Hello,

We have the problem that in all email on the server the header is missed. Only email text is mail files.We use Qmail and Spamdyke. Is anything in rules chamged that could cuase something?

Thanks in advance.

Best regards,
Mike

We found what caused this. It was latest ASL kernel that we updated yesterday with kmod-dazuko.

Was the kernel not properly tested? We have had today over 100 angry business customers because important mails useless was.

Theres nothing in the kernel that can strip out headers from emails. Could you elaborate as to what in the kernel you believe was causing your email server to remove headers?

I thought too that kernel have nothing to do with mail headers and after many hours trying various things we did reboot with old kernel and mail headers was again there. I have no explanation why or what happened. It sounds crazy but it is so. I have no reason to lie here. I'm stressed out enough with angry customers on the phone and email.

Could you elaborate why headers was striped immediatelly after kernal update and no more striped after reboot with old kernel?

I feel your pain, and we are here to help. I have a hunch whats happening, and if you can answer the questions below I'm sure we can figure this out.

I believe you said you were running the dazuko module, could you tell us what directories you configured dazuko to monitor?

Also, have you checked your mail servers error logs, and what errors do you see from your mail server?

Do you see any errors for your system logs when this was occurring, and what are those errors?



Thats just it, the kernel doesnt have the capability to do this, so you're not crazy - its actually not the kernel, so this ha to be a correlative issue, not causational. As theres nothing in any Linux kernel that can or will open an email message and remove the headers, we can rule that out as the cause. But since its related, then this is likely because of a feature thats only available with that kernel, or its a module thats only available in that kernel. Now, this is just a hunch, but I bet this is a case where a component is crashing or failing and thats causing your headers to get mangled. As you said, this appears to only occur for you when you either run a secure kernel like the ASL kernel, or when you have certain kernel modules loaded.

If thats true, then I suspect this is either a bug in some mail server application, or a configuration problem with a kernel feature. It may be that your mail scanner is either doing something either insecurely (unlikely, but the logs will tell us if thats true) that its prevented from doing, it has a bug in it and its dying/crashing, or you have something configured on your system such as dazuko that is creating a conflict with whatever your mail scanner is doing.

This is all a guess, so if you could answer the questions then we'll have a real handle on this.

/var/www/
/home
/tmp

But we switched off Dazuko in ASL-GUI to see if it help but not helped until reboot with old kernel.



Yes we checked in real time on nothng was there. This was first what we did.



Yes the same as above. Nothing was there.

We switched off Spamdyke too see if it help but without success.



No. It appears with the latest ASL kernel (2.6.32.43-6.art.x86_64). With previous ASL kernel (2.6.32.28-1.art.x86_64) it's all OK. We talk about ASL 3.0 and ASL kernel that we use since we have ASL. We have Dazuko loaded with both kernel versions.

Also I don't understand what you exactly mean. It is default ASL setup and Dazuko was recommend by Scott after one hosting was hacked. ASL kernel is used since we bought ASL. We did nothing specially different or running something additional side by side with ASL and we follow strictly instructions on ASL website or from forums here. We switched off Dazuko, ClamAV and at the end all ASL modules in ASL-GUI to see if it help but without success. Then we did reboot to the previous ASL Kernel and this helped. Header was again inside mails. Thereafter we switched on Spamdyke and ASL modules + Dazuko in ASL-GUI and all worked fine again. As we see it's all the same and only ASL kernel is different.

With 2.6.32.28-1.art.x86_64 works all fine but with 2.6.32.43-6.art.x86_64 occur this issue with mail headers.

We are not pros as you but this is our experience after booting with new ASL kernel. We didn'n other changes on the system.

So if I understand you correctly, there were zero errors on the system when this was occurring, and your mail server happily delivered these email messages with no headers, correct?

With out a doubt, I have never heard of that occurring so something truly unique must be happening with your system. I know the support team asked if they could log into your system Friday, and they have not heard back from you. If you could provide them with access we'll take a look at your logs to see what may have been happening with your mail server.

So we figured out what this was. It turns out this is a pretty major bug in 4PSAs Clean Server on all Linux kernels and does not involve anything we do to the kernel. We tested this on a stock Redhat 6 and Centos 6 system, without ASL, and Clean Server mangles the email. So, its not the ASL kernel, its ALL modern kernels.

So, to repeat, this happens on ALL non-ASL modern kernels too, this is not a kernel problem, its a problem in 4PSAs product. We can see it putting headers at the bottom of the email, which the mail server is apparently just mangling.

Whatever 4PSA is doing, it just doesnt work on a modern kernel, and we use modern kernels in ASL. If you want to use 4PSAs product, and they wont fix this, then you will have to use an older kernel, such as an older ASL kernel, and whatever you do, don't upgrade to Centos or Redhat 6.

With that said, I'm sure 4PSA would like to fix this, so we highly recommend you report this to 4PSA. If they have a newer version of their product maybe that will solve the problem, but the version of their product you are using isnt going to work correctly on any system using a modern kernel, like a plain old RHEL/Centos 6 system, and I'm sure 4PSA would like to fix that.

Did anyone get a reply from 4PSA? We just updated the kernel on one of our machines and got the same thing happening (Plesk8 - Centos 5.6) - i have contacted 4PSA but would be good to know if the other users that experienced this got any fixes?

Ok, I have contacted 4PSA and they have been looking into this, this is the latest reply i have got from them:




Is this anything that can be sorted in the ASL kernel?

Thats a bug that was fixed back in 2009, its already in the ASL kernel (years ago in fact).

Mike, Thanks - ill pass that information on to them.

If anybody wants it i have a binary for cleanserver that works with the latest asl kernel, this is for centos5.6 but should be ok on 32bit and 64bit so im told (we are using it on 64bit)

# file /usr/bin/livecserver
/usr/bin/livecserver: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), for GNU/Linux 2.6.8, dynamically linked (uses shared libs), for GNU/Linux 2.6.8, not stripped

# ldd /usr/bin/livecserver
linux-gate.so.1 => (0xe2a5c000)
libm.so.6 => /lib/libm.so.6 (0xe2a23000)
libcrypt.so.1 => /lib/libcrypt.so.1 (0xe29f1000)
libz.so.1 => /usr/lib/libz.so.1 (0xe29de000)
libc.so.6 => /lib/libc.so.6 (0xe2885000)
/lib/ld-linux.so.2 (0xe2a5d000)

So probably be ok on other OSes looking at that output.

Surprise! Its not a kernel bug!

BTW, this same bug happened on the default non-ASL Centos 6 kernel, so its not even in our code, its a mainstream issue.