Results 1 to 18 of 18

Thread: Not Receiving Email since uninstalling ClamAV

  1. #1
    Join Date
    Aug 2007
    Location
    Antipolo City, Rizal, Philippines (a British National)
    Posts
    144

    Question Not Receiving Email Since Uninstalling ClamAV

    Hi, earlier today, due to other problems, I uninstalled ClamAV. I also removed manually, all related files and the antivirus entry in exim.conf (sorry, can't remember the exact line now).

    Since I did this, no domain appears to be receiving emails. They can send emails successfully, but when they are sent to a local domain, they never seem to arrive. Emails from the outside world are also not being delivered.

    It looks like I might have found the undelivered messages.

    They appear to be at /var/spool/virtual/snowweb.net(or whatever other affected domain)/ in a file called by the users name.

    I have tried all the usual things like restarting my VPS container, Exim, DA, etc. I have also switched to the default exim.conf and exim.pl files. I have also tried disabling SpamAssassin but it made no difference.

    I tried reinstalling ClamAV too, but even that didn't resolve it, so I stripped it out again.

    Please see the log entries below relating to the test email I tried to send from cafe2@snowweb.co.uk to cafe2@gmahoa.info:

    Exim Mainlog:
    2009-06-02 17:48:10 1MBQbK-0003gn-1z <= cafe2@snowweb.co.uk H=(snow-laptop) [124.104.182.33] P=esmtpa A=plain:cafe2@snowweb.co.uk S=3651 id=1946495645.20090602175226@snowweb.co.uk T="test 11" from <cafe2@snowweb.co.uk> for cafe2@gmahoa.info
    2009-06-02 17:48:10 1MBQbK-0003gn-1z => peter <cafe2@gmahoa.info> F=<cafe2@snowweb.co.uk> R=virtual_user T=virtual_localdelivery S=3815
    System Maillog
    Jun 2 17:48:58 s1 dovecot[6040]: POP3(cafe2@gmahoa.info): Disconnected: Logged out top=0/0, retr=0/0, del=0/7, size=543911
    There was no reference to the test email in the Exim Rejectlog or Paniclog.

    I have been working on this issue for the last 12 hours and I'm becoming very unpopular (not to mention, tired and hungry!). I have run out of things to check now.

    Please, please can someone help me?
    Last edited by snowweb; 06-02-2009 at 07:36 AM.
    --
    Kind regards,

    pete.

    My Server Details
    I'm running a VPS provided by Serverpoint.com.
    The VPS has a Parallels Power Panel - Virtuozzo Container manager and the OS is CentOS 5.0

  2. #2
    Join Date
    Jun 2003
    Location
    California
    Posts
    26,123
    You're running Dovecot and the Maildir file system, but it appears that your exim.conf file only works with the old mbox file system.

    The easy way to resolve this is to just convert your system to Dovecot; you can find threads here. Just do the entire conversion, following all the steps.

    Jeff
    +1 951 643-5345
    Third-Party DirectAdmin administration and support
    Dedicated Servers, Dedicated Reseller Accounts
    NoBaloney Internet Services div. Qnito Incorporated
    848 North Rainbow Blvd., Suite #3789
    Las Vegas, NV 89107-1103

  3. #3
    Join Date
    Aug 2007
    Location
    Antipolo City, Rizal, Philippines (a British National)
    Posts
    144
    Hi Jeff, boy am I glad to see you!!

    Sorry for the delay here, we've had a lengthy power cut since I posted (what timing!).

    I'm trying to convert now, I'm following the instructions here, but got this error,

    [root@s1 ~]# cd /usr/local/directadmin/custombuild
    [root@s1 custombuild]# ./build clean
    There is wrong default PHP in /usr/local/directadmin/custombuild/options.conf set.
    [root@s1 custombuild]#
    Any ideas?

    If anyone else has any ideas, please feel free to join in, as I think Jeff may be offline now and I'm really in trouble now as we're nearly 19 hours without email

    Thanks,

    pete
    Last edited by snowweb; 06-02-2009 at 03:34 PM.
    --
    Kind regards,

    pete.

    My Server Details
    I'm running a VPS provided by Serverpoint.com.
    The VPS has a Parallels Power Panel - Virtuozzo Container manager and the OS is CentOS 5.0

  4. #4
    Join Date
    Aug 2007
    Location
    Antipolo City, Rizal, Philippines (a British National)
    Posts
    144
    Please can someone help me. For almost 24 hours now we have had no email on any domain. Direct Admin support have not responded to my support request and I can't remember when I last ate or slept.

    If somehow I've offended somebody, I apologize from in all sincerity. If you PM me and explain how I've created offense, I'll apologize more completely.

    Please, please help me.

    Regards,

    pete
    --
    Kind regards,

    pete.

    My Server Details
    I'm running a VPS provided by Serverpoint.com.
    The VPS has a Parallels Power Panel - Virtuozzo Container manager and the OS is CentOS 5.0

  5. #5
    Join Date
    Aug 2007
    Location
    Antipolo City, Rizal, Philippines (a British National)
    Posts
    144
    It seems that this problem is caused by the fact that I have removed clamav but exim is still looking for it to scan the messages.

    There are a lot of people with the same issue, I've found about 5 on this forum so far and only two appeared to be solved. Unfortunately, those two were both fixed by someone who logged in and did the job for the poster and the solution was never explained here.

    At one point I typed exim start at the command line and it told me what line of exim.conf has an error (I can't make exim stop, start or restart now for some reason), but I fixed the line error anyway and next time I tried exim start the error was different. It was about not being able to open SMTP stream.

    I checked Exim Mainlog again:

    malware acl condition: unable to connect to sophie UNIX socket (/var/run/sophie). errno=2
    I've done some research an sophie appears to be concerning antivirus, probably clamav.

    So somewhere it would appear that Clamav did not uninstall cleanly and Exim is still trying to use it. May question is how can I stop Exim from trying to do that please?
    --
    Kind regards,

    pete.

    My Server Details
    I'm running a VPS provided by Serverpoint.com.
    The VPS has a Parallels Power Panel - Virtuozzo Container manager and the OS is CentOS 5.0

  6. #6
    Join Date
    Aug 2007
    Location
    Antipolo City, Rizal, Philippines (a British National)
    Posts
    144
    Is there someway I can search for 'sofphie' or 'clam' inside every file on the server to try to locate any reference directing Exim to try to connect to clamav/sophie?

    I've tried,

    grep -r 'sophie' /*
    It returns this:
    grep: /dev/log: No such device or address
    grep: /dev/vzfs: Permission denied
    but it does not give me back a command prompt. Could it still be searching?
    Last edited by snowweb; 06-02-2009 at 08:14 PM.
    --
    Kind regards,

    pete.

    My Server Details
    I'm running a VPS provided by Serverpoint.com.
    The VPS has a Parallels Power Panel - Virtuozzo Container manager and the OS is CentOS 5.0

  7. #7
    Hello,

    Just a followup for a few of the issues relating to this thread (after logging in to check a few things)

    1) The /etc/exim.conf wasn't patched for dovecot.
    I used this guide to update the exim.conf and repatch it:
    http://help.directadmin.com/item.php?id=51

    2) regarding the custombuild "default php" error, that was a bit strange, but simply deleting the options.conf and running "./build" forces it to generate a new one. The value appeared to be set correct in the options.conf, so I wasn't sure what the issue was there.. regardless, it's fixed. The working build script would have fixed step 1, but I did it manually anyway. I think the previous build script was a bit older (didn't check exactly).

    3) since mail was being delivered to /var/spool/virtual, I ran:
    ./build todovecot

    which reconverted everything over. I renamed /var/spool/virtual to virtual.moved, just so that if you run it again, you don't get duplciates, and so that the original emails isn't deleted. (delete that directory once you're satisfied everything is working ok)

    That should do the trick, the clamav stuff, you can attempt again. If you need to undo and start back to the default exim.conf again, use the guide mentioned above id=51 and don't forget to repatch for dovecot

    John

  8. #8
    Join Date
    Aug 2007
    Location
    Antipolo City, Rizal, Philippines (a British National)
    Posts
    144

    I could kiss you!

    Thanks John, you don't know how much you helped me. I really, really appreciate it.

    I've just recieved about 50 emails that were caught up and I'm sure the other domains are all back on form now too.

    I tried sending and that's working fine too.

    I might try ClamAV again if I really can't find an alternative. Rest assured, if I do, I will back up all system files and config next time, before I start.

    I'll check the guide you linked to also, so I can understand what you did.

    Thanks again for all your help.

    Regards,

    pete
    --
    Kind regards,

    pete.

    My Server Details
    I'm running a VPS provided by Serverpoint.com.
    The VPS has a Parallels Power Panel - Virtuozzo Container manager and the OS is CentOS 5.0

  9. #9
    Join Date
    Sep 2005
    Posts
    366
    Quote Originally Posted by snowweb View Post
    I've done some research an sophie appears to be concerning antivirus, probably clamav.
    It is. Make sure the following are removed from exim.conf:

    Code:
    av_scanner = clamd:/var/run/clamav/clamd
    Make sure that check_message: looks like:

    Code:
    check_message:
      accept
    All the lines between check_message: and accept are used by ClamAV. Remove them and you should be good to go.

