OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
Re: 421 Service not available (Amavis)

From: El Neofito (elnuevopajaroyahoo.com)
Date: Sat Apr 26 2008 - 03:38:31 CDT

mouss wrote: >>show your master.cf and amavisd.conf. Below is my master.cf # # Postfix master process configuration file. For details on the format # of the file, see the Postfix master(5) manual page. # # ========================================================================== # service type private unpriv chroot wakeup maxproc command + args # (yes) (yes) (yes) (never) (100) # ========================================================================== smtp inet n - n - 10 smtpd -o content_filter=smtp:[127.0.0.1]:10024 #submission inet n - n - - smtpd # -o smtpd_etrn_restrictions=reject # -o smtpd_client_restrictions=permit_sasl_authenticated,reject #smtps inet n - n - 10 smtpd -o smtpd_tls_wrappermode=yes -o content_filter=smtp:[127.0.0.1]:10024 # -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes #submission inet n - n - - smtpd # -o smtpd_etrn_restrictions=reject # -o smtpd_enforce_tls=yes -o smtpd_sasl_auth_enable=yes #628 inet n - n - - qmqpd pickup fifo n - n 60 1 pickup cleanup unix n - n - 0 cleanup qmgr fifo n - n 300 1 qmgr #qmgr fifo n - n 300 1 oqmgr #tlsmgr unix - - n 1000? 1 tlsmgr rewrite unix - - n - - trivial-rewrite bounce unix - - n - 0 bounce defer unix - - n - 0 bounce trace unix - - n - 0 bounce verify unix - - n - 1 verify flush unix n - n 1000? 0 flush proxymap unix - - n - - proxymap smtp unix - - n - - smtp # When relaying mail as backup MX, disable fallback_relay to avoid MX loops relay unix - - n - - smtp -o fallback_relay= # -o smtp_helo_timeout=5 -o smtp_connect_timeout=5 showq unix n - n - - showq error unix - - n - - error discard unix - - n - - discard local unix - n n - - local virtual unix - n n - - virtual lmtp unix - - n - - lmtp anvil unix - - n - 1 anvil localhost:10025 inet n - n - - smtpd -o content_filter= -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks,no_address_mappings scache unix - - n - 1 scache # # ==================================================================== # Interfaces to non-Postfix software. Be sure to examine the manual # pages of the non-Postfix software to find out what options it wants. # # Many of the following services use the Postfix pipe(8) delivery # agent. See the pipe(8) man page for information about ${recipient} # and other message envelope options. # ==================================================================== # # maildrop. See the Postfix MAILDROP_README file for details. # Also specify in main.cf: maildrop_destination_recipient_limit=1 # maildrop unix - n n - - pipe flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient} cyrus unix - n n - - pipe user=cyrus argv=/usr/lib/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user} uucp unix - n n - - pipe flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient) ifmail unix - n n - - pipe flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient) bsmtp unix - n n - - pipe flags=Fq. user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient procmail unix - n n - - pipe flags=R user=nobody argv=/usr/bin/procmail -t -m /etc/procmailrc ${sender} ${recipient} retry unix - - n - - error #tlsmgr unix - - n 1000? 1 tlsmgr Below is my amavisd.conf # Sample amavisd.conf file for Maia Mailguard 1.0 use strict; $max_servers = 2; # number of pre-forked children (2..15 is common) $daemon_user = 'vscan'; # (no default; customary: vscan or amavis) $daemon_group = 'vscan'; # (no default; customary: vscan or amavis) $mydomain = 'fotohubmail.dyndns.org'; # a convenient default for other settings $MYHOME = '/var/spool/amavis'; # a convenient default for other settings $TEMPBASE = "$MYHOME/tmp"; # working directory, needs to be created manually $ENV{TMPDIR} = $TEMPBASE; # environment variable TMPDIR $QUARANTINEDIR = '/var/virusmails'; # Blowfish encryption key file (optional) $key_file = "$MYHOME/maia.key"; # $daemon_chroot_dir = $MYHOME; # chroot directory or undef # $db_home = "$MYHOME/db"; # $helpers_home = "$MYHOME/var"; # prefer $MYHOME clean and owned by root? # $pid_file = "$MYHOME/var/amavisd.pid"; # $lock_file = "$MYHOME/var/amavisd.lock"; #NOTE: create directories $MYHOME/tmp, $MYHOME/var, $MYHOME/db manually local_domains_maps = ( [".$mydomain"] ); # mynetworks = qw( 127.0.0.0/8 ); $log_level = 5; # verbosity 0..5 $log_recip_templ = undef; # disable by-recipient level-0 log entries $LOGFILE = "$MYHOME/amavis.log"; $DO_SYSLOG = 0; # log via syslogd (preferred) $SYSLOG_LEVEL = 'mail.debug'; $enable_db = 1; # enable use of BerkeleyDB/libdb (SNMP and nanny) $enable_global_cache = 1; # enable use of libdb-based cache if $enable_db=1 $inet_socket_port = 10024; # listen on this local TCP port(s) (see $protocol) $sa_tag_level_deflt = -999; # add spam info headers if at, or above that level $sa_tag2_level_deflt = 5.0; # add 'spam detected' headers at that level $sa_kill_level_deflt = 5.0; # triggers spam evasive actions $sa_dsn_cutoff_level = 10; # spam level beyond which a DSN is not sent $sa_mail_body_size_limit = 256*1024; # don't waste time on SA if mail is larger $sa_local_tests_only = 0; # only tests which do not require internet access? $sa_auto_whitelist = 0; # turn on AWL in SA 2.63 or older (irrelevant # for SA 3.0, cf option is 'use_auto_whitelist') lookup_sql_dsn = ( ['DBI:mysql:maia:localhost', 'root', 'how2remember'] ); #$virus_admin = undef; # notifications recip. $mailfrom_notify_admin = "virusalert\$mydomain"; # notifications sender $mailfrom_notify_recip = "virusalert\$mydomain"; # notifications sender $mailfrom_notify_spamadmin = "spam.police\$mydomain"; # notifications sender $mailfrom_to_quarantine = ''; # null return path; uses original sender if undef #addr_extension_virus_maps = ('virus'); #addr_extension_spam_maps = ('spam'); #addr_extension_banned_maps = ('banned'); #addr_extension_bad_header_maps = ('badh'); # $recipient_delimiter = '+'; # undef disables address extensions altogether # when enabling addr extensions do also Postfix/main.cf: recipient_delimiter=+ $recipient_delimiter = undef; $path = '/usr/local/sbin:/usr/local/bin:/usr/sbin:/sbin:/usr/bin:/bin'; $file = '/usr/bin/file'; # file(1) utility; use recent versions $gzip = 'gzip'; $bzip2 = 'bzip2'; $lzop = 'lzop'; $rpm2cpio = ['rpm2cpio.pl','rpm2cpio']; $cabextract = 'cabextract'; $uncompress = ['uncompress', 'gzip -d', 'zcat']; $unfreeze = ['unfreeze', 'freeze -d', 'melt', 'fcat']; $arc = ['nomarch', 'arc']; $unarj = ['arj', 'unarj']; #$unrar = ['rar', 'unrar']; $zoo = 'zoo'; $lha = 'lha'; $cpio = ['gcpio','cpio']; $ar = 'ar'; $dspam = 'dspam'; $MAXLEVELS = 14; $MAXFILES = 1500; $MIN_EXPANSION_QUOTA = 100*1024; # bytes (default undef, not enforced) $MAX_EXPANSION_QUOTA = 300*1024*1024; # bytes (default undef, not enforced) $sa_spam_subject_tag = '***SPAM*** '; $defang_virus = 1; # MIME-wrap passed infected mail $defang_banned = 1; # MIME-wrap passed mail containing banned name $myhostname = 'fotohubmail.dyndns.org'; # must be a fully-qualified domain name! $notify_method = 'smtp:[127.0.0.1]:10025'; $forward_method = 'smtp:[127.0.0.1]:10025'; # set to undef with milter! $final_virus_destiny = D_DISCARD; $final_banned_destiny = D_DISCARD; $final_spam_destiny = D_DISCARD; $final_bad_header_destiny = D_DISCARD; $X_HEADER_TAG = 'X-Virus-Scanned'; $X_HEADER_LINE = "Maia Mailguard 1.0.0"; viruses_that_fake_sender_maps = (new_RE( [qr'\bEICAR\b'i => 0], # av test pattern name [qr'^(WM97|OF97|Joke\.)'i => 0], # adjust names to match your AV scanner [qr/.*/ => 1], # true for everything else )); keep_decoded_original_maps = (new_RE( # qr'^MAIL$', # retain full original message for virus checking (can be slow) qr'^MAIL-UNDECIPHERABLE$', # recheck full mail if it contains undecipherables qr'^(ASCII(?! cpio)|text|uuencoded|xxencoded|binhex)'i, # qr'^Zip archive data', # don't trust Archive::Zip )); $banned_filename_re = new_RE( # qr'^UNDECIPHERABLE$', # is or contains any undecipherable components # block certain double extensions anywhere in the base name qr'\.[^./]*\.(exe|vbs|pif|scr|bat|cmd|com|cpl|dll)\.?$'i, # qr'[{}]', # curly braces in names (serve as Class ID extensions - CLSID) qr'^application/x-msdownload$'i, # block these MIME types qr'^application/x-msdos-program$'i, qr'^application/hta$'i, qr'^message/partial$'i, qr'^message/external-body$'i, # rfc2046 MIME types # [ qr'^\.(Z|gz|bz2)$' => 0 ], # allow any type in Unix-compressed # [ qr'^\.(rpm|cpio|tar)$' => 0 ], # allow any type in Unix archives # [ qr'^\.(zip|rar|arc|arj|zoo)$'=> 0 ], # allow any type within such archives # qr'.\.(exe|vbs|pif|scr|bat|cmd|com|cpl)$'i, # banned extension - basic qr'.\.(ade|adp|app|bas|bat|chm|cmd|com|cpl|crt|exe|fxp|hlp|hta|inf|ins|isp| js|jse|lnk|mda|mdb|mde|mdw|mdt|mdz|msc|msi|msp|mst|ops|pcd|pif|prg| reg|scr|sct|shb|shs|vb|vbe|vbs|wsc|wsf|wsh)$'ix, # banned ext - long # qr'.\.(mim|b64|bhx|hqx|xxe|uu|uue)$'i, # banned extension - WinZip vulnerab. qr'^\.(exe-ms)$', # banned file(1) types qr'^\.(exe|lha|tnef|cab|dll)$', # banned file(1) types ); score_sender_maps = ({}); # should be empty if using Maia Mailguard # See http://secure.renaissoft.com/maia/wiki/VirusScannerConfig # for more virus scanner definitions. av_scanners = ( ### http://www.clamav.net/ ['ClamAV-clamd', \&ask_daemon, ["CONTSCAN {}\n", "127.0.0.1:3310"], qr/\bOK$/, qr/\bFOUND$/, qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ], # NOTE: run clamd under the same user as amavisd; match the socket # name (LocalSocket) in clamav.conf to the socket name in this entry # When running chrooted one may prefer: ["CONTSCAN {}\n","$MYHOME/clamd"], ); # See http://secure.renaissoft.com/maia/wiki/VirusScannerConfig # for more virus scanner definitions. av_scanners_backup = ( ### http://www.clamav.net/ - backs up clamd or Mail::ClamAV ['ClamAV-clamscan', 'clamscan', "--stdout --disable-summary -r --tempdir=$TEMPBASE {}", [0], [1], qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ], ); 1; # insure a defined return Send instant messages to your online friends http://uk.messenger.yahoo.com