8.8.15 >=P20 & Amavis crash

Ask questions about your setup or get help installing ZCS server (ZD section below).
Post Reply
User avatar
manusfreedom
Posts: 5
Joined: Tue Feb 13, 2018 9:47 am

8.8.15 >=P20 & Amavis crash

Post by manusfreedom »

With this last update we encounter first bugs (since 2015).

On both MTA:
[*]amavis & antispam unable to start (crash, service state is not running) if SpamCop plugin is enable (/opt/zimbra/data/spamassassin/localrules/v310.pre):

Code: Select all

loadplugin Mail::SpamAssassin::Plugin::SpamCop

Code: Select all

Apr  6 17:13:23 frovhoctomta001 amavis[73957]: SA dbg: dcc: network tests on, registering DCC
Apr  6 17:13:23 frovhoctomta001 amavis[73957]: SA dbg: plugin: loading Mail::SpamAssassin::Plugin::Pyzor from @INC
Apr  6 17:13:23 frovhoctomta001 amavis[73957]: SA dbg: pyzor: network tests on, attempting Pyzor
Apr  6 17:13:23 frovhoctomta001 amavis[73957]: SA dbg: plugin: loading Mail::SpamAssassin::Plugin::Razor2 from @INC
Apr  6 17:13:23 frovhoctomta001 amavis[73957]: SA dbg: razor2: razor2 is available, version 2.84
Apr  6 17:13:23 frovhoctomta001 amavis[73957]: SA dbg: plugin: loading Mail::SpamAssassin::Plugin::SpamCop from @INC
Apr  6 17:13:52 frovhoctomta001 clamd[74106]: Received 0 file descriptor(s) from systemd.
Apr  6 17:13:52 frovhoctomta001 clamd[74106]: clamd daemon 0.102.2 (OS: linux-gnu, ARCH: x86_64, CPU: x86_64)
Apr  6 17:13:52 frovhoctomta001 clamd[74106]: Log file size limited to 20971520 bytes.
Apr  6 17:13:52 frovhoctomta001 clamd[74106]: Reading databases from /opt/zimbra/data/clamav/db
Apr  6 17:13:52 frovhoctomta001 clamd[74106]: Not loading PUA signatures.
[*]amavis child process crash after receive `RCPT TO`, if LDAP is enable in it (/opt/zimbra/conf/amavisd.conf.in):

Code: Select all

$enable_ldap = 1;

Code: Select all

Apr  6 17:30:50 mta001 amavis[90011]: (90011-01) lookup [local_domains] => undef, "myusername@mydomain.com" does not match
Apr  6 17:30:50 mta001 amavis[90011]: (90011-01) query_keys: myusername@mydomain.com, @mydomain.com, @.mydomain.com, mydomain.com, @.com, com, @.
Apr  6 17:30:50 mta001 amavis[90011]: (90011-01) lookup_sql sel_policy "myusername@mydomain.com", query args:
Apr  6 17:30:50 mta001 amavis[90011]: (90011-01) lookup_sql select: SELECT policy.id, policy_name as "Default", "Y" as virus_lover, "Y" as spam_lover, "Y" as banned_files_lover, "Y" as bad_header_lover, "N" as bypass_virus_checks, "N" as bypass_spam_checks, "N" as bypass_banned_checks, "N" as bypass_header_checks, 3.0 as spam_tag_level, 6.9 as spam_tag2_level, 999 as spam_kill_level, 0 FROM policy WHERE policy.id = 8
Apr  6 17:30:50 mta001 amavis[90011]: (90011-01) sql begin, nontransaction
Apr  6 17:30:50 mta001 amavis[90011]: (90011-01) Connecting to SQL database server
Apr  6 17:30:50 mta001 amavis[90011]: (90011-01) connect_to_sql: trying 'DBI:mysql:database=zimbra_antispam;host=mydbserver.mydomain.local;port=3306'
Apr  6 17:30:50 mta001 amavis[90011]: (90011-01) connect_to_sql: 'DBI:mysql:database=zimbra_antispam;host=mydbserver.mydomain.local;port=3306' succeeded
Apr  6 17:30:50 mta001 amavis[90011]: (90011-01) sql: preparing and executing (0 args): SELECT policy.id, policy_name as "Default", "Y" as virus_lover, "Y" as spam_lover, "Y" as banned_files_lover, "Y" as bad_header_lover, "N" as bypass_virus_checks, "N" as bypass_spam_checks, "N" as bypass_banned_checks, "N" as bypass_header_checks, 3.0 as spam_tag_level, 6.9 as spam_tag2_level, 999 as spam_kill_level, 0 FROM policy WHERE policy.id = 8
Apr  6 17:30:50 mta001 amavis[90011]: (90011-01) lookup_sql(myusername@mydomain.com) matches, result=(id=>"8", default=>"Default", virus_lover=>"Y", spam_lover=>"Y", banned_files_lover=>"Y", bad_header_lover=>"Y", bypass_virus_checks=>"N", bypass_spam_checks=>"N", bypass_banned_checks=>"N", bypass_header_checks=>"N", spam_tag_level=>"3.0", spam_tag2_level=>"6.9", spam_kill_level=>"999", 0=>"0")
Apr  6 17:30:50 mta001 amavis[90011]: (90011-01) lookup_sql_field(message_size_limit) rec=0, "myusername@mydomain.com" result: undef
Apr  6 17:30:50 mta001 amavis[90011]: (90011-01) lookup_sql_field, no such fields: message_size_limit
Apr  6 17:30:50 mta001 amavis[90011]: (90011-01) lookup [local_domains] => undef, "myusername@mydomain.com" does not match
Apr  6 17:30:50 mta001 amavis[90011]: (90011-01) query_keys: cached myusername@mydomain.com
Apr  6 17:30:50 mta001 amavis[90011]: (90011-01) lookup_ldap "myusername@mydomain.com", query keys: "myusername@mydomain.com", "@mydomain.com", "@.mydomain.com", "mydomain.com", "@.com", "com", "@.", base: , filter: (&(objectClass=amavisAccount)(zimbraMailStatus=enabled)(|(mail=%m)(zimbraDomainName=%m)))
Apr  6 17:30:50 mta001 amavis[90011]: (90011-01) ldap begin_work
Apr  6 17:30:50 mta001 amavis[90011]: (90011-01) Connecting to LDAP server
Apr  6 17:30:50 mta001 amavis[90011]: (90011-01) connect_to_ldap: trying ldaps://dcs002.mydomain.local:636, ldaps://dcs001.mydomain.local:636
Apr  6 17:31:01 mta001 amavis-services[89752]: PID 90011 went away, 90011-01
For LDAP, the Perl code used to connect LDAP work outer of Amavis.
Code where the problem comes. It's the `Net::LDAP->new` but for me and from my test outer of Amavis, it's ok :

