antispam and antivirus issues

Discuss your pilot or production implementation with other Zimbra admins or our engineers.
Post Reply
vignesh
Posts: 6
Joined: Mon Aug 20, 2018 6:33 pm

antispam and antivirus issues

Post by vignesh »

Hi,
I have zimbra 8.6 installed on my ubuntu server.
i am able to run all services on server except antispam and antivirus.
When i enable them and restart my amavisd service stops so i am unable to send or receive mails.
If i dont enable them i get a lot of spam mails in my distribution list.
Please help!
phoenix
Ambassador
Ambassador
Posts: 27272
Joined: Fri Sep 12, 2014 9:56 pm
Location: Liverpool, England

Re: antispam and antivirus issues

Post by phoenix »

You're going to have to give more information about this problem. Has this just happened? Have any changes been made to your server or ZCS recently? Have you looked in the log files to find out why the services are stopped and won't start? What steps have you taken too try and resolve this problem? You also should be on the most recent version of ZCS and you need to upgrade ASAP.
Regards

Bill

Rspamd: A high performance spamassassin replacement

Per ardua ad astra
vignesh
Posts: 6
Joined: Mon Aug 20, 2018 6:33 pm

Re: antispam and antivirus issues

Post by vignesh »

Hi,
This is not happened now, it happened may be 8 to 9 months back.
There was a sudden stop of mail server. so i did a restart where some of my files went missing. so i replaced files with my old backup and gave permissions and ownership to entire zimbra folder.
Then while restarting i was unable to start all services .
logs kept generating some error that port 10024 was being used.
After i removed anitspam antivirus services everything went normal.
phoenix
Ambassador
Ambassador
Posts: 27272
Joined: Fri Sep 12, 2014 9:56 pm
Location: Liverpool, England

Re: antispam and antivirus issues

Post by phoenix »

Why are you posting about a problem that happened 9 months ago? Your post also has the answer, port 10024 is already in use by something you've installed - you need to find what's using it and stop/ remove that product from your server, this is not a Zimbra problem.
Regards

Bill

Rspamd: A high performance spamassassin replacement

Per ardua ad astra
vignesh
Posts: 6
Joined: Mon Aug 20, 2018 6:33 pm

Re: antispam and antivirus issues

Post by vignesh »

i am facing the issue not too!
and amavis was using the port 10024 after removing antivirus and antispam services only it works.
now my inbox is flooded with spam mails mostly containing about s*x .
I am not able to block spam mails since these 2 services are down.
phoenix
Ambassador
Ambassador
Posts: 27272
Joined: Fri Sep 12, 2014 9:56 pm
Location: Liverpool, England

Re: antispam and antivirus issues

Post by phoenix »

I've already told you this, given the rather sparse information you've posted you appear to be saying that something is using port 10024 (other than the ZCS services) - you will have to find out what it is that's using that port and stop & disable it then restart the ZCS services.As I've already said, this does not appear to be a Zimbra problem if you're not prepared to debug the problem yourself then there's not much we can do as we're not mind readers.
Regards

Bill

Rspamd: A high performance spamassassin replacement

Per ardua ad astra
vignesh
Posts: 6
Joined: Mon Aug 20, 2018 6:33 pm

Re: antispam and antivirus issues

Post by vignesh »

The main error is
connect to 127.0.0.1[127.0.0.1]:10024: Connection refused
when antispam and antivirus filters enabled.

