Service Router Error, No incoming Mails

[tuxman]

Hi community,

i have trouble with Scalix on Fedora Core 4 (i386)
the Service Router is aborted

omstat -s

Service Router Aborted 10:16:37 5
Local Delivery Started 10:16:37 0
Internet Mail Gateway Started 10:16:37 0
Sendmail Interface Started 10:16:37 0
Local Client Interface Enabled 10:16:37 0
Remote Client Interface Enabled 10:16:37 1
Test Server Started 10:16:37 0
Request Server Started 10:16:37 0
Print Server Started 10:16:37 0
Directory Synchronization Started 10:16:37 0
Bulletin Board Server Started 10:16:37 0
Background Search Service Started 10:16:37 0
Dump Server Started 10:16:37 0
CDA Server Started 10:16:37 0
POP3 interface Started 10:16:37 0
Omscan Server Started 10:16:37 0
Archiver Started 10:16:37 0

System Environment:
FC4 (Kernel 2.6.16)
Scalix 10.0.1
apache 2
clamd
amavisd-new
amavisd-milter (self compiled sources)
spamassassin
spamassassin-milter

Logfile /var/opt/scalix/logs/fatal

Code: Select all

ERROR                   Service Router(Service Router) Thu Jun  8 10:16:38 2006
[OM 5181] Reply timed out or invalid - Mapper protocol problem.
Command sent: <none - expect greeting reply>
Reply received: 503 "ClamAV" cannot scan Scalix-owned file Can't parse the configuration file.
Pid of logging process: 31338


ERROR                   Service Router(Service Router) Thu Jun  8 10:16:38 2006
[OM 5181] Reply timed out or invalid - Mapper protocol problem.
Command sent: QUIT Please Close This Session
Reply received: 220 Virus Scanning Client Ready
Pid of logging process: 31338


ERROR                   Service Router(Service Router) Thu Jun  8 10:16:38 2006
[OM 5183] A Mapper error has been detected.
Pid of logging process: 31338


SERIOUS ERROR           Service Router(Service Router) Thu Jun  8 10:16:38 2006
[OM 5183] A Mapper error has been detected.
Pid of logging process: 31338


the clamav config file is: /etc/clamd.d/scalix.conf

ls -l /etc/clamd.d/

Code: Select all

insgesamt 32
-rw-r--r--  1 root root  528 25. Apr 21:44 amavisd.conf
-rw-r--r--  1 root root 4853  7. Jun 14:15 clamd.conf.org
-rw-r--r--  1 root root 8201  1. Mai 13:39 milter.conf
-rw-r--r--  1 root root 4853  8. Jun 09:57 scalix.conf


ps ax | grep clam

Code: Select all

30845 ?        Ss     0:00 clamd -c /etc/clamd.d/scalix.conf
30856 ?        Ss     0:00 clamd.amavisd -c /etc/clamd.d/amavisd.conf
 4618 pts/1    R+     0:00 grep clam


ls -l /var/opt/scalix/rules

Code: Select all

insgesamt 48
-rw-r--r--  1 root root   271  1. Jun 14:21 ALL-ROUTES
-rw-r--r--  1 root root    78  2. Jun 12:26 ALL-ROUTES.VIR
-rw-r--r--  1 root root    40  2. Jun 10:48 ndninfo.txt
-r-xr-xr-x  1 root root 35644  2. Jun 10:49 omvscan.map


????? where is the problem?

thanks

Torsten

[ScalixSupport]

http://www.scalix.com/community/viewtop ... pper+error

Cheers,

Sascha.

[tuxman]

hi sascha,

Thanks but this is not the problem!

groups clamav
clamav : clamav scalix amavis

NEW Message after "Service Router" Restart:
/var/opt/scalix/logs/fatal

ERROR Service Router(Service Router) Mon Jun 12 09:35:14 2006
[OM 5181] Reply timed out or invalid - Mapper protocol problem.
Command sent: <none - expect greeting reply>
Reply received: 503 "ClamAV" cannot scan Scalix-owned file
Pid of logging process: 21964


ERROR Service Router(Service Router) Mon Jun 12 09:35:14 2006
[SYS 32] Datenübergabe unterbrochen (broken pipe)
Pid of logging process: 21964
Current errno value: 32


SERIOUS ERROR Service Router(Service Router) Mon Jun 12 09:35:14 2006
[OM 5183] A Mapper error has been detected.
Pid of logging process: 21964
Current errno value: 4

[ScalixSupport]

Doch, ist es. Bitte lesen Sie das letzte Posting von Dave in dem thread.

You need to make sure the access permissions are correct. The error message ""ClamAV" cannot scan Scalix-owned file Can't parse the configuration file." indicates a permissions problem.

Gruss,

Sascha.

[tuxman]

ok, dann in deutsch weiter :-)

die Rechte passen, die Config kann auch gelesen werden, die Fehlermeldung ist weg steht nur noch das hier:

Reply received: 503 "ClamAV" cannot scan Scalix-owned file

Es hat ja auch schon ein Partner von Scalix aus Berlin ssh Zugriff auf den Scalix-Testserver der Hochschule, bislang auch ohne Erfolg.