Code: Select all

  my $self = $_[0];
  my($bind_err,$start_tls_err);
  do_log(3,"Connecting to LDAP server");
  my $hostlist = ref $self->{hostname} eq 'ARRAY' ?
                     join(", ",@{$self->{hostname}}) : $self->{hostname};
  do_log(4,"connect_to_ldap: trying %s", $hostlist);
  my $ldap = Net::LDAP->new($self->{hostname},
                            localaddr => $self->{localaddr},
                            port    => $self->{port},
                            scheme  => $self->{scheme},
                            version => $self->{version},
                            timeout => $self->{timeout},
                            keepalive => 1,  # since Net::LDAP 0.53
                        # remaining keepalive* options need Socket::Linux and a
                        # patch at [rt.cpan.org #83039], otherwise are ignored
                            keepalive_idle => 240,
                            keepalive_interval => 30,
                            keepalive_probe => 10,
                            );
  if (!$ldap) {  # connect failed
    do_log(-1,"connect_to_ldap: unable to connect to host %s", $hostlist);
  } else {
    do_log(3,"connect_to_ldap: connected to %s", $hostlist);
No log of these crashes (in zimbra, system,...).

Setup:
* Ubuntu 18.04
* Zimbra FOSS 8.8.15 P20 (from 8.8.15 P19)
* 2x LDAP (snmp, stats, ldap)
* 2x MTA (snmp, stats, opendkim, cbpolicyd, memcached, mta, proxy, amavis, antispam, antivirus)
* 2x MBX(snmp, stats, service, zimbra, zimbraAdmin, zimlet, mailbox, spell) (logger on one)
Last edited by manusfreedom on Fri Apr 30, 2021 8:57 am, edited 1 time in total.
User avatar
manusfreedom
Posts: 5
Joined: Tue Feb 13, 2018 9:47 am

Re: 8.8.15 P20 & Amavis crash

Post by manusfreedom »

The problem still exists with the patch P21.
andrey.ivanov
Advanced member
Advanced member
Posts: 50
Joined: Wed Aug 08, 2018 8:44 am

Re: 8.8.15 >=P20 & Amavis crash

Post by andrey.ivanov »

Could be a problem of self-signed LDAP certificate?
User avatar
jholder
Ambassador
Ambassador
Posts: 4824
Joined: Fri Sep 12, 2014 10:00 pm

Re: 8.8.15 >=P20 & Amavis crash

Post by jholder »

Check dmesg
It's probably crashing for some reason and not related to certs.

Haven't seen this issue before, so it's not likely to be a bug. Check dmesg and /var/crash
Post Reply