Thank you to everyone who wrote with suggestions.
The underlying cause of 'qq soft reject' in my case was that the clamav
service had crashed and not restarted. I was able to relaunch it with:
start clamav-daemon
and everything started working again.
Here's a summary of what I've learned:
1. If you get 'qq soft reject', the very first thing you should do is:
toaststat
There's a reasonable chance that the failure is caused by one of the
services being down, and if so, it will show up here.
2. If that doesn't point to an obvious culprit, edit
'/etc/tcprules.d/tcp.smtp' to include the option SIMSCAN_DEBUG="5".
Then do:
qmailctl cdb
You can verify that the .cdb file has been rebuilt by checking the file
dates with:
ls -l /etc/tcprules.d/tcp.smtp*
The file 'tcp.smtp.cdb' should be newer than 'tcp.stmp'.
After editing and rebuilding, do:
tail -f /var/log/qmail/smtp/current | tai64nlocal
and attempt to deliver a message. The debug output will probably
identify the cause of the error.
Angus
Eric Broch wrote on 7/20/20 3:47 PM:
Angus,
You must rebuild the tcp.smtp rules file to tcp.smtp.cdb, did you that?
I would set SIMSCAN_DEBUG="5"
Eric
On 7/20/2020 1:36 PM, Angus McIntyre wrote:
Thank you Finn and Remo
I tried doubling the softlimit, and using Remo's configuration, but
the problem remains.
I'm not seeing any additional output in /var/qmail/log/smtp/current.
Is that the logfile where the simscan debug output should go, or
should I look for it somewhere else?
I assume that it's something that simscan launches. Here's the
'smtp/current' log:
@400000005f15ef8c19226514 tcpserver: pid 17174 from 11.22.33.44
@400000005f15ef8c192270cc tcpserver: ok 17174 s6:198.74.60.61:25
:11.22.33.44::38580
@400000005f15ef932c056ab4 CHKUSER accepted sender: from
<u...@example.com::> remote
<mail-qt1-f169.google.com:unknown:11.22.33.44> rcpt <> : sender accepted
@400000005f15ef932c22d5f4 CHKUSER accepted any rcpt: from
<u...@example.com::> remote
<mail-qt1-f169.google.com:unknown:11.22.33.44> rcpt
<u...@otherhost.net> : accepted any recipient for this domain
@400000005f15ef932c22e1ac policy_check: remote u...@example.com ->
local u...@otherhost.net (UNAUTHENTICATED SENDER)
@400000005f15ef932c22e594 policy_check: policy allows transmission
@400000005f15ef932e9f3034 qmail-smtpd: qq soft reject (mail server
temporarily rejected message (#4.3.0)): MAILFROM:<u...@example.com>
RCPTTO:u...@otherhost.net
@400000005f15ef932f9c8b94 tcpserver: end 17174 status 0
@400000005f15ef932f9c9364 tcpserver: status: 0/100
But I can't find any logs anywhere that will tell me _what_ is failing.
Thanks again for all your help. Any further suggestions would be very
welcome.
Angus
Remo Mattei wrote on 7/20/20 2:55 PM:
here is what mine looks like
:allow,SIMSCAN_DEBUG="2",CHKUSER_EXTRA_MUSTAUTH_VARIABLE,BADMIMETYPE="",BADLOADERTYPE="M",CHKUSER_RCPTLIMIT="150",CHKUSER_WRONGRCPTLIMIT="10",NOP0FCHECK="1",QMAILQUEUE="/var/qmail/bin/simscan",DKQUEUE="/var/qmail/bin/qmail-queue.orig",DKVERIFY="DEGIJKfh",DKSIGN="/var/qmail/control/domainkeys/%/private”
you probably want to have that out of the 127.
Remo
On Jul 20, 2020, at 11:52 AM, qm...@mailonly.dk wrote:
Hi Angus.
Have You tried to increase the softlimit in the run file ? (to get
rid of the issue ;-))
Cheers,
Finn
Den 20-07-2020 kl. 20:01 skrev Angus McIntyre:
My qmailtoaster running on CentOS 7 was behaving fine, but now
seems to soft reject everything, and I'm having a hard time
working out why.
It doesn't seem to be a ClamAV issue: I set 'clam=no' in
'/var/qmail/control/simcontrol' and restarted qmail, but I still
get the rejections.
I added 'SIMSCAN_DEBUG="5"' to the list of env vars in
'/etc/tcprules.d/tcp.smtp', but that doