store | blogs | forums | twitter | facebook | wiki | downloads | support portal
Atomic Secure Linux
It is currently Sat Jul 26, 2014 3:06 am

» Feed - Atomicorp

All times are UTC - 5 hours [ DST ]




Post new topic Reply to topic  [ 6 posts ] 
Author Message
 Post subject: Spam assassin and Qmail Scanner issue after update to 2.2.5
Unread postPosted: Wed Mar 24, 2010 9:52 am 
Offline
Forum Regular
Forum Regular

Joined: Mon Apr 14, 2008 8:29 am
Posts: 299
Location: Rhode Island
After updating ossec and asl this morning i'm getting the following Ossec messages almost every minute. Anyone have a clue on what could have caused this.

OSSEC HIDS Notification.
2010 Mar 24 09:45:06

Received From: inet3170->/var/log/psa/maillog
Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the system."
Portion of the log(s):

Mar 24 09:45:05 inet3170 spamd[30589]: auto-whitelist: open of auto-whitelist file failed: locker: safe_lock: cannot create tmp lockfile /var/qmail/mailnames///.spamassassin/auto-whitelist.lock.inetxxxx.xxxxxxxx.com.30589 for /var/qmail/mailnames///.spamassassin/auto-whitelist.lock: No such file or directory



--END OF NOTIFICATION



OSSEC HIDS Notification.
2010 Mar 24 09:45:06

Received From: inet3170->/var/log/psa/maillog
Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the system."
Portion of the log(s):

Mar 24 09:45:05 inet3170 X-Qmail-Scanner-2.08st: [inetxxxx.xxxxxxx.com126943830179031522] Unable to close pipe to /var/qmail/bin/qmail-queue.orig [61] (#4.3.0) - Illegal seek



--END OF NOTIFICATION


Top
 Profile  
 
 Post subject: Re: Spam assassin and Qmail Scanner issue after update to 2.2.5
Unread postPosted: Wed Mar 24, 2010 11:03 am 
Offline
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin

Joined: Wed Dec 31, 1969 8:00 pm
Posts: 7871
Location: earth
That means that whatever user spamd is running as cant write to /var/qmail/mailnames///.spamassassin/


Top
 Profile  
 
 Post subject: Re: Spam assassin and Qmail Scanner issue after update to 2.2.5
Unread postPosted: Wed Mar 24, 2010 12:46 pm 
Offline
Forum Regular
Forum Regular

Joined: Mon Apr 14, 2008 8:29 am
Posts: 299
Location: Rhode Island
All i see is either popuser or root using spamd when running TOP command. what i don't understand is how this was not a problem before then after i updated asl and ossec this morning and now all of a sudden this is happening.

And not sure where to begin to fix it.


Top
 Profile  
 
 Post subject: Re: Spam assassin and Qmail Scanner issue after update to 2.2.5
Unread postPosted: Wed Mar 24, 2010 1:14 pm 
Offline
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin

Joined: Wed Dec 31, 1969 8:00 pm
Posts: 7871
Location: earth
Probably because it wasnt able to detect it before. ASL 2.2.5 & OSSEC 2.4 can detect mail events now (like smtp/pop/imap brute forcing). Previous versions couldnt parse the mail logs. This has probably been happening for a while, just wasnt being reported.


Top
 Profile  
 
 Post subject: Re: Spam assassin and Qmail Scanner issue after update to 2.2.5
Unread postPosted: Wed Mar 24, 2010 3:23 pm 
Offline
Forum Regular
Forum Regular

Joined: Mon Apr 14, 2008 8:29 am
Posts: 299
Location: Rhode Island
So good guess is to probably remove spamassassin and qmail-scanner and re-install them all or am i way off? But if i do that does'nt it remove the atomic-scanner also? not sure what order i should choose.


Top
 Profile  
 
 Post subject: Re: Spam assassin and Qmail Scanner issue after update to 2.2.5
Unread postPosted: Wed Mar 24, 2010 5:24 pm 
Offline
Long Time Forum Regular
Long Time Forum Regular

Joined: Sat Aug 20, 2005 9:30 am
Posts: 2812
Location: The Netherlands
That Illegal seek message is caused by a bug in Plesk's qmail. There is a patched qmail-queue here: http://forum.parallels.com/showpost.php ... stcount=51

If you're using qmail-scanner make sure you replace /var/qmail/bin/qmail-queue.orig with the patched version (and match that file's ownership and permissions) instead of /var/qmail/bin/qmail-queue.

_________________
Lemonbit Internet Dedicated Server Management


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 6 posts ] 

» Feed - Atomicorp

All times are UTC - 5 hours [ DST ]


Who is online

Users browsing this forum: No registered users and 2 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group