[ScalixSupport]

Bitte posten Sie die beiden Zeilen aus /etc/passwd fuer den Scalix user und den clamav user.

Sascha.

[tuxman]

/etc/passwd

scalix:x:103:101:Scalix User:/var/opt/scalix:/bin/true
clamav:x:101:102:Clamav database update user:/var/lib/clamav:/sbin/nologin

Gruss
Torsten

[vovaodei]

Hallo Sascha,

ich beschäftige mich gerade mit dem Problem von Torsten.

Ich würde eher sagen, das Problem liegt woanders:

Code: Select all

ERROR                  Service Router(Service Router) Mon Jun 12 12:46:04 2006
[SYS 32] Datenübergabe unterbrochen (broken pipe)
Pid of logging process: 11178
Current errno value: 32


Kannst Du den Fehler identifizieren?

Bei den Rechten stimmt alles..

Grüße

Vladimirs Vecgailis

---
Heinlein Professional Linux Support GmbH
Akademie: Linux - Support - Hosting
http://www.heinlein-support.de
Tel: +49 (30) 40 50 51 - 0
Fax: +49 (30) 40 50 51 - 19

[ScalixSupport]

/etc/passwd

scalix:x:103:101:Scalix User:/var/opt/scalix:/bin/true
clamav:x:101:102:Clamav database update user:/var/lib/clamav:/sbin/nologin

Gruss
Torsten

Please make the clamav user member of the scalix group.

Code: Select all

scalix:x:103:101:Scalix User:/var/opt/scalix:/bin/true
clamav:x:101:101:Clamav database update user:/var/lib/clamav:/sbin/nologin


Thanks,

Sascha.

[vovaodei]

Whether i set the primary group of the user "clamav" to the group "scalix"(101) or not, makes no sense; the user "clamav" is already a member of group scalix -

/etc/group
---
scalix:x:101:clamav
---

Sasha, can you identify the error

Code: Select all

ERROR                  Service Router(Service Router) Mon Jun 12 12:46:04 2006
[SYS 32] Datenübergabe unterbrochen (broken pipe)
Pid of logging process: 11178
Current errno value: 32


?

Cheers

Vladimirs.

---

Das umändern der primären Gruppe des "clamav"-Users zu "scalix"(101) bringt nichts; ausserdem ist der "clamav"-User schon in der Scalix-Gruppe -

/etc/group
---
scalix:x:101:clamav
---


Grüße

[ScalixSupport]

Please su to clamav and ls -al /var/lib/clamav

Thanks,

Sascha.

[vovaodei]

Well, if i set the shell of the clamav-user to something like "/bin/bash" instead of
"/bin/nologin" then i can "su clamav" withoud any problem and the output shows as:

Code: Select all

[root@prometheus logs]# su clamav
bash-3.00$ ls -la /var/lib/clamav/
insgesamt 9140
drwxr-xr-x   2 clamav clamav    4096  6. Jun 17:15 .
drwxr-xr-x  16 root   root      4096  1. Jun 13:04 ..
-rw-r--r--   1 clamav clamav 1138388  6. Jun 17:15 daily.cvd
-rw-r--r--   1 clamav clamav  284299 28. Apr 19:04 daily.cvd.rpmsave
-rw-r--r--   1 clamav clamav 3950054  1. Mai 13:39 main.cvd
-rw-r--r--   1 clamav clamav 3950054 23. Apr 20:10 main.cvd.rpmsave
bash-3.00$ exit


---
but!

The permissions on the folder /var/run/clamav, that contains the clamd-socket(with 775 and owned by clamav:scalix) were set wrong - 770 and owned by clamav:clamav.

I corrected them to 775 and everything succeeded!


---

Auch das zweite Problem gelöst - (clamav-will-scalix-gruppe-als-primäre-gruppe-haben)
damit clamav mit scalix zusammenarbeitet, *muss* seine shell zumindest auf "/bin/false" gesetzt werden;
mit "/bin/nologin" geht es nicht.

Bei Suse wird clamav mit "/bin/false" vom Werk ausgestattet, bei RedHat ist es wohl anders... :roll:

[les]

but!

The permissions on the folder /var/run/clamav, that contains the clamd-socket(with 775 and owned by clamav:scalix) were set wrong - 770 and owned by clamav:clamav.

I corrected them to 775 and everything succeeded!

While that has fixed your problem, its not the correct way to do it, and future upgrades of clamav are likely to reset permissions on those directories and render your service router unable to start.

The correct way to resolve this (and it only seems necessary since clamav-0.90) is......

as per normal the clamav user must belong to the scalix group.

You must also enable "AllowSupplementaryGroups yes" in your /etc/clamd.conf

This allows clamav to use group based permissions which have been setup....i.e. by default clamav runs as clamav. By adding it to the scalix group and setting the supplemental groups directive you allow it to use those group permissions, without giving too much "power" to the scalix user.
Its obviously a tighter security change in clamav.