malware acl condition: clamd: unable to send file body to socket (127.0.0.1)

If you see error like this in your mail logs, than chances are that your ClamAV is not able to process attachments files larger than limit set in clamav configuration. In this case, sender which sent email with larger attachment to your server, will get something like this in respond:

[10.10.10.10] #<[10.10.10.10] #5.0.0 smtp; 5.4.7 - Delivery expired (message too old) [Default] 451-'Temporary local problem - please try later' (delivery attempts: 75)> #SMTP#

In your mail log you’ll see something like this:

+++ 1e248B-000NMy-T6 has not completed +++
1969-08-15 01:40:21 1e248B-000NMy-T6 malware acl condition: clamd : unable to send file body to socket (127.0.0.1)
1969-08-25 01:40:21 1e248B-000NMy-T6 H=some.hostname.com [1.1.1.1] X=TLSv1:RC4-SHA:128 CV=no F=<prvs=449d2f142=senders@email.com> temporarily rejected after DATA

To solve this, open your clamav.conf file (/etc/clamav.conf or find your location) and change value for StreamMaxLength according to your needs. Default value is 25M.

Don’t forget to restart your ClamAV.

Migrate email to gmail with imapsync – Host2 failure: Error login

So you want to migrate your emails from your hosting to your Gmail and you can’t get it to work with imapsync? You triple checked your login credentials and are correct but transfer still doesnt work. So what is causing error bellow?

Host2 failure: Error login on [66.102.1.108] with user [mymail@mydomain.com] auth [LOGIN]: 2 NO [ALERT] Please log in via your web browser

You have to login to your Google Apps settings (Security -> Advanced security settings) and change value for Less secure apps to: Enforce access to less secure apps for all users. Than it should work.

Exim – remove messages from mail queue sorted by email address

Ok, title is a little confusing, I admit :). Let me try to explain. When you have stuffed exim mail queue and you want to remove all messages from specific domain only, sometimes email address that you want to use as key for your parsing is in second line. So, classic exim -bp | grep <searchstring> | awk {‘print $3’} | xargs exim -Mrm is not very useful in this case because it won’t return message ID. Grep with -B flag is what you need in this case. -B will show line before your “key” string also – message ID in this case. You can check how to on example below.

  • Check exim mail queue
[root@mailserver ~]# exim -bp

46h   58K 1b59PU-000J6d-1U <something@domain.com>
          info@mydomain.si

44h   11K 1b5Bj4-000MJC-GF <johndoe@iasoiasd.in>
          info@mydomain.si

44h   16K 1b5BjQ-000MNC-0M <jimi.hendrix@guitar.com>
          peter@olderdomain.org

43h  9.0K 1b5Bvp-000P1c-6s <purchase@domainname.net>
          info@mydomain.si

43h   11K 1b5BzX-000PmA-S5 <GallowayIla96@asgasfasgas.com>
          info@mydomain.si

41h   59K 1b5Dhb-000I5h-8E <bloop@auhuiejnapob.net>
          info@mydomain.si

27h   17K 1b5RNl-000OFW-Tn <sasa@bjkoapojfoaubopaw.si>
          info@mydomain.si

22h   78K 1b5W42-000Nna-Jn <johndoe@gmail.com>
          anothermail@foo.com

22h   11K 1b5W8b-000Oes-Fb <ramones@band.com>
          info@mydomain.si

22h  250K 1b5WHr-0000Om-Oa <fuckface@guilttrip.com>
          joasd@aasdfasf.si

20h   12K 1b5YEZ-000MF7-Jq <mrinsignificant@mobile.cn>
          test@anotherdomain.net

19h  9.1K 1b5YK6-000NPV-1m <fetasir@cheese.com>
          info@mydomain.si

19h   12K 1b5YXM-000Ppg-Qd <asfaeaw@asdasa.com.br>
          info@mydomain.si

19h   11K 1b5Yeq-0001JN-9a <geaafwawfaef@gesawad.vn>
          blabla@mojadomena.si
.
.
.
  • We want to delete all messages that contains string info@mydomain.si and are in second line.
[root@mailserver ~]# exim -bp | awk {'print $1,$3'} | grep -B1 mydomain | awk {'print $2'} | xargs exim -Mrm

Message 1b59PU-000J6d-1U has been removed
Message 1b5Bj4-000MJC-GF has been removed
Message 1b5Bvp-000P1c-6s has been removed
Message 1b5BzX-000PmA-S5 has been removed
Message 1b5Dhb-000I5h-8E has been removed
Message 1b5RNl-000OFW-Tn has been removed
Message 1b5W8b-000Oes-Fb has been removed
Message 1b5W42-000Nna-Jn has been removed
Message 1b5W8b-000Oes-Fb has been removed
Message 1b5YK6-000NPV-1m has been removed
Message 1b5YEZ-000MF7-Jq has been removed
Message 1b5YK6-000NPV-1m has been removed
.
.
.

Directadmin – enable and configure Spamassassin automatically when adding user

By default, when you add new user in Directadmin, Spamassassin is disabled. Some users may not know about Spamassassin, so they’ll have it disabled and will receiving a lot of spam. So it may be good practice to enable Spamassassin by default. You can do that by adding below code in your /usr/local/directadmin/scripts/custom/user_create_post.sh script. The first step is well described on Directadmin sites. But you may also want to define some parameters for Spamassassin “on the fly”. You can do that by manipulating filter.conf file.
In this example I want that on user creation:

  1. spam goes to appropriate users spam folder,
  2. I don’t want to delete high scoring spam,
  3. I want to rewrite subject of spam email with *****SPAM*****.

Just add below code in your user_create_post.sh script. And remove script comments (##).

## We enable Spamassassin, create needed files and give them appropriate permissions
if [ “$spam” = “ON” ]; then
DIR=/home/$username/.spamassassin
mkdir $DIR
touch $DIR/user_prefs
chown ${username}:mail $DIR
chmod 771 $DIR
chown $username:$username $DIR/user_prefs
chmod 755 $DIR/user_prefs
touch $DIR/spam
chown mail:$username $DIR/spam
chmod 660 $DIR/spam

## Here we define some variables for Spamassassin by adding some lines to filter.conf
echo “high_score=15” >> /etc/virtual/$domain/filter.conf
echo “high_score_block=no” >> /etc/virtual/$domain/filter.conf
echo “where=userspamfolder” >> /etc/virtual/$domain/filter.conf
echo “rewrite_header subject *****SPAM*****” >> /home/$username/.spamassassin/user_prefs

## Adding operation in task queue
echo “action=rewrite&value=filter&user=$username” >> /usr/local/directadmin/data/task.queue
fi
exit 0;

© 2017 geegkytuts.net
Hosted by Hosterdam


About author