# Problem with amavis-new and postfix [solved]

## mariourk

I have a weird problem with amavis-new and postfix.

What I want, is to get a virusscanner running on my mailserver. I want to use amavis-new for this, in combination with f-prot.

First I tried to get it runing on my own server and, after I got it working, do the same on the server of the company I work for.

After some hours of tweaking I have everything smooth running on my own server. So setting up a virusscanner on the server of my company should be a piece of cake.

This however, is not the case. I made the same configuration as my own server and restarted postfix. After that, the server doesn't recieve any mails anymore until I undo the changes in the configuration of Postfix and restart in again. In the logs I see these messages:

```

Feb  7 14:46:59 [postfix/smtp] 97CB5AF4CD: to=<mtennapel@gbugroep.nl>, relay=none, delay=4068, status=deferred (connect to 127.0.0.1[127.0.0.1]: server dropped connection without sending the initial greeting)

Feb  7 14:46:59 [amavis] DENIED ACCESS from IP 10.0.0.150

Feb  7 14:46:59 [postfix/smtp] connect to 127.0.0.1[127.0.0.1]: server dropped connection without sending the initial greeting (port 10024)

Feb  7 14:46:59 [amavis] DENIED ACCESS from IP 10.0.0.150

Feb  7 14:46:59 [postfix/smtp] connect to 127.0.0.1[127.0.0.1]: server dropped connection without sending the initial greeting (port 10024)

Feb  7 14:46:59 [postfix/smtp] CDFADAF4CF: to=<mtennapel@gbugroep.nl>, relay=none, delay=2972, status=deferred (connect to 127.0.0.1[127.0.0.1]: server dropped connection without sending the initial greeting)

Feb  7 14:46:59 [postfix/smtp] C9C87AF4BF: to=<jwillems@gbugroep.nl>, relay=none, delay=86863, status=deferred (connect to 127.0.0.1[127.0.0.1]: server dropped connection without sending the initial greeting)

Feb  7 14:46:59 [postfix/qmgr] C4712AF4CB: to=<mtennapel@gbugroep.nl>, relay=none, delay=4205, status=deferred (connect to 127.0.0.1[127.0.0.1]: server dropped connection without sending the initial greeting)

Feb  7 14:46:59 [postfix/qmgr] C6FE5AF4C7: to=<jkaptijn@gbugroep.nl>, relay=none, delay=83082, status=deferred (connect to 127.0.0.1[127.0.0.1]: server dropped connection without sending the initial greeting)

Feb  7 14:46:59 [postfix/qmgr] CF017AF4C2: to=<peter@gbugroep.nl>, relay=none, delay=86822, status=deferred (connect to 127.0.0.1[127.0.0.1]: server dropped connection without sending the initial greeting)

```

Iptables is not the problem: After I put the policy of the INPUT-chain to ACCEPT it didn't solve the problem. Hosts.allow and hosts.deny aren't the problem either.

Does someone know why it doesn't work???

Thanks a lotLast edited by mariourk on Sat Oct 21, 2006 6:07 pm; edited 3 times in total

----------

## mariourk

The problem seems to be with amavisd-new.

In my logs I see these errors:

```

log-2004-02-09-08:56:33:Feb  9 08:39:06 [postfix/qmgr] warning: connect to transport amavis: No such file or directory

