the notice that it needed too many hops. Any ideas what to do now?

graudeejs · Mar 16, 2010

well, postfix is trying to connect to port 10026
from your logs

Code:

Mar 16 08:16:28 dove postfix/smtp[1158]: connect to 127.0.0.1[127.0.0.1]:10026: Connection refused

graudeejs · Mar 16, 2010

and in your original mail.cf you have
content_filter = scan:127.0.0.1:10026

LeServal · Mar 16, 2010

Dear Killasmurf,

Maybe I am misunderstanding this whole re-injection scheme, so could you please clarify:

I have the following statements across the config files, _x_, _y_, _z_ & _q_ being numbers:

master.cf:
127.0.0.1:_x_ inet ...

main.cf:
content_filter = scan:127.0.0.1:_y_

clamsmtpd.conf:
OutAddress:_z_
Listen: 127.0.0.1:_q_

Now, if I understood correctly, y and q are the same, as that is how postfix sends the mail to clamsmtpd, and then z and x are the same, because that is how clamsmtpd sends the scanned mail back to postfix - or did I misunderstand anything?! And if I put x and y as being the same, do I not "short-circuit" it, so that clamsmtpd never actually sees the mail? - This is all very new to me, so please accept my apology if my assumptions are entirely wrong.

LeServal · Mar 17, 2010

Yippie, IT IS ALIVE!

OK, first thing: yes, 10026 as you and several other tutorials said, mea culpa; second thing: when I did it, it started to bounce giving me "too many hops" errors - and then I understood that actually I do need that empty -o content_filter in master.cf, otherwise it would just continue to resubmit it...

Thank you for looking at it.