  10. #10
    Join Date
    Aug 2007
    Location
    Antipolo City, Rizal, Philippines (a British National)
    Posts
    144
    Thanks for your input. I believe what you suggested was part of the problem. John's restored it all for me now and all is working great again (albeit without AV).

    Thanks guys.
    --
    Kind regards,

    pete.

    My Server Details
    I'm running a VPS provided by Serverpoint.com.
    The VPS has a Parallels Power Panel - Virtuozzo Container manager and the OS is CentOS 5.0

  11. #11
    Join Date
    Jun 2003
    Location
    California
    Posts
    26,123
    I'm sorry I didn't get back to earlier, and I'm happy that John was able to help you. We had unexpected thunderstorms all day yesterday and one of the power outages was jittery; it caused the (older) UPS protecting my office network (and connection to the 'net) to fail.

    Rather than risk further damage I used my laptop to take care of customer emergency issues yesterday.

    Today the sun is shining .

    I'm surprised I didn't catch earlier that when you uninstall clamav you need to make changes to to exim.conf. Since we all make changes to exim.conf when we install clamav we should all remember to undo those changes when we remove it, but as I proved the other day, we don't always remember that.

    The final release of SpamBlocker3 will include copious remarks on the subject (and on other subjects as well) and use the key word EDIT so you can search through it to find all the places where it needs to be edited.

    As an added note, we don't usually get thunderstorms here on the edge of the So. California desert, but when we do, they're doozies. A lady was hit by lightning and killed about ten miles from here yesterday. Desert thunderstorms are nothing to take lightly.

    Jeff
    +1 951 643-5345
    Third-Party DirectAdmin administration and support
    Dedicated Servers, Dedicated Reseller Accounts
    NoBaloney Internet Services div. Qnito Incorporated
    848 North Rainbow Blvd., Suite #3789
    Las Vegas, NV 89107-1103

  12. #12
    Join Date
    Aug 2007
    Location
    Antipolo City, Rizal, Philippines (a British National)
    Posts
    144
    Hi Jeff,

    It's ok, I understand completely, having also experienced 12 hours of blackout in the last 24! This is unfortunately not uncommon in the Philippines though.

    I think between yourself and John, you've just about solved most of my mail problems now, just minor issues left to deal with now.

    The new exim.conf sounds great. I'll be watching out for it.

    I guess if ClamAV alters exim.conf, when it is installed; If I have just replaced exim.conf, I'm now missing the ClamAV entries. The odd thing is that I can't find those entries in the previous exim.conf I was using (which I made a copy of).

    Do you know where I can find the alterations I need to make? Thanks.

    Pete
    --
    Kind regards,

    pete.

    My Server Details
    I'm running a VPS provided by Serverpoint.com.
    The VPS has a Parallels Power Panel - Virtuozzo Container manager and the OS is CentOS 5.0

  13. #13
    Join Date
    Jun 2003
    Location
    California
    Posts
    26,123
    Quote Originally Posted by snowweb View Post
    It's ok, I understand completely, having also experienced 12 hours of blackout in the last 24! This is unfortunately not uncommon in the Philippines though.
    A bunch of years ago I lived in Jacksonville Florida (one of the cities where our extended family has some roots; my uncle has his name on a lot of the municipal buildings there); it was at the time (and may still be) considered the lightning capital of the U.S. The office building where I had my office was the tallest downtown, and was hit by lightning generally at least once each major storm.
    I guess if ClamAV alters exim.conf, when it is installed; If I have just replaced exim.conf, I'm now missing the ClamAV entries. The odd thing is that I can't find those entries in the previous exim.conf I was using (which I made a copy of).

    Do you know where I can find the alterations I need to make?
    The standard exim.conf file, found here, does not include entries for ClamAV; you have to make those entries when you follow the installation instructions for ClamAV.

    My current distribution of the SpamBlocker exim.conf file, found on my site, here, does include the code, but it's commented out. While a work in progress, I consider it to be better overall than the one distributed by DirectAdmin. It's just not ready for mass distribution by them yet. If you decide to use it, then make sure you have the most recent exim.pl file downloaded from the same location, or perhaps a later one from the DirectAdmin download pages, if available. And be sure to look for those EDIT keywords and make changes as required.