```

If I start amavisd-new, I see this in my logs:

```

log-2004-02-09-09:17:23:Feb  9 09:17:21 [amavis] starting.  amavisd at mail amavisd-new-20030616-p6, Unicode aware

log-2004-02-09-09:17:23:Feb  9 09:17:21 [amavis] Perl version               5.008

log-2004-02-09-09:17:23:Feb  9 09:17:21 [amavis] Module Amavis::Conf        1.15

log-2004-02-09-09:17:23:Feb  9 09:17:21 [amavis] Module Archive::Tar        1.03

log-2004-02-09-09:17:23:Feb  9 09:17:21 [amavis] Module Archive::Zip        1.06

log-2004-02-09-09:17:23:Feb  9 09:17:21 [amavis] Module Compress::Zlib      1.22

log-2004-02-09-09:17:23:Feb  9 09:17:21 [amavis] Module Convert::TNEF       0.17

log-2004-02-09-09:17:23:Feb  9 09:17:21 [amavis] Module Convert::UUlib      0.31

log-2004-02-09-09:17:23:Feb  9 09:17:21 [amavis] Module MIME::Entity        5.404

log-2004-02-09-09:17:23:Feb  9 09:17:21 [amavis] Module MIME::Parser        5.406

log-2004-02-09-09:17:23:Feb  9 09:17:21 [amavis] Module MIME::Tools         5.411

log-2004-02-09-09:17:23:Feb  9 09:17:21 [amavis] Module Mail::Header        1.58

log-2004-02-09-09:17:23:Feb  9 09:17:21 [amavis] Module Mail::Internet      1.58

log-2004-02-09-09:17:23:Feb  9 09:17:21 [amavis] Module Net::Cmd            2.24

log-2004-02-09-09:17:23:Feb  9 09:17:21 [amavis] Module Net::SMTP           2.26

log-2004-02-09-09:17:23:Feb  9 09:17:21 [amavis] Module Net::Server         0.85

log-2004-02-09-09:17:23:Feb  9 09:17:21 [amavis] Module Time::HiRes         1.54

log-2004-02-09-09:17:23:Feb  9 09:17:21 [amavis] Module Unix::Syslog        0.100

log-2004-02-09-09:17:23:Feb  9 09:17:21 [amavis] Found myself: /usr/sbin/amavisd -c /etc/amavisd.conf

log-2004-02-09-09:17:23:Feb  9 09:17:21 [amavis] Lookup::SQL code       NOT loaded

log-2004-02-09-09:17:23:Feb  9 09:17:21 [amavis] Lookup::LDAP code      NOT loaded

log-2004-02-09-09:17:23:Feb  9 09:17:21 [amavis] AMCL-in protocol code  loaded

log-2004-02-09-09:17:23:Feb  9 09:17:21 [amavis] SMTP-in protocol code  loaded

log-2004-02-09-09:17:23:Feb  9 09:17:21 [amavis] ANTI-VIRUS code        loaded

log-2004-02-09-09:17:23:Feb  9 09:17:21 [amavis] ANTI-SPAM  code        NOT loaded

log-2004-02-09-09:17:23:Feb  9 09:17:21 [amavis] Net::Server: Process Backgrounded

log-2004-02-09-09:17:23:Feb  9 09:17:21 [amavis] Net::Server: 2004/02/09-09:17:21 Amavis (type Net::Server::PreForkSimple) starting! pid(27362)

log-2004-02-09-09:17:23:Feb  9 09:17:21 [amavis] Net::Server: Binding to UNIX socket file /var/run/amavis/amavisd.sock using SOCK_STREAM

log-2004-02-09-09:17:23:Feb  9 09:17:21 [amavis] Net::Server: Binding to TCP port 10024 on host 127.0.0.1

log-2004-02-09-09:17:23:Feb  9 09:17:21 [amavis] Net::Server: Setting gid to "601 601"

log-2004-02-09-09:17:23:Feb  9 09:17:21 [amavis] Net::Server: Setting uid to "1009"

log-2004-02-09-09:17:23:Feb  9 09:17:21 [amavis] Net::Server: Couldn't POSIX::setuid to "1009" []

log-2004-02-09-09:17:23:Feb  9 09:17:21 [amavis] Found $file       at /usr/bin/file

log-2004-02-09-09:17:23:Feb  9 09:17:21 [amavis] Found $arc        at /usr/bin/arc

log-2004-02-09-09:17:23:Feb  9 09:17:21 [amavis] Found $gzip       at /bin/gzip

log-2004-02-09-09:17:23:Feb  9 09:17:21 [amavis] Found $bzip2      at /bin/bzip2

log-2004-02-09-09:17:23:Feb  9 09:17:21 [amavis] No $lzop,         not using it

log-2004-02-09-09:17:23:Feb  9 09:17:21 [amavis] Found $lha        at /usr/bin/lha

log-2004-02-09-09:17:23:Feb  9 09:17:21 [amavis] Found $unarj      at /usr/bin/unarj

log-2004-02-09-09:17:23:Feb  9 09:17:21 [amavis] Found $uncompress at /usr/bin/uncompress

log-2004-02-09-09:17:23:Feb  9 09:17:21 [amavis] No $unfreeze,     not using it

log-2004-02-09-09:17:23:Feb  9 09:17:21 [amavis] Found $unrar      at /usr/bin/unrar

log-2004-02-09-09:17:23:Feb  9 09:17:21 [amavis] Found $zoo        at /usr/bin/zoo

log-2004-02-09-09:17:23:Feb  9 09:17:22 [amavis] Found $cpio       at /usr/bin/cpio

log-2004-02-09-09:17:23:Feb  9 09:17:22 [amavis] Found primary av scanner FRISK F-Prot Antivirus at /usr/bin/f-prot.sh

```

I also got errors that the acces for amavis to 10.0.0.150 (ip of net.eth1, attached to my ADSL-modem) was DENIED.

