In my Centos 6.4 server, I am using Postfix and Dovecot with Amavis/ClamAV filter. Lately I have been trying to solve my spam problem(only occurs in Gmail and Hotmail) so I've been tailing logs.
Though I can send and receive e-mails, I have realized that Clamav causes error in /var/log/maillog so I think perhaps it can help my spam problem if I can solve this error.
That's the main error, I think the rest of the process goes allright.
(!)connect to /var/run/clamav/clamd.sock failed, attempt #1: Can't connect to UNIX socket /var/run/clamav/clamd.sock: No such file or directory
Test information:
XX.XX.XX.XX: Sender Client IP (This time Thunderbird)
YY.YY.YY.YY: My mail server IP
user@mydomain.com: Sender address
target@thatdomain.com: Receiver address (This time Gmail)
When I send an e-mail from a mail account in my server, Here's how /var/log/maillog looks:
postfix[3422]: warning: XX.XX.XX.XX: hostname XX.XX.XX.XX.static.ttnet.com.tr verification failed: Name or service not known
postfix[3422]: connect from unknown[XX.XX.XX.XX]
postfix[3422]: setting up TLS connection from unknown[XX.XX.XX.XX]
postfix[3422]: Anonymous TLS connection established from unknown[XX.XX.XX.XX]: TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)
postfix[3422]: D894AC1E61: client=unknown[XX.XX.XX.XX], sasl_method=PLAIN, sasl_username=user@mydomain.com
postfix/cleanup[3429]: D894AC1E61: message-id=<5270DDBB.8020506@mydomain.com>
postfix/qmgr[1310]: D894AC1E61: from=<user@mydomain.com>, size=862, nrcpt=1 (queue active)
amavis[3326]: (03326-01) ESMTP::10024 /var/amavis/tmp/amavis-20131030T102202-03326-IY7b8Pdi: <user@mydomain.com> -> <target@thatdomain.com> SIZE=862 Received: from host.mydomain.com ([127.0.0.1]) by localhost (mydomain.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP for <target@thatdomain.com>; Wed, 30 Oct 2013 10:22:02 +0000 (UTC)
amavis[3326]: (03326-01) Checking: MemHkAhbAuqt [XX.XX.XX.XX] <user@mydomain.com> -> <target@thatdomain.com>
amavis[3326]: (03326-01) Open relay? Nonlocal recips but not originating: target@thatdomain.com
amavis[3326]: (03326-01) (!)connect to /var/run/clamav/clamd.sock failed, attempt #1: Can't connect to UNIX socket /var/run/clamav/clamd.sock: 2
amavis[3326]: (03326-01) ClamAV-clamd: All attempts (1) failed connecting to /var/run/clamav/clamd.sock, retrying (1)
postfix[3422]: disconnect from unknown[XX.XX.XX.XX]
amavis[3326]: (03326-01) (!)connect to /var/run/clamav/clamd.sock failed, attempt #1: Can't connect to UNIX socket /var/run/clamav/clamd.sock: No such file or directory
amavis[3326]: (03326-01) (!)ClamAV-clamd: All attempts (1) failed connecting to /var/run/clamav/clamd.sock, retrying (2)
amavis[3326]: (03326-01) (!)connect to /var/run/clamav/clamd.sock failed, attempt #1: Can't connect to UNIX socket /var/run/clamav/clamd.sock: No such file or directory
amavis[3326]: (03326-01) (!)ClamAV-clamd av-scanner FAILED: run_av error: Too many retries to talk to /var/run/clamav/clamd.sock (All attempts (1) failed connecting to /var/run/clamav/clamd.sock) at (eval 113) line 600.\n
amavis[3326]: (03326-01) (!)WARN: all primary virus scanners failed, considering backups
postfix[3433]: connect from unknown[127.0.0.1]
postfix[3433]: E52C1C1E71: client=unknown[127.0.0.1]
postfix/cleanup[3429]: E52C1C1E71: message-id=<5270DDBB.8020506@mydomain.com>
postfix/qmgr[1310]: E52C1C1E71: from=<user@mydomain.com>, size=1279, nrcpt=1 (queue active)
amavis[3326]: (03326-01) FWD from <user@mydomain.com> -> <target@thatdomain.com>,BODY=7BIT 250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as E52C1C1E71
amavis[3326]: (03326-01) Passed CLEAN {RelayedOpenRelay}, [XX.XX.XX.XX]:33926 [XX.XX.XX.XX] <user@mydomain.com> -> <target@thatdomain.com>, Message-ID: <5270DDBB.8020506@mydomain.com>, mail_id: MemHkAhbAuqt, Hits: 0.106, size: 862, queued_as: E52C1C1E71, 14736 ms
postfix/smtp[3430]: D894AC1E61: to=<target@thatdomain.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=15, delays=0.53/0.01/0.01/15, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as E52C1C1E71)
postfix/qmgr[1310]: D894AC1E61: removed
amavis[3326]: (03326-01) extra modules loaded: unicore/lib/gc_sc/Digit.pl, unicore/lib/gc_sc/SpacePer.pl
postfix/smtp[3436]: E52C1C1E71: to=<target@thatdomain.com>, relay=gmail-smtp-in.l.google.com[74.125.142.27]:25, delay=1.2, delays=0.01/0.02/0.68/0.5, dsn=2.0.0, status=sent (250 2.0.0 OK 1383128540 x12si3704513igx.15 - gsmtp)
postfix/qmgr[1310]: E52C1C1E71: removed
dovecot: imap-login: Login: user=<user@mydomain.com>, method=PLAIN, rip=::1, lip=::1, mpid=3439, secured
dovecot: imap(user@mydomain.com): Disconnected: Logged out bytes=90/777
And here's the source code of received mail in Gmail:
Delivered-To: target@thatdomain.com
Received: by 10.68.54.102 with SMTP id i6csp217498pbp;
Wed, 30 Oct 2013 03:22:20 -0700 (PDT)
X-Received: by 10.50.6.99 with SMTP id z3mr1702938igz.27.1383128540254;
Wed, 30 Oct 2013 03:22:20 -0700 (PDT)
Return-Path: <user@mydomain.com>
Received: from host.mydomain.com (mydomain.com. [YY.YY.YY.YY])
by mx.google.com with ESMTPS id x12si3704513igx.15.2013.10.30.03.22.19
for <target@thatdomain.com>
(version=TLSv1 cipher=RC4-SHA bits=128/128);
Wed, 30 Oct 2013 03:22:20 -0700 (PDT)
Received-SPF: pass (google.com: domain of user@mydomain.com designates YY.YY.YY.YY as permitted sender) client-ip=YY.YY.YY.YY;
Authentication-Results: mx.google.com;
spf=pass (google.com: domain of user@mydomain.com designates YY.YY.YY.YY as permitted sender) smtp.mail=user@mydomain.com
Received: from localhost (unknown [127.0.0.1])
by host.mydomain.com (Postfix) with ESMTP id E52C1C1E71
for <target@thatdomain.com>; Wed, 30 Oct 2013 10:22:16 +0000 (UTC)
X-Virus-Scanned: amavisd-new at mydomain.com
Received: from host.mydomain.com ([127.0.0.1])
by localhost (mydomain.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id MemHkAhbAuqt for <target@thatdomain.com>;
Wed, 30 Oct 2013 10:22:02 +0000 (UTC)
Received: from [192.168.2.15] (unknown [XX.XX.XX.XX])
(using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits))
(No client certificate requested)
by host.mydomain.com (Postfix) with ESMTPSA id D894AC1E61
for <target@thatdomain.com>; Wed, 30 Oct 2013 10:22:01 +0000 (UTC)
Message-ID: <5270DDBB.8020506@mydomain.com>
Date: Wed, 30 Oct 2013 12:21:47 +0200
From: mydomain Development Base <user@mydomain.com>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.0
MIME-Version: 1.0
To: target@thatdomain.com
Subject: That's the mail
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=ISO-8859-1">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<font face="Helvetica, Arial, sans-serif">What's up?</font>
</body>
</html>
Though it all seems fine and have scanned by amavisd-new, it goes to spam. I don't necessarily ask why but if it's related to not being scanned correctly, I need to fix this issue.
And here's how I use CLAMAV in /etc/amavisd.conf file:
['ClamAV-clamd',
\&ask_daemon, ["CONTSCAN {}\n", "/var/run/clamav/clamd.sock"],
qr/\bOK$/m, qr/\bFOUND$/m,
qr/^.*?: (?!Infected Archive)(.*) FOUND$/m ],
The file clamd.sock is not exist under /var/run/clamav/ dir, and this dir is chowned by clamav user and group (the service doesn't start when it's not). I don't know if it's a dynamic file that is being created and deleted on runtime but I don't think there's any issue with permissions, perhaps some process or service is missing to create the file.
Any ideas? Thanks in advance.
Best Answer
You need to make sure that you have clamd configured to provide the socket in the same way in both amavisd (in /etc/amavisd.conf) and clamd (/etc/clamd.conf), otherwise they will not be able to communicate.