    (I have an even newer version, which changes often, as I continue to fine-tune, but I don't recommend it except for systems administrators which specific needs who are fully conversant in exim.conf and it's modifications.)

    Jeff
    +1 951 643-5345
    Third-Party DirectAdmin administration and support
    Dedicated Servers, Dedicated Reseller Accounts
    NoBaloney Internet Services div. Qnito Incorporated
    848 North Rainbow Blvd., Suite #3789
    Las Vegas, NV 89107-1103

  14. #14
    Join Date
    Aug 2007
    Location
    Antipolo City, Rizal, Philippines (a British National)
    Posts
    144
    That's great. I think I'm about there now. I've found the ClamAV entries in your exim.conf 3.1beta and copied them over, also grabbed a few other snippets out of it too.

    Think I'll wait for a few weeks after the release before leap in with both feet though... I don't have the guts or the Unix experience to try out any betas on Linux! You know me, I'm always lucky if I can get a 'stable release' to work on Linux... You'll only end up fixing the mess I make for me!

    Looks like its all working great now though. My CPU usage and memory usage has nearly halfed since I upgraded ClamAV to the latest version (which is what started this week of hell!), so at least some good came out of it. Not to mention, I learned a fair bit from those who helped.

    Thanks to everyone. I'm planning to stick around and try to get to know this animal a bit better - who knows, maybe someday I might be able to help someone out someday!

    pete
    --
    Kind regards,

    pete.

    My Server Details
    I'm running a VPS provided by Serverpoint.com.
    The VPS has a Parallels Power Panel - Virtuozzo Container manager and the OS is CentOS 5.0

  15. #15
    Join Date
    Jun 2003
    Location
    California
    Posts
    26,123
    Hopefully you're also using the SpamBlocker features built into your version of exim.conf; they generally block about 90% of the email coming into the server, which really cuts down the use of resources.

    Jeff
    +1 951 643-5345
    Third-Party DirectAdmin administration and support
    Dedicated Servers, Dedicated Reseller Accounts
    NoBaloney Internet Services div. Qnito Incorporated
    848 North Rainbow Blvd., Suite #3789
    Las Vegas, NV 89107-1103

  16. #16
    Join Date
    Aug 2007
    Location
    Antipolo City, Rizal, Philippines (a British National)
    Posts
    144
    Quote Originally Posted by jlasman View Post
    Hopefully you're also using the SpamBlocker features built into your version of exim.conf; they generally block about 90% of the email coming into the server, which really cuts down the use of resources.

    Jeff
    Yeah, I believe I am, there's not much left commented in it and I'm using all available DNSBL's as well as SpamAssassin. I'm planning to see what extra modules SpamAssassin can have added in, to enhance it's efficiency too. I noticed somewhere, something about 'Autolearn', which might be useful.

    However, I'm noticing a significant reduction in spam to our inboxes since we installed the new exim.conf and exim.pl. I think ClamAV also has an element of spam filtering built-in too, so possibly having just upgraded it, is having a limited effect too.

    All in all, I'm gonna sleep better tonight!

    pete
    --
    Kind regards,

    pete.

    My Server Details
    I'm running a VPS provided by Serverpoint.com.
    The VPS has a Parallels Power Panel - Virtuozzo Container manager and the OS is CentOS 5.0

  17. #17
    Join Date
    Sep 2007
    Posts
    35
    I suppose we should just backup the exim.conf file and append an extension such as .noclamav for a quick reversal should it be required. Yeah?

  18. #18
    Join Date
    Jun 2003
    Location
    California
    Posts
    26,123
    You can do that .

    Jeff
    +1 951 643-5345
    Third-Party DirectAdmin administration and support
    Dedicated Servers, Dedicated Reseller Accounts
    NoBaloney Internet Services div. Qnito Incorporated
    848 North Rainbow Blvd., Suite #3789
    Las Vegas, NV 89107-1103

Similar Threads

  1. Email Not Receiving
    By chrisrandell in forum General Technical Discussion & Troubleshooting
    Replies: 3
    Last Post: 02-05-2011, 06:12 PM
  2. Receiving System email
    By wildmanmatt in forum E-Mail
    Replies: 3
    Last Post: 01-30-2010, 12:19 PM
  3. Replies: 4
    Last Post: 12-30-2008, 09:28 AM
  4. Problems receiving email
    By dwilko in forum E-Mail
    Replies: 1
    Last Post: 03-15-2008, 04:16 PM
  5. not receiving email.
    By Rprp in forum E-Mail
    Replies: 4
    Last Post: 03-09-2008, 08:43 AM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •