<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta http-equiv=Content-Type content="text/html; charset=iso-8859-1"><meta name=Generator content="Microsoft Word 14 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";
mso-fareast-language:EN-US;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p.MsoPlainText, li.MsoPlainText, div.MsoPlainText
{mso-style-priority:99;
mso-style-link:"Nur Text Zchn";
margin:0cm;
margin-bottom:.0001pt;
font-size:10.0pt;
font-family:"Tahoma","sans-serif";
mso-fareast-language:EN-US;}
span.E-MailFormatvorlage17
{mso-style-type:personal-compose;
font-family:"Tahoma","sans-serif";
color:windowtext;}
span.NurTextZchn
{mso-style-name:"Nur Text Zchn";
mso-style-priority:99;
mso-style-link:"Nur Text";
font-family:"Tahoma","sans-serif";}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri","sans-serif";
mso-fareast-language:EN-US;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:70.85pt 70.85pt 2.0cm 70.85pt;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body lang=DE link=blue vlink=purple><div class=WordSection1><p class=MsoPlainText>Hello all, <o:p></o:p></p><p class=MsoPlainText><o:p> </o:p></p><p class=MsoPlainText><span lang=EN-US>a few days ago we migrated our old Amavis Servers to new ones. I was monitoring the logs if everything works fine.<o:p></o:p></span></p><p class=MsoPlainText><span lang=EN-US>The new servers are almost the same, just a new operating system (old: SLES10SP2(physical machine) new:SLES11SP1(virtual machine)) with new packages (old: amavisd-new-2.3.3-17.2 new: amavisd-new-2.6.4-28.1).<o:p></o:p></span></p><p class=MsoPlainText><span lang=EN-US>amavisd.conf was simply copied to the new server.<o:p></o:p></span></p><p class=MsoPlainText><span lang=EN-US>Everything went fine but I found this “error” in the logs which weren’t there at the old one.<o:p></o:p></span></p><p class=MsoPlainText><span lang=EN-US>May 27 12:55:21 Servername amavis[15793]: (15793-19) smtp session rundown stale sessions, idle 271.3 s, smtp:[IPADDRESS]:10025, state ehlo.<o:p></o:p></span></p><p class=MsoPlainText><span lang=EN-US>Port 10025 is the port we're sending back scanned mails to postfix.<o:p></o:p></span></p><p class=MsoPlainText><span lang=EN-US>Idle times for a stale session are also quite random ranging from ~20s to >3000s.<o:p></o:p></span></p><p class=MsoPlainText><span lang=EN-US><o:p> </o:p></span></p><p class=MsoPlainText><span lang=EN-US>I looked if mails weren't transmitted correctly but it seems that’s no problem:<o:p></o:p></span></p><p class=MsoPlainText><span lang=EN-US>May 27 13:03:06 Servername amavis[17700]: (17700-02) smtp session rundown, sending QUIT <o:p></o:p></span></p><p class=MsoPlainText><span lang=EN-US>May 27 13:03:06 Servername amavis[17700]: (17700-02) smtp session rundown, closing session smtp:[IPADDRESS]:10025 <o:p></o:p></span></p><p class=MsoPlainText><span lang=EN-US>Then I looked if TCP connections were handled correctly, but that’s also fine.<o:p></o:p></span></p><p class=MsoPlainText><span lang=EN-US>If a connection is closed by the application it's also closed by the OS...