amavis: Error reading from socket: connection reset by peer

Joel Dahl joel at vnode.se
Mon Oct 17 11:23:49 CEST 2011 

Hi,

I've set up amavisd-new 2.7.0 with postfix 2.8.5 on a FreeBSD 8.2 machine and
it's been mostly a smooth ride so far.  This machine will act as a mail
gateway and spam filter in front of a couple of internal mail servers.  On
rare occasions (a few times a week, somewhat random) I see something weird
in my maillog however.

It looks like amavis dies here:

Oct 17 06:22:48 smtp postfix/postscreen[62226]: CONNECT from [123.168.232.239]:2387
Oct 17 06:22:54 smtp postfix/postscreen[62226]: PASS NEW [123.168.232.239]:2387
Oct 17 06:22:54 smtp postfix/smtpd[62229]: connect from unknown[123.168.232.239]
Oct 17 06:22:55 smtp postfix/smtpd[62229]: 4E0E7E04E2: client=unknown[123.168.232.239]
Oct 17 06:22:55 smtp postfix/cleanup[62232]: 4E0E7E04E2: message-id=<5DBTMTXL8DKA6YXAOC at localhost.localdomain>
Oct 17 06:22:56 smtp postfix/qmgr[54022]: 4E0E7E04E2: from=<conglomerationo8 at qip.ru>, size=18026, nrcpt=1 (queue active)
Oct 17 06:22:56 smtp postfix/smtpd[62229]: disconnect from unknown[123.168.232.239]
Oct 17 06:22:57 smtp amavis[61150]: (61150-02) (!)FWD from <conglomerationo8 at qip.ru> -> <me at mydomain.tld>, 451 4.5.0 From MTA() during fwd-connect (Error reading from socket: Connection reset by peer at /usr/local/sbin/amavisd line 6814.): id=61150-02
Oct 17 06:22:57 smtp amavis[61150]: (61150-02) Blocked MTA-BLOCKED {TempFailedInbound}, [123.168.232.239]:2387 [123.168.232.239] <conglomerationo8 at qip.ru> -> <me at mydomain.tld>, Queue-ID: 4E0E7E04E2, Message-ID: <5DBTMTXL8DKA6YXAOC at localhost.localdomain>, mail_id: KT9C9Ke7LxEZ, Hits: 4.052, size: 18026, 1231 ms
Oct 17 06:22:57 smtp amavis[61150]: (61150-02) (!!)TROUBLE in process_request: Error writing to socket: Broken pipe at /usr/local/sbin/amavisd line 6843.
Oct 17 06:22:57 smtp postfix/smtp[62233]: 4E0E7E04E2: to=<me at mydomain.tld>, relay=127.0.0.1[127.0.0.1]:10024, delay=2.4, delays=1.1/0/0.01/1.2, dsn=4.5.0, status=deferred (host 127.0.0.1[127.0.0.1] said: 451 4.5.0 id=61150-02 - Temporary MTA failure on relaying, From MTA() during fwd-connect (Error reading from socket: Connection reset by peer at /usr/local/sbin/amavisd line 6814.): id=61150-02 (in reply to end of DATA command))
Oct 17 06:22:57 smtp amavis[61150]: (61150-02) (!)Requesting process rundown after fatal error
Oct 17 06:22:57 smtp amavis[61150]: (61150-02) (!)_DIE: Error writing to socket: Broken pipe at /usr/local/sbin/amavisd line 6843.

...and then, 8 minutes later:

Oct 17 06:30:26 smtp postfix/qmgr[54022]: 4E0E7E04E2: from=<conglomerationo8 at qip.ru>, size=18026, nrcpt=1 (queue active)
Oct 17 06:30:27 smtp postfix/smtpd[62254]: connect from localhost[127.0.0.1]
Oct 17 06:30:27 smtp postfix/smtpd[62254]: D8FAAE0666: client=localhost[127.0.0.1]
Oct 17 06:30:27 smtp postfix/cleanup[62255]: D8FAAE0666: message-id=<5DBTMTXL8DKA6YXAOC at localhost.localdomain>
Oct 17 06:30:27 smtp postfix/smtpd[62254]: disconnect from localhost[127.0.0.1]
Oct 17 06:30:27 smtp postfix/qmgr[54022]: D8FAAE0666: from=<conglomerationo8 at qip.ru>, size=18718, nrcpt=1 (queue active)
Oct 17 06:30:27 smtp amavis[61761]: (61761-02) Passed CLEAN {RelayedInbound}, [123.168.232.239]:2387 [123.168.232.239] <conglomerationo8 at qip.ru> -> <me at mydomain.tld>, Queue-ID: 4E0E7E04E2, Message-ID: <5DBTMTXL8DKA6YXAOC at localhost.localdomain>, mail_id: tJ1Womdf9N4H, Hits: 4.052, size: 18026, queued_as: D8FAAE0666, 1214 ms
Oct 17 06:30:27 smtp postfix/smtp[62252]: 4E0E7E04E2: to=<me at mydomain.tld>, relay=127.0.0.1[127.0.0.1]:10024, delay=453, delays=451/0.01/0.01/1.2, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as D8FAAE0666)
Oct 17 06:30:27 smtp postfix/qmgr[54022]: 4E0E7E04E2: removed
Oct 17 06:30:28 smtp postfix/smtp[62256]: D8FAAE0666: to=<me at mydomain.tld>, relay=172.16.1.129[172.16.1.129]:25, delay=0.14, delays=0.02/0/0/0.11, dsn=2.6.0, status=sent (250 2.6.0  <5DBTMTXL8DKA6YXAOC at localhost.localdomain> Queued mail for delivery)
Oct 17 06:30:28 smtp postfix/qmgr[54022]: D8FAAE0666: removed

...and the mail gets delivered successfully.

Google didn't turn up anything useful on why amavis dies and I've checked
my configuration but I can't find anything obvious that is wrong.  I guess
it all comes down to that I don't know how to interpret these error messages.

So, can someone explain to me what's going on and tell me if I should be
worried or not?  :-)

My configuration is quite simple. I've attached it below for reference.

## Postconf -n from Postfix:

command_directory = /usr/local/sbin
config_directory = /usr/local/etc/postfix
content_filter = smtp-amavis:[127.0.0.1]:10024
daemon_directory = /usr/local/libexec/postfix
data_directory = /var/db/postfix
debug_peer_level = 2
disable_vrfy_command = yes
html_directory = /usr/local/share/doc/postfix
local_recipient_maps = 
local_transport = error:local mail delivery is disabled
mail_owner = postfix
mailq_path = /usr/local/bin/mailq
manpage_directory = /usr/local/man
message_size_limit = 40960000
mydestination = 
mydomain = mydomain.tld
myhostname = smtp.mydomain.tld
mynetworks = 127.0.0.0/8, 172.16.1.129/32
mynetworks_style = host
myorigin = $mydomain
newaliases_path = /usr/local/bin/newaliases
parent_domain_matches_subdomains = debug_peer_list	smtpd_access_maps
postscreen_dnsbl_action = enforce
postscreen_dnsbl_sites = zen.spamhaus.org	bl.spamcop.net
postscreen_greet_action = enforce
queue_directory = /var/spool/postfix
readme_directory = /usr/local/share/doc/postfix
relay_domains = hash:/usr/local/etc/postfix/relay_domains
relay_recipient_maps = hash:/usr/local/etc/postfix/relay_recipients
sample_directory = /usr/local/etc/postfix
sendmail_path = /usr/local/sbin/sendmail
setgid_group = maildrop
smtpd_banner = $myhostname ESMTP $mail_name
smtpd_data_restrictions = reject_unauth_pipelining
smtpd_helo_required = yes
smtpd_recipient_restrictions = reject_invalid_hostname	reject_non_fqdn_hostname	reject_non_fqdn_sender	reject_non_fqdn_recipient	reject_unknown_sender_domain	reject_unknown_recipient_domain	permit_mynetworks	reject_unauth_destination	check_helo_access hash:/usr/local/etc/postfix/helo_checks
transport_maps = hash:/usr/local/etc/postfix/transport
unknown_local_recipient_reject_code = 550

## amavis stuff from master.cf:

smtp-amavis unix -       -       n       -       2       smtp
  -o smtp_data_done_timeout=1200
  -o smtp_send_xforward_command=yes
  -o smtp_tls_note_starttls_offer=no

127.0.0.1:10025 inet n   -       n       -       -       smtpd
  -o content_filter=
  -o smtpd_delay_reject=no
  -o smtpd_client_restrictions=permit_mynetworks,reject
  -o smtpd_helo_restrictions=
  -o smtpd_sender_restrictions=
  -o smtpd_recipient_restrictions=permit_mynetworks,reject
  -o smtpd_data_restrictions=reject_unauth_pipelining
  -o smtpd_end_of_data_restrictions=
  -o smtpd_restriction_classes=
  -o mynetworks=127.0.0.0/8
  -o smtpd_error_sleep_time=0
  -o smtpd_soft_error_limit=1001
  -o smtpd_hard_error_limit=1000
  -o smtpd_client_connection_count_limit=0
  -o smtpd_client_connection_rate_limit=0
  -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_milters
  -o local_header_rewrite_clients=
  -o smtpd_milters=
  -o local_recipient_maps=
  -o relay_recipient_maps=

## What I've changed in amavisd.conf:

diff -u amavisd.conf-dist amavisd.conf
--- amavisd.conf-dist	2011-08-22 22:51:32.000000000 +0200
+++ amavisd.conf	2011-10-13 12:50:17.000000000 +0200
@@ -17,7 +17,7 @@
 $daemon_user  = 'vscan';     # (no default;  customary: vscan or amavis), -u
 $daemon_group = 'vscan';     # (no default;  customary: vscan or amavis), -g
 
-$mydomain = 'example.com';   # a convenient default for other settings
+$mydomain = 'mydomain.tld';   # a convenient default for other settings
 
 # $MYHOME = '/var/amavis';   # a convenient default for other settings, -H
 $TEMPBASE = "$MYHOME/tmp";   # working directory, needs to exist, -T
@@ -46,7 +46,7 @@
 $enable_dkim_verification = 1;  # enable DKIM signatures verification
 $enable_dkim_signing = 1;    # load DKIM signing code, keys defined by dkim_key
 
- at local_domains_maps = ( [".$mydomain"] );  # list of all local domains
+ at local_domains_maps = read_hash("/usr/local/etc/postfix/relay_domains"); 
 
 @mynetworks = qw( 127.0.0.0/8 [::1] [FE80::]/10 [FEC0::]/10
                   10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 );
@@ -90,9 +90,9 @@
   auth_required_release => 0,  # do not require secret_id for amavisd-release
 };
 
-$sa_tag_level_deflt  = 2.0;  # add spam info headers if at, or above that level
-$sa_tag2_level_deflt = 6.2;  # add 'spam detected' headers at that level
-$sa_kill_level_deflt = 6.9;  # triggers spam evasive actions (e.g. blocks mail)
+$sa_tag_level_deflt  = undef;  # add spam info headers if at, or above that level
+$sa_tag2_level_deflt = 5.0;  # add 'spam detected' headers at that level
+$sa_kill_level_deflt = 6.0;  # triggers spam evasive actions (e.g. blocks mail)
 $sa_dsn_cutoff_level = 10;   # spam level beyond which a DSN is not sent
 $sa_crediblefrom_dsn_cutoff_level = 18; # likewise, but for a likely valid From
 # $sa_quarantine_cutoff_level = 25; # spam level beyond which quarantine is off
@@ -112,11 +112,11 @@
 # $timestamp_fmt_mysql = 1; # if using MySQL *and* msgs.time_iso is TIMESTAMP;
 #   defaults to 0, which is good for non-MySQL or if msgs.time_iso is CHAR(16)
 
-$virus_admin               = "virusalert\@$mydomain";  # notifications recip.
+$virus_admin               = "it\@$mydomain";  # notifications recip.
 
-$mailfrom_notify_admin     = "virusalert\@$mydomain";  # notifications sender
-$mailfrom_notify_recip     = "virusalert\@$mydomain";  # notifications sender
-$mailfrom_notify_spamadmin = "spam.police\@$mydomain"; # notifications sender
+$mailfrom_notify_admin     = "it\@$mydomain";  # notifications sender
+$mailfrom_notify_recip     = "it\@$mydomain";  # notifications sender
+$mailfrom_notify_spamadmin = "it\@$mydomain"; # notifications sender
 $mailfrom_to_quarantine = ''; # null return path; uses original sender if undef
 
 @addr_extension_virus_maps      = ('virus');
@@ -145,14 +145,14 @@
 
 # OTHER MORE COMMON SETTINGS (defaults may suffice):
 
-# $myhostname = 'host.example.com';  # must be a fully-qualified domain name!
+$myhostname = 'smtp.mydomain.tld';  # must be a fully-qualified domain name!
 
 # $notify_method  = 'smtp:[127.0.0.1]:10025';
 # $forward_method = 'smtp:[127.0.0.1]:10025';  # set to undef with milter!
 
 # $final_virus_destiny      = D_DISCARD;
 # $final_banned_destiny     = D_DISCARD;
-# $final_spam_destiny       = D_PASS;  #!!!  D_DISCARD / D_REJECT
+$final_spam_destiny       = D_DISCARD;  #!!!  D_DISCARD / D_REJECT
 # $final_bad_header_destiny = D_PASS;
 # $bad_header_quarantine_method = undef;
 
@@ -371,10 +371,10 @@
 # settings for the SAVAPI3.conf: ArchiveScan=1, HeurLevel=2, MailboxScan=1
 
 # ### http://www.clamav.net/
-# ['ClamAV-clamd',
-#   \&ask_daemon, ["CONTSCAN {}\n", "/var/run/clamav/clamd.sock"],
-#   qr/\bOK$/m, qr/\bFOUND$/m,
-#   qr/^.*?: (?!Infected Archive)(.*) FOUND$/m ],
+['ClamAV-clamd',
+  \&ask_daemon, ["CONTSCAN {}\n", "/var/run/clamav/clamd.sock"],
+  qr/\bOK$/m, qr/\bFOUND$/m,
+  qr/^.*?: (?!Infected Archive)(.*) FOUND$/m ],
 # # NOTE: run clamd under the same user as amavisd, or run it under its own
 # #   uid such as clamav, add user clamav to the amavis group, and then add
 # #   AllowSupplementaryGroups to clamd.conf;

-- 
Joel

More information about the amavis-users mailing list