# HELP - Cant send email anymore

## Moriah

As of this morning, I cannor send email anymore thru my sendmail server.  I connect via imap with thunderbird.  When I try to send an email I get a short little pop-up that says:

```

Sending of the message failed.

An error occurred while sending mail. The mail server responded: Please try again later. Please verify that your email address is correct in your account settings and try again.

```

I tried this from 2 different machines on my LAN, and also using emacs sendmail from a different username, and it always fails.  Emacs reports "error code 451"/

I tried rebooting the mail server, but it does not help.

A more meaningful error message would be helpful.

/var/log/messages shows:

```

Jan 28 09:27:02 eli sm-mta[25970]: 20SEQunN025970: <-- EHLO [5.188.206.146]

Jan 28 09:27:02 eli sm-mta[25970]: 20SEQunN025970: --- 250-eli.elilabs.com Hello [5.188.206.234], pleased to meet you

Jan 28 09:27:02 eli sm-mta[25970]: 20SEQunN025970: --- 250-ENHANCEDSTATUSCODES

Jan 28 09:27:02 eli sm-mta[25970]: 20SEQunN025970: --- 250-PIPELINING

Jan 28 09:27:02 eli sm-mta[25970]: 20SEQunN025970: --- 250-EXPN

Jan 28 09:27:02 eli sm-mta[25970]: 20SEQunN025970: --- 250-VERB

Jan 28 09:27:02 eli sm-mta[25970]: 20SEQunN025970: --- 250-8BITMIME

Jan 28 09:27:02 eli sm-mta[25970]: 20SEQunN025970: --- 250-SIZE

Jan 28 09:27:02 eli sm-mta[25970]: 20SEQunN025970: --- 250-DSN

Jan 28 09:27:02 eli sm-mta[25970]: 20SEQunN025970: --- 250-ETRN

Jan 28 09:27:02 eli sm-mta[25970]: 20SEQunN025970: --- 250-AUTH LOGIN PLAIN

Jan 28 09:27:02 eli sm-mta[25970]: 20SEQunN025970: --- 250-DELIVERBY

Jan 28 09:27:02 eli sm-mta[25970]: 20SEQunN025970: --- 250 HELP

Jan 28 09:27:02 eli sm-mta[25970]: STARTTLS=read, info: fds=8/3, err=2

Jan 28 09:27:02 eli sshd[25996]: Received disconnect from 192.168.2.2 port 48770:11: disconnected by user

Jan 28 09:27:02 eli sshd[25996]: Disconnected from user root 192.168.2.2 port 48770

Jan 28 09:27:02 eli sshd[25996]: pam_unix(sshd:session): session closed for user root

Jan 28 09:27:03 eli sm-mta[25987]: 20SER0gq025987: <-- AUTH LOGIN

Jan 28 09:27:03 eli sm-mta[25987]: 20SER0gq025987: SMTP AUTH command (LOGIN) from [5.34.205.74] tempfailed (due to previous checks)

Jan 28 09:27:03 eli sm-mta[25987]: 20SER0gq025987: --- 454 4.3.0 Please try again later

Jan 28 09:27:04 eli sm-mta[25987]: 20SER0gq025987: <-- QUIT

Jan 28 09:27:04 eli sm-mta[25987]: 20SER0gq025987: --- 221 2.0.0 eli.elilabs.com closing connection

Jan 28 09:27:04 eli sm-mta[25987]: 20SER0gq025987: [5.34.205.74] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA

Jan 28 09:27:04 eli sm-mta[25970]: 20SEQunN025970: <-- AUTH LOGIN

Jan 28 09:27:04 eli sm-mta[25970]: 20SEQunN025970: SMTP AUTH command (LOGIN) from [5.188.206.234] tempfailed (due to previous checks)

Jan 28 09:27:04 eli sm-mta[25970]: 20SEQunN025970: --- 454 4.3.0 Please try again later

Jan 28 09:27:04 eli sm-mta[25970]: STARTTLS=read, info: fds=8/3, err=2

Jan 28 09:27:05 eli sm-mta[25970]: 20SEQunN025970: --- 421 4.4.1 eli.elilabs.com Lost input channel from [5.188.206.234]

Jan 28 09:27:05 eli sm-mta[25970]: 20SEQunN025970: [5.188.206.234] did not issue MAIL/EXPN/VRFY/ETRN during connection to SSLMTA

```

What could have gone wrong?

----------

## alamahant

Are you using certs?

Were your certs recently expired or renewed?

 *Quote:*   

> 
> 
> Jan 28 09:27:02 eli sm-mta[25970]: STARTTLS=read, info: fds=8/3, err=2
> 
> 

 

----------

## Moriah

That's a good thought.  Would that be client certs, or server certs?  It appears I am able to receive mail from others.  I just looked in /var/spool/main/ to verify that, so maybe my client certs are bad.  BUT... I tried sending from 2 different machines and 2 different users, but maybe the certs were the same.  I don't yet know.

I am busy with a client right now, but here is more detail from /var/log/messages:

```

Jan 28 14:57:39 eli sm-mta[804]: NOQUEUE: connect from [5.34.205.74]

Jan 28 14:57:39 eli sm-mta[804]: AUTH: available mech=PLAIN LOGIN, allowed mech=LOGIN PLAIN

Jan 28 14:57:39 eli sm-mta[804]: 20SJvdeR000804: Milter (clamav): local socket name /var/run/clamav/cla

mav-milter.sock unsafe

Jan 28 14:57:39 eli sm-mta[804]: 20SJvdeR000804: Milter (clamav): to error state

Jan 28 14:57:39 eli sm-mta[804]: 20SJvdeR000804: Milter: initialization failed, temp failing commands

Jan 28 14:57:39 eli sm-mta[804]: 20SJvdeR000804: --- 220 eli.elilabs.com ESMTP Sendmail 8.15.2/8.14.4; 

Fri, 28 Jan 2022 14:57:39 -0500

Jan 28 14:57:40 eli sm-mta[804]: 20SJvdeR000804: <-- EHLO localhost

Jan 28 14:57:40 eli sm-mta[804]: 20SJvdeR000804: --- 250-eli.elilabs.com Hello [5.34.205.74], pleased t

o meet you

Jan 28 14:57:40 eli sm-mta[804]: 20SJvdeR000804: --- 250-ENHANCEDSTATUSCODES

Jan 28 14:57:40 eli sm-mta[804]: 20SJvdeR000804: --- 250-PIPELINING

Jan 28 14:57:40 eli sm-mta[804]: 20SJvdeR000804: --- 250-EXPN

Jan 28 14:57:40 eli sm-mta[804]: 20SJvdeR000804: --- 250-VERB

Jan 28 14:57:40 eli sm-mta[804]: 20SJvdeR000804: --- 250-8BITMIME

Jan 28 14:57:40 eli sm-mta[804]: 20SJvdeR000804: --- 250-SIZE

Jan 28 14:57:40 eli sm-mta[804]: 20SJvdeR000804: --- 250-DSN

Jan 28 14:57:40 eli sm-mta[804]: 20SJvdeR000804: --- 250-ETRN

Jan 28 14:57:40 eli sm-mta[804]: 20SJvdeR000804: --- 250-AUTH LOGIN PLAIN

Jan 28 14:57:40 eli sm-mta[804]: 20SJvdeR000804: --- 250-STARTTLS

Jan 28 14:57:40 eli sm-mta[804]: 20SJvdeR000804: --- 250-DELIVERBY

Jan 28 14:57:40 eli sm-mta[804]: 20SJvdeR000804: --- 250 HELP

Jan 28 14:57:41 eli sm-mta[804]: 20SJvdeR000804: <-- RSET

Jan 28 14:57:41 eli sm-mta[804]: 20SJvdeR000804: --- 250 2.0.0 Reset state

Jan 28 14:57:41 eli sm-mta[804]: 20SJvdeS000804: <-- AUTH LOGIN

Jan 28 14:57:41 eli sm-mta[804]: 20SJvdeS000804: SMTP AUTH command (LOGIN) from [5.34.205.74] tempfailed (due to previous checks)

Jan 28 14:57:41 eli sm-mta[804]: 20SJvdeS000804: --- 454 4.3.0 Please try again later

Jan 28 14:57:43 eli sm-mta[804]: 20SJvdeS000804: <-- QUIT

Jan 28 14:57:43 eli sm-mta[804]: 20SJvdeS000804: --- 221 2.0.0 eli.elilabs.com closing connection

Jan 28 14:57:43 eli sm-mta[804]: 20SJvdeS000804: [5.34.205.74] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA

```

----------

## Moriah

OOPS!  My mistake.  The timestamp on the newest email in my username mail spool was yesterday, not today, but at about the same times as what time it is today, so it fooled me.    :Embarassed: 

Some mail has come in to other mail spools today, and I may have received some today and just deleted it before i realized I had a problem.

----------

## Moriah

So I haven't had to mess with certs for email for several years.  Where do I look, and what do I look for?

----------

## freke

 *Moriah wrote:*   

> That's a good thought.  Would that be client certs, or server certs?  It appears I am able to receive mail from others.  I just looked in /var/spool/main/ to verify that, so maybe my client certs are bad.  BUT... I tried sending from 2 different machines and 2 different users, but maybe the certs were the same.  I don't yet know.
> 
> I am busy with a client right now, but here is more detail from /var/log/messages:
> 
> ```
> ...

 

Could it be clamav causing it? (recently upgraded clamav?) - seems to complain about permissions on socket-file?

(could try to disable the clamav-milter to see if mail passes through then)

----------

## Moriah

clam has not been working properly since the beginning of January.  It has exhibited this problem at the beginning of each month recently when the log files roll over, then my clam graphing script only sees freshclam activity, but not clamav-milter or clamd.  I have always been able to manually restart them and they worked, but not this month (january 2022).  I have been wanting to look into this, but I've been too busy, and email was working until this morning, so it got back-burnered.

----------

## Moriah

Indeed, the problem seems to be with clamd and clamav-milter.

After much examining log files and googling, it seems that the problem started friday morning.

I re-emerged clamav, which updated it slightly.  After the emerge, I tried to start things up, and when I try to start clamd, I get this in /var/log/clamav/clamd.log:

```

Sun Jan 30 11:58:08 2022 -> +++ Started at Sun Jan 30 11:58:08 2022

Sun Jan 30 11:58:08 2022 -> Received 0 file descriptor(s) from systemd.

Sun Jan 30 11:58:08 2022 -> clamd daemon 0.103.4 (OS: linux-gnu, ARCH: x86_64, CPU: x86_64)

Sun Jan 30 11:58:08 2022 -> Log file size limited to 209715200 bytes.

Sun Jan 30 11:58:08 2022 -> Reading databases from /var/lib/clamav

Sun Jan 30 11:58:08 2022 -> Not loading PUA signatures.

Sun Jan 30 11:58:08 2022 -> Bytecode: Security mode set to "TrustSigned".

Sun Jan 30 11:58:24 2022 -> Loaded 8605152 signatures.

Sun Jan 30 11:58:27 2022 -> LOCAL: Unix socket file /var/run/clamav/clamd.sock

Sun Jan 30 11:58:27 2022 -> LOCAL: Setting connection queue length to 200

Sun Jan 30 11:58:27 2022 -> Limits: Global time limit set to 120000 milliseconds.

Sun Jan 30 11:58:27 2022 -> Limits: Global size limit set to 104857600 bytes.

Sun Jan 30 11:58:27 2022 -> Limits: File size limit set to 26214400 bytes.

Sun Jan 30 11:58:27 2022 -> Limits: Recursion level limit set to 17.

Sun Jan 30 11:58:27 2022 -> Limits: Files limit set to 10000.

Sun Jan 30 11:58:27 2022 -> Limits: Core-dump limit is 0.

Sun Jan 30 11:58:27 2022 -> Limits: MaxEmbeddedPE limit set to 10485760 bytes.

Sun Jan 30 11:58:27 2022 -> Limits: MaxHTMLNormalize limit set to 10485760 bytes.

Sun Jan 30 11:58:27 2022 -> Limits: MaxHTMLNoTags limit set to 2097152 bytes.

Sun Jan 30 11:58:27 2022 -> Limits: MaxScriptNormalize limit set to 5242880 bytes.

Sun Jan 30 11:58:27 2022 -> Limits: MaxZipTypeRcg limit set to 1048576 bytes.

Sun Jan 30 11:58:27 2022 -> Limits: MaxPartitions limit set to 50.

Sun Jan 30 11:58:27 2022 -> Limits: MaxIconsPE limit set to 100.

Sun Jan 30 11:58:27 2022 -> Limits: MaxRecHWP3 limit set to 16.

Sun Jan 30 11:58:27 2022 -> Limits: PCREMatchLimit limit set to 100000.

Sun Jan 30 11:58:27 2022 -> Limits: PCRERecMatchLimit limit set to 2000.

Sun Jan 30 11:58:27 2022 -> Limits: PCREMaxFileSize limit set to 26214400.

Sun Jan 30 11:58:27 2022 -> Archive support enabled.

Sun Jan 30 11:58:27 2022 -> AlertExceedsMax heuristic detection disabled.

Sun Jan 30 11:58:27 2022 -> Heuristic alerts enabled.

Sun Jan 30 11:58:27 2022 -> Portable Executable support enabled.

Sun Jan 30 11:58:27 2022 -> ELF support enabled.

Sun Jan 30 11:58:27 2022 -> Mail files support enabled.

Sun Jan 30 11:58:27 2022 -> OLE2 support enabled.

Sun Jan 30 11:58:27 2022 -> PDF support enabled.

Sun Jan 30 11:58:27 2022 -> SWF support enabled.

Sun Jan 30 11:58:27 2022 -> HTML support enabled.

Sun Jan 30 11:58:27 2022 -> XMLDOCS support enabled.

Sun Jan 30 11:58:27 2022 -> HWP3 support enabled.

Sun Jan 30 11:58:27 2022 -> Self checking every 600 seconds.

Sun Jan 30 11:58:27 2022 -> Listening daemon: PID: 15527

Sun Jan 30 11:58:27 2022 -> MaxQueue set to: 100

```

After which, when I check its status, I get:

```

eli ~ # /etc/init.d/clamd status

 * status: crashed

eli ~ # ps ax | grep clam

11721 pts/17   S+     0:00 /bin/bash ./clammer.sh

12105 pts/7    S+     0:00 tail -f /var/log/clamav/freshclam.log

12589 pts/12   S+     0:00 tail -f /var/log/clamav/clamd.log

12711 pts/6    S+     0:00 tail -f /var/log/clamav/clamd.log

14423 ?        Ssl    0:18 /usr/sbin/clamd

14944 pts/1    S+     0:00 tail -f /var/log/clamav/clamd.log

15008 pts/0    S+     0:00 grep --colour=auto clam

16986 pts/0    S      0:00 xemacs /etc/conf.d/clamd

eli ~ # kill 14423

eli ~ # ps ax | grep clam

11721 pts/17   S+     0:00 /bin/bash ./clammer.sh

12105 pts/7    S+     0:00 tail -f /var/log/clamav/freshclam.log

12589 pts/12   S+     0:00 tail -f /var/log/clamav/clamd.log

12711 pts/6    S+     0:00 tail -f /var/log/clamav/clamd.log

14944 pts/1    S+     0:00 tail -f /var/log/clamav/clamd.log

15053 pts/0    S+     0:00 grep --colour=auto clam

16986 pts/0    S      0:00 xemacs /etc/conf.d/clamd

eli ~ # 

eli ~ # 

eli ~ # /etc/init.d/clamd start

 * WARNING: clamd has already been started

eli ~ # /etc/init.d/clamd stop

 * Stopping clamd ...

 * start-stop-daemon: no matching processes found                                                [ ok ]

eli ~ # ps ax | grep clam

11721 pts/17   S+     0:00 /bin/bash ./clammer.sh

12105 pts/7    S+     0:00 tail -f /var/log/clamav/freshclam.log

12589 pts/12   S+     0:00 tail -f /var/log/clamav/clamd.log

12711 pts/6    S+     0:00 tail -f /var/log/clamav/clamd.log

14944 pts/1    S+     0:00 tail -f /var/log/clamav/clamd.log

15287 pts/0    S+     0:00 grep --colour=auto clam

16986 pts/0    S      0:00 xemacs /etc/conf.d/clamd

eli ~ # /etc/init.d/clamd zap

 * Manually resetting clamd to stopped state

eli ~ # /etc/init.d/clamd status

 * status: stopped

```

So it seems that clamd is crashing, and I have no idea why.

Here are all the /var/log/messages recent lines with "clam" in them:

```

Jan 30 11:52:14 eli sm-mta[13617]: 20UGqE1t013617: Milter (clamav): local socket name /var/run/clamav/clamav-milter.sock unsafe

Jan 30 11:52:14 eli sm-mta[13617]: 20UGqE1t013617: Milter (clamav): to error state

Jan 30 11:52:55 eli start-stop-daemon[13829]: Will stop /usr/sbin/clamav-milter

Jan 30 11:52:55 eli clamav-milter[13417]: ClamAV: mi_stop=1

Jan 30 11:53:08 eli /etc/init.d/clamd[13913]: status: crashed

Jan 30 11:53:42 eli /etc/init.d/clamd[14114]: status: crashed

Jan 30 11:53:54 eli start-stop-daemon[14194]: Will stop /usr/sbin/clamd

Jan 30 11:53:54 eli /etc/init.d/clamd[14194]: start-stop-daemon: no matching processes found

Jan 30 11:55:18 eli /etc/init.d/clamd[14684]: status: crashed

Jan 30 11:57:12 eli /etc/init.d/clamd[15198]: WARNING: clamd has already been started

Jan 30 11:57:21 eli start-stop-daemon[15258]: Will stop /usr/sbin/clamd

Jan 30 11:57:21 eli /etc/init.d/clamd[15258]: start-stop-daemon: no matching processes found

Jan 30 11:58:54 eli /etc/init.d/clamd[15766]: status: crashed

```

Can anybody help with this?  I'm dead without email!

----------

## pjp

To get mail running again, I'd try either temporarily removing clamv from the mail processing chain or reverting to earlier versions that were working. If you're logging emerge output, then you should be able to capture what was uninstalled before you observed the problem. Then you can either use a binary package (if you emerge with --buildpkg) or try recompiling those old versions.

----------

## Moriah

There was no new version installed before the problem began.  It started shortly after 7 AM EST Friday 1-28-2022.  

I had considered removing clam from the sendmail configuration, but I was hoping to have some idea what the problem was.  So far, all I can tell is something is broken with clam, and it happened all by itself.  

I just got in.  I will check back in about an hour.  

Thanks for trying to help.

----------

## Moriah

OK, I now have sendmail working again, but I had to take out the clam.

I would like to get clam working again, but I have no clue what went wrong, or how to fix it.

----------

## Moriah

So I can once again send and receive email, but without clavav, apparently spamassassin doesn't run either, so I get a bunch of spam and no virus protection.  I need to figure out how to get spamassassin and clamav workinf again, but the priority is not as urgent as just getting email working.

Thanks for the helpful suggestion.  Can anybody suggest what to do to get spam and clam working again?

----------

## freke

Isn't there a mismatch?

sendmail seems to want

```
Jan 28 14:57:39 eli sm-mta[804]: 20SJvdeR000804: Milter (clamav): local socket name /var/run/clamav/clamav-milter.sock unsafe
```

While clam is providing

```
Sun Jan 30 11:58:27 2022 -> LOCAL: Unix socket file /var/run/clamav/clamd.sock
```

(does clamav-milter.sock exist?)

Also - can't remember when this was introduced, but check /etc/init.d/clamd

```
# For now, must be manually synchronized with the PidFile variable

# in clamd.conf.

#

# https://bugzilla.clamav.net/show_bug.cgi?id=12595

#

pidfile="/run/clamav/${RC_SVCNAME}.pid"
```

Does this match what you have in your clamd.conf?

[EDIT]

It seems clamav-milter is responsible for creating the milter-socket?

I don't know how that works - am using rspamd and clamd (w/o milter support) for my Postfix-setup

http://novosial.org/clamav/clamav-milter/index.html

----------

## pjp

 *Moriah wrote:*   

> There was no new version installed before the problem began.

  Sorry, I must have assumed.

I'd try starting clamd manually (without the init.d start script) using strace. Be aware that depending on what's going on, sensitive information could be in the output (IIRC, passwords are visible, not sure what else).

strace -c <command> will list the syscalls with errors. You can then use those errors to get focused output.

You can run a test with ls. As an unprivileged user, strace -c ls /root. From that I see syscalls openat and access with errors. So a rerun referencing those syscalls to get error specific output. strace -e openat,access ls /root.

I'm not an strace expert, but it can help narrow down obvious errors (permission, missing file, ...?).

EDIT: That example / using summary may not be as helpful as I'd thought. I've usually used "-e open" which is apparently not an abbreviation for openat, and the summary doesn't list open.

----------