(at least as far as I could see(netstat))<o:p></o:p></span></p><p class=MsoPlainText><span lang=EN-US><o:p> </o:p></span></p><p class=MsoPlainText><span lang=EN-US>I googled it but I haven't found anything useful for this problem(if it even is one).<o:p></o:p></span></p><p class=MsoPlainText><span lang=EN-US><o:p> </o:p></span></p><p class=MsoPlainText><span lang=EN-US>Now I would like to ask you about your opinion, could this be a problem? Or is it something I won't have to worry about?<o:p></o:p></span></p><p class=MsoPlainText><span lang=EN-US><o:p> </o:p></span></p><p class=MsoPlainText><span lang=EN-US>Kind regards<o:p></o:p></span></p><p class=MsoPlainText><span lang=EN-US>Timo Buettner<o:p></o:p></span></p><p class=MsoPlainText><span lang=EN-US><o:p> </o:p></span></p><p class=MsoPlainText><span lang=EN-US><o:p> </o:p></span></p><p class=MsoPlainText><span lang=EN-US>Our amavisd.conf:<o:p></o:p></span></p><p class=MsoPlainText><span lang=EN-US>use strict;<o:p></o:p></span></p><p class=MsoPlainText><span lang=EN-US>$max_servers = 25; # number of pre-forked children (2..15 is common)<o:p></o:p></span></p><p class=MsoPlainText><span lang=EN-US>$daemon_user = 'vscan';<o:p></o:p></span></p><p class=MsoPlainText><span lang=EN-US>$daemon_group = 'vscan';<o:p></o:p></span></p><p class=MsoPlainText><span lang=EN-US>$mydomain = 'ekom21.de'; # a convenient default for other settings<o:p></o:p></span></p><p class=MsoPlainText><span lang=EN-US>$MYHOME = '/var/spool/amavis';<o:p></o:p></span></p><p class=MsoPlainText><span lang=EN-US>$TEMPBASE = "$MYHOME/tmp"; # working directory, needs to be created manually<o:p></o:p></span></p><p class=MsoPlainText><span lang=EN-US>$ENV{TMPDIR} = $TEMPBASE; # environment variable TMPDIR<o:p></o:p></span></p><p class=MsoPlainText><span lang=EN-US>$QUARANTINEDIR = undef;<o:p></o:p></span></p><p class=MsoPlainText><span lang=EN-US>@local_domains_maps = (read_hash( "/var/spool/amavis/dom2.txt" )); @mynetworks = qw( 127.0.0.0/8 [::1] [FE80::]/10 [FEC0::]/10<o:p></o:p></span></p><p class=MsoPlainText><span lang=EN-US> {several IP-Addresses} <o:p></o:p></span></p><p class=MsoPlainText><span lang=EN-US> );<o:p></o:p></span></p><p class=MsoPlainText><span lang=EN-US>@inet_acl = qw( 127.0.0.0/8 [::1] [FE80::]/10 [FEC0::]/10<o:p></o:p></span></p><p class=MsoPlainText><span lang=EN-US> {several IP-Addresses} <o:p></o:p></span></p><p class=MsoPlainText><span lang=EN-US> );<o:p></o:p></span></p><p class=MsoPlainText><span lang=EN-US><o:p> </o:p></span></p><p class=MsoPlainText><span lang=EN-US>$log_level = 5; # verbosity 0..5<o:p></o:p></span></p><p class=MsoPlainText><span lang=EN-US>$log_recip_templ = undef; # disable by-recipient level-0 log entries<o:p></o:p></span></p><p class=MsoPlainText><span lang=EN-US>$DO_SYSLOG = 1; # log via syslogd (preferred)<o:p></o:p></span></p><p class=MsoPlainText><span lang=EN-US>$SYSLOG_LEVEL = 'mail.debug';<o:p></o:p></span></p><p class=MsoPlainText><span lang=EN-US>$enable_db = 1; # enable use of BerkeleyDB/libdb (SNMP and nanny)<o:p></o:p></span></p><p class=MsoPlainText><span lang=EN-US>$enable_global_cache = 1; # enable use of libdb-based cache if $enable_db=1<o:p></o:p></span></p><p class=MsoPlainText><span lang=EN-US>$inet_socket_port = [10024,20024,30024]; # listen on this local TCP port(s) (see $protocol)<o:p></o:p></span></p><p class=MsoPlainText><span lang=EN-US>$inet_socket_bind = '*';<o:p></o:p></span></p><p class=MsoPlainText><span lang=EN-US>$log_level = 3; # verbosity 0..5<o:p></o:p></span></p><p class=MsoPlainText><span lang=EN-US>$log_recip_templ = undef; # disable by-recipient level-0 log entries<o:p></o:p></span></p><p class=MsoPlainText><span lang=EN-US>$DO_SYSLOG = 1; # log via syslogd (preferred)<o:p></o:p></span></p><p class=MsoPlainText><span lang=EN-US>$SYSLOG_LEVEL = 'mail.debug';<o:p></o:p></span></p><p class=MsoPlainText><span lang=EN-US>$enable_db = 1; # enable use of BerkeleyDB/libdb (SNMP and nanny)<o:p></o:p></span></p><p class=MsoPlainText><span lang=EN-US>$enable_global_cache = 1; # enable use of libdb-based cache if $enable_db=1<o:p></o:p></span></p><p class=MsoPlainText><span lang=EN-US>$unix_socketname = "$MYHOME/amavisd.sock"; # when using sendmail milter $sa_tag_level_deflt = -20.0; # add spam info headers if at, or above that level $sa_tag2_level_deflt = 6.31; # angepasst von 5.0 $sa_kill_level_deflt = 6.31; # war 6.31 triggers spam evasive actions - nicht anfassen $sa_dsn_cutoff_level = 9.0; # war 9.0 spam level beyond which a DSN is not sent $sa_mail_body_size_limit = 200*1024; # don't waste time on SA if mail is larger<o:p></o:p></span></p><p class=MsoPlainText><span lang=EN-US>$sa_local_tests_only = 0; # only tests which do not require internet access?<o:p></o:p></span></p><p class=MsoPlainText><span lang=EN-US>$sa_auto_whitelist = 1; # turn on AWL in SA 2.63 or older (irrelevant<o:p></o:p></span></p><p class=MsoPlainText><span lang=EN-US> # for SA 3.0, cf option is 'use_auto_whitelist')<o:p></o:p></span></p><p class=MsoPlainText><span lang=EN-US>$mailfrom_notify_admin = "virusalert\@$mydomain"; # notifications sender<o:p></o:p></span></p><p class=MsoPlainText><span lang=EN-US>$mailfrom_notify_recip = "virusalert\@$mydomain"; # notifications sender<o:p></o:p></span></p><p class=MsoPlainText><span lang=EN-US>$mailfrom_notify_spamadmin = "spam.police\@$mydomain"; # notifications sender $mailfrom_to_quarantine = ''; # null return path; uses original sender if undef<o:p></o:p></span></p><p class=MsoPlainText><span lang=EN-US>@addr_extension_virus_maps = ('virus');<o:p></o:p></span></p><p class=MsoPlainText><span lang=EN-US>@addr_extension_spam_maps = ('spam');<o:p></o:p></span></p><p class=MsoPlainText><span lang=EN-US>@addr_extension_banned_maps = ('banned');<o:p></o:p></span></p><p class=MsoPlainText>@addr_extension_bad_header_maps = ('badh'); $path = '/usr/local/sbin:/usr/local/bin:/usr/sbin:/sbin:/usr/bin:/bin';<o:p></o:p></p><p class=MsoPlainText>$MAXLEVELS = 14;<o:p></o:p></p><p class=MsoPlainText><span lang=EN-US>$MAXFILES = 1500;<o:p></o:p></span></p><p class=MsoPlainText><span lang=EN-US>$MIN_EXPANSION_QUOTA = 100*1024; # bytes (default undef, not enforced)<o:p></o:p></span></p><p class=MsoPlainText><span lang=EN-US>$MAX_EXPANSION_QUOTA = 300*1024*1024; # bytes (default undef, not enforced) $sa_spam_subject_tag = 'xxxSPAMxxx'; $defang_virus = 1; # MIME-wrap passed infected mail $defang_banned = 1; # MIME-wrap passed mail containing banned name $myhostname = 'assmtp01.intern.ekom21.de'; $notify_method = 'smtp:*:10025'; # set to undef with milter!