Anyone who knows what could be wrong???   :Confused: 

Thanks.Last edited by mariourk on Mon Feb 09, 2004 11:22 am; edited 1 time in total

----------

## mariourk

Here you can see the "acces DENIED errors"

```

Feb  9 11:34:10 [amavis] DENIED ACCESS from IP 10.0.0.150

Feb  9 11:34:10 [amavis] DENIED ACCESS from IP 10.0.0.150

Feb  9 11:34:11 [amavis] DENIED ACCESS from IP 10.0.0.150

Feb  9 11:34:11 [amavis] DENIED ACCESS from IP 10.0.0.150

Feb  9 11:34:11 [amavis] DENIED ACCESS from IP 10.0.0.150

Feb  9 11:34:11 [amavis] DENIED ACCESS from IP 10.0.0.150

Feb  9 11:34:36 [postfix/qmgr] warning: connect to transport amavis: No such file or directory

Feb  9 11:35:36 [postfix/qmgr] warning: connect to transport amavis: No such file or directory

Feb  9 11:36:36 [postfix/qmgr] warning: connect to transport amavis: No such file or directory

Feb  9 11:37:30 [amavis] Net::Server: 2004/02/09-11:37:30 Server closing!

Feb  9 11:37:36 [postfix/qmgr] warning: connect to transport amavis: No such file or directory

```

----------

## chockymonster

Can you post up the bottom of your master.cf and the content scanner line from your main.cf???

----------

## mariourk

Ofcource, that was stupid of me. Here they are.

/etc/postfix/main.cf

```

#virusscanner

content_filter = smtp-amavis:[127.0.0.1]:10024

```

/etc/postfix/master.cf

```

smtp-amavis unix -      -       n       -       2  smtp

        -o smtp_data_done_timeout=1200

127.0.0.1:10025 inet n  -       n       -       -  smtpd

        -o content_filter=

        -o local_recipient_maps=

        -o relay_recipient_maps=

        -o smtpd_restriction_classes=

        -o smtpd_client_restrictions=

        -o smtpd_helo_restrictions=

        -o smtpd_sender_restrictions=

        -o smtpd_recipient_restrictions=permit_mynetworks,reject

        -o mynetworks=127.0.0.0/8

        -o strict_rfc821_envelopes=yes

        -o smtpd_error_sleep_time=0

        -o smtpd_soft_error_limit=1001

        -o smtpd_hard_error_limit=1000

```

I also tried this in /etc/postfix/master.cf

```

smtp-amavis unix -      -       n       -       2  smtp

        -o smtp_data_done_timeout=1200

        -o disable_dns_lookups=yes

127.0.0.1:10025 inet n  -       n       -       -  smtpd

        -o content_filter=

        -o local_recipient_maps=

        -o relay_recipient_maps=

        -o smtpd_restriction_classes=

        -o smtpd_client_restrictions=

        -o smtpd_helo_restrictions=

        -o smtpd_sender_restrictions=

        -o smtpd_recipient_restrictions=permit_mynetworks,reject

        -o mynetworks=127.0.0.0/8

        -o strict_rfc821_envelopes=yes

        -o smtpd_error_sleep_time=0

        -o smtpd_soft_error_limit=1001

        -o smtpd_hard_error_limit=1000

```

But that didn't make any difference.

----------

## axxackall

 *mariourk wrote:*   

> The problem seems to be with amavisd-new.
> 
> In my logs I see these errors:
> 
> ```
> ...

 

I had something like this before. I remember that one of amavis folders or log files had not had proper permissions to create new files or new records. I don't remember exactly, but I've fixed permissions and it helped.

On another box amavis listened on 127.0.0.1, whil postfix has tried to connect to the real IP address (like DSL). I fixed that and it helped too.

----------

## Hoosier

What does your /etc/amavisd.conf have in it for binds and access controls?

Here's mine:

```

# SMTP SERVER (INPUT) access control

# - do not allow free access to the amavisd SMTP port !!!

#

# when MTA is at the same host, use the following (one or the other or both):

$inet_socket_bind = '127.0.0.1'; # limit socket bind to loopback interface

                                  # (default is '127.0.0.1')

@inet_acl = qw( 127.0.0.1 );      # allow SMTP access only from localhost IP

                                  # (default is qw( 127.0.0.1 ) )

```

As for the Net::Server errors, have you applied the patch mentioned on the amavisd-new webpage http://www.ijs.si/software/amavisd/#faq-net-server.

----------

## chockymonster

Try this

Stop Amavis.

As the amavis user run

amavisd debug

See if amavis actually starts correctly.

----------

## mariourk

Problem solved.

I had no outgoing interface (-o eth1) defined, with iptables, in the SNAT-rule that I use for routing. So any outgoing trafic, including that from the loopback interface was translated to 10.0.0.150

----------