These are the services running :
netstat -lp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 *:sieve *:* LISTEN 11261/dovecot
tcp 0 0 *:7071 *:* LISTEN 4993/java
tcp 0 0 localhost:23232 *:* LISTEN 11192/perl
tcp 0 0 *:7072 *:* LISTEN 4993/java
tcp 0 0 localhost:23233 *:* LISTEN 11194/perl
tcp 0 0 *:imaps *:* LISTEN 5110/nginx.conf
tcp 0 0 *:pop3s *:* LISTEN 5110/nginx.conf
tcp 0 0 localhost:7171 *:* LISTEN 4055/java
tcp 0 0 *:7780 *:* LISTEN 5288/httpd
tcp 0 0 mail2.vtigress.com:ldap *:* LISTEN 4025/slapd
tcp 0 0 *:7110 *:* LISTEN 4993/java
tcp 0 0 *:7143 *:* LISTEN 4993/java
tcp 0 0 localhost:10663 *:* LISTEN 4663/zmlogger: zmrr
tcp 0 0 localhost:10025 *:* LISTEN 5513/master
tcp 0 0 localhost:7306 *:* LISTEN 4906/mysqld
tcp 0 0 localhost:mysql *:* LISTEN 9303/mysqld
tcp 0 0 localhost:10027 *:* LISTEN 5513/master
tcp 0 0 *:submission *:* LISTEN 5513/master
tcp 0 0 *:11211 *:* LISTEN 5094/memcached
tcp 0 0 localhost:10028 *:* LISTEN 5513/master
tcp 0 0 localhost:10029 *:* LISTEN 5513/master
tcp 0 0 localhost:10030 *:* LISTEN 5513/master
tcp 0 0 *:pop3 *:* LISTEN 5110/nginx.conf
tcp 0 0 *:imap2 *:* LISTEN 5110/nginx.conf
tcp 0 0 *:sunrpc *:* LISTEN 595/rpcbind
tcp 0 0 localhost:http-alt *:* LISTEN 4993/java
tcp 0 0 *:http *:* LISTEN 1763/apache2
tcp 0 0 *:urd *:* LISTEN 5513/master
tcp 0 0 localhost:8465 *:* LISTEN 5260/opendkim
tcp 0 0 *:7025 *:* LISTEN 4993/java
tcp 0 0 *:domain *:* LISTEN 932/dnsmasq
tcp 0 0 *:ssh *:* LISTEN 32651/sshd
tcp 0 0 *:smtp *:* LISTEN 5513/master
tcp 0 0 *:7993 *:* LISTEN 4993/java
tcp 0 0 *:https *:* LISTEN 5110/nginx.conf
tcp 0 0 *:7995 *:* LISTEN 4993/java
tcp 0 0 *:8443 *:* LISTEN 4993/java
tcp6 0 0 [::]:sieve [::]:* LISTEN 11261/dovecot
tcp6 0 0 [::]:11211 [::]:* LISTEN 5094/memcached
tcp6 0 0 [::]:sunrpc [::]:* LISTEN 595/rpcbind
tcp6 0 0 [::]:domain [::]:* LISTEN 932/dnsmasq
tcp6 0 0 [::]:ssh [::]:* LISTEN 32651/sshd
udp 0 0 *:11211 *:* 5094/memcached
udp 0 0 *:domain *:* 932/dnsmasq
udp 0 0 *:sunrpc *:* 595/rpcbind
udp 0 0 *:47663 *:* 4055/java
udp 0 0 *:614 *:* 595/rpcbind
udp6 0 0 [::]:11211 [::]:* 5094/memcached
udp6 0 0 [::]:domain [::]:* 932/dnsmasq
udp6 0 0 [::]:sunrpc [::]:* 595/rpcbind
udp6 0 0 [::]:614 [::]:* 595/rpcbind
Active UNIX domain sockets (only servers)
Proto RefCnt Flags Type State I-Node PID/Program name Path
unix 2 [ ACC ] STREAM LISTENING 805713163 9303/mysqld /var/run/mysqld/mysqld.sock
unix 2 [ ACC ] STREAM LISTENING 809984022 11261/dovecot /var/run/dovecot/login/sieve
unix 2 [ ACC ] STREAM LISTENING 10007 891/acpid /var/run/acpid.socket
unix 2 [ ACC ] STREAM LISTENING 809984024 11261/dovecot /var/run/dovecot/stats
unix 2 [ ACC ] STREAM LISTENING 809984027 10525/ssl-params /var/run/dovecot/ssl-params
unix 2 [ ACC ] STREAM LISTENING 809984029 10525/ssl-params /var/run/dovecot/login/ssl-params
unix 2 [ ACC ] STREAM LISTENING 809984031 11261/dovecot /var/run/dovecot/replicator
unix 2 [ ACC ] STREAM LISTENING 809984033 11261/dovecot /var/run/dovecot/replication-notify
unix 2 [ ACC ] STREAM LISTENING 809984036 11261/dovecot /var/run/dovecot/log-errors
unix 2 [ ACC ] STREAM LISTENING 809984038 11261/dovecot /var/run/dovecot/ipc
unix 2 [ ACC ] STREAM LISTENING 809984040 11261/dovecot /var/run/dovecot/login/ipc-proxy
unix 2 [ ACC ] STREAM LISTENING 809984042 11261/dovecot /var/run/dovecot/indexer-worker
unix 2 [ ACC ] STREAM LISTENING 809984044 11261/dovecot /var/run/dovecot/indexer
unix 2 [ ACC ] STREAM LISTENING 809984046 11261/dovecot /var/run/dovecot/doveadm-server
unix 2 [ ACC ] STREAM LISTENING 809984048 11261/dovecot /var/run/dovecot/dns-client
unix 2 [ ACC ] STREAM LISTENING 809984050 11261/dovecot /var/run/dovecot/director-admin
unix 2 [ ACC ] STREAM LISTENING 809984052 11261/dovecot /var/run/dovecot/director-userdb
unix 2 [ ACC ] STREAM LISTENING 909887785 5513/master private/scan
unix 2 [ ACC ] STREAM LISTENING 909887203 4993/java /tmp/.java_pid4993.tmp
unix 2 [ ACC ] STREAM LISTENING 909887788 5513/master public/pickup
unix 2 [ ACC ] STREAM LISTENING 809984054 11261/dovecot /var/run/dovecot/dict
unix 2 [ ACC ] STREAM LISTENING 909887792 5513/master public/cleanup
unix 2 [ ACC ] STREAM LISTENING 9527 595/rpcbind /run/rpcbind.sock
unix 2 [ ACC ] STREAM LISTENING 909927916 11192/perl /opt/zimbra/data/tmp/amavisd-zmq.sock
unix 2 [ ACC ] STREAM LISTENING 909887795 5513/master public/qmgr
unix 2 [ ACC ] STREAM LISTENING 809984056 9208/config /var/run/dovecot/config
unix 2 [ ACC ] STREAM LISTENING 909887799 5513/master private/tlsmgr
unix 2 [ ACC ] STREAM LISTENING 909867957 4025/slapd /opt/zimbra/data/ldap/state/run/ldapi
unix 2 [ ACC ] STREAM LISTENING 909887802 5513/master private/rewrite
unix 2 [ ACC ] STREAM LISTENING 809984058 11261/dovecot /var/run/dovecot/login/login
unix 2 [ ACC ] STREAM LISTENING 909887805 5513/master private/bounce
unix 2 [ ACC ] STREAM LISTENING 909887808 5513/master private/defer
unix 2 [ ACC ] STREAM LISTENING 809984060 11261/dovecot /var/run/dovecot/token-login/tokenlogin
unix 2 [ ACC ] STREAM LISTENING 909887811 5513/master private/trace
unix 2 [ ACC ] STREAM LISTENING 909887814 5513/master private/verify
unix 2 [ ACC ] STREAM LISTENING 809984062 11261/dovecot /var/run/dovecot/auth-login
unix 2 [ ACC ] STREAM LISTENING 909887817 5513/master public/flush
unix 2 [ ACC ] STREAM LISTENING 909887820 5513/master private/proxymap
unix 2 [ ACC ] STREAM LISTENING 809984064 11261/dovecot /var/run/dovecot/auth-client
unix 2 [ ACC ] STREAM LISTENING 909887823 5513/master private/smtp
unix 2 [ ACC ] STREAM LISTENING 909887826 5513/master private/relay
unix 2 [ ACC ] STREAM LISTENING 809984066 11261/dovecot /var/run/dovecot/auth-userdb
unix 2 [ ACC ] STREAM LISTENING 909887829 5513/master public/showq
unix 2 [ ACC ] STREAM LISTENING 909887832 5513/master private/error
unix 2 [ ACC ] STREAM LISTENING 809984068 11261/dovecot /var/run/dovecot/auth-master
unix 2 [ ACC ] STREAM LISTENING 909887835 5513/master private/retry
unix 2 [ ACC ] STREAM LISTENING 909887838 5513/master private/discard
unix 2 [ ACC ] STREAM LISTENING 809984070 11261/dovecot /var/run/dovecot/auth-worker
unix 2 [ ACC ] STREAM LISTENING 909887841 5513/master private/local
unix 2 [ ACC ] STREAM LISTENING 909887844 5513/master private/virtual
unix 2 [ ACC ] STREAM LISTENING 909887847 5513/master private/lmtp
unix 2 [ ACC ] STREAM LISTENING 909887850 5513/master private/anvil
unix 2 [ ACC ] STREAM LISTENING 909887853 5513/master private/scache
unix 2 [ ACC ] STREAM LISTENING 909887856 5513/master private/maildrop
unix 2 [ ACC ] STREAM LISTENING 909887859 5513/master private/old-cyrus
unix 2 [ ACC ] STREAM LISTENING 909887862 5513/master private/cyrus
unix 2 [ ACC ] STREAM LISTENING 909887865 5513/master private/uucp
unix 2 [ ACC ] STREAM LISTENING 909887868 5513/master private/ifmail
unix 2 [ ACC ] STREAM LISTENING 909887871 5513/master private/bsmtp
unix 2 [ ACC ] STREAM LISTENING 909887874 5513/master private/smtp-amavis
unix 2 [ ACC ] SEQPACKET LISTENING 8792 318/systemd-udevd /run/udev/control
unix 2 [ ACC ] STREAM LISTENING 8470 1/init @/com/ubuntu/upstart
unix 2 [ ACC ] STREAM LISTENING 9854 831/dbus-daemon /var/run/dbus/system_bus_socket
unix 2 [ ACC ] STREAM LISTENING 11395 1333/python /var/run/fail2ban/fail2ban.sock
unix 2 [ ACC ] STREAM LISTENING 909923091 10634/saslauthd /opt/zimbra/data/sasl2/state/mux
unix 2 [ ACC ] STREAM LISTENING 909886794 4906/mysqld /opt/zimbra/db/mysql.sock
unix 2 [ ACC ] STREAM LISTENING 809909437 11261/dovecot /var/run/dovecot/anvil
unix 2 [ ACC ] STREAM LISTENING 809909441 11261/dovecot /var/run/dovecot/anvil-auth-penalty


If i disable the antispam service then 10024 is being taken
tcp 0 0 localhost:10024 *:* LISTEN 24698/amavisd (ch1-
tcp 0 0 localhost:10025 *:* LISTEN 24993/master
tcp 0 0 localhost:10026 *:* LISTEN 24698/amavisd (ch1-


can you help from above information
afsher
Posts: 6
Joined: Mon Nov 14, 2016 8:52 am

Re: antispam and antivirus issues

Post by afsher »

First of all, start amavisd and antivirus services. After that execute below commands one by one.

Step 1:

zimbra@mail:~$ zmcontrol start

Step 2:

zimbra@mail:~$ zmcontrol stop
zimbra@mail:~$ exit

Step 3:

root@mail:~# netstat –lntp
(Based on your feedback, the output should look like below)

Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 127.0.0.1:10024 0.0.0.0:* LISTEN 1260/amavisd-new (m
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1063/sshd
tcp6 0 0 ::1:10024 :::* LISTEN 1260/amavisd-new (m
tcp6 0 0 :::22 :::* LISTEN 1063/sshd

Step 4: Kill the process of amavisd-new.

root@mail:~# kill -9 1260

Again issue the command:

root@mail:~# netstat –lntp

If any process is found for amavisd-new with different PID, kill that process too till the process is being
stopped for amavisd-new.

Step 5:

Start the Zimbra service and check the email transactions.

zimbra@mail:~$ zmcontrol start
Post Reply