<o:p></o:p></span></p><p class=MsoPlainText><span lang=EN-US>$forward_method = 'smtp:*:10025'; # set to undef with milter!<o:p></o:p></span></p><p class=MsoPlainText><span lang=EN-US>$final_virus_destiny = D_REJECT;<o:p></o:p></span></p><p class=MsoPlainText><span lang=EN-US>$final_banned_destiny = D_REJECT;<o:p></o:p></span></p><p class=MsoPlainText><span lang=EN-US>$final_spam_destiny = D_REJECT;<o:p></o:p></span></p><p class=MsoPlainText><span lang=EN-US>$interface_policy{'20024'} = 'VSCAN';<o:p></o:p></span></p><p class=MsoPlainText><span lang=EN-US>$interface_policy{'30024'} = 'TAGGING';<o:p></o:p></span></p><p class=MsoPlainText><span lang=EN-US>$policy_bank{'VSCAN'} = { # mail originating from @mynetworks<o:p></o:p></span></p><p class=MsoPlainText><span lang=EN-US> bypass_spam_checks_maps => [1], # or: don't spam-check internal mail }; $policy_bank{'TAGGING'} = { # mail originating from @mynetworks<o:p></o:p></span></p><p class=MsoPlainText><span lang=EN-US> spam_kill_level_maps => [9999],<o:p></o:p></span></p><p class=MsoPlainText><span lang=EN-US>};<o:p></o:p></span></p><p class=MsoPlainText><span lang=EN-US>@viruses_that_fake_sender_maps = (new_RE(<o:p></o:p></span></p><p class=MsoPlainText><span lang=EN-US> [qr/^/ => 1], # true for everything else )); @keep_decoded_original_maps = (new_RE(<o:p></o:p></span></p><p class=MsoPlainText><span lang=EN-US> qr'^MAIL-UNDECIPHERABLE$', # recheck full mail if it contains undecipherables<o:p></o:p></span></p><p class=MsoPlainText><span lang=EN-US> qr'^(ASCII(?! cpio)|text|uuencoded|xxencoded|binhex)'i,<o:p></o:p></span></p><p class=MsoPlainText><span lang=EN-US>));<o:p></o:p></span></p><p class=MsoPlainText><span lang=EN-US>$banned_filename_re = new_RE(<o:p></o:p></span></p><p class=MsoPlainText><span lang=EN-US> # block certain double extensions anywhere in the base name<o:p></o:p></span></p><p class=MsoPlainText><span lang=EN-US> qr'^application/x-msdownload$'i, # block these MIME types<o:p></o:p></span></p><p class=MsoPlainText><span lang=EN-US> qr'^application/x-msdos-program$'i,<o:p></o:p></span></p><p class=MsoPlainText><span lang=EN-US> qr'^application/hta$'i,<o:p></o:p></span></p><p class=MsoPlainText><span lang=EN-US> [ qr'^\.(rpm|cpio|tar)$' => 0 ], # allow any in Unix-type archives<o:p></o:p></span></p><p class=MsoPlainText><span lang=EN-US> [ qr'^\.(zip|rar|arc|arj|zoo)$'=> 0 ], # allow any within such archives<o:p></o:p></span></p><p class=MsoPlainText><span lang=EN-US> qr'.\.(exe|vbs|pif|scr|bat|cmd|com|cpl)$'i, # banned extension - basic<o:p></o:p></span></p><p class=MsoPlainText><span lang=EN-US> qr'^\.(exe-ms)$', # banned file(1) types<o:p></o:p></span></p><p class=MsoPlainText>);<o:p></o:p></p><p class=MsoPlainText><o:p> </o:p></p></div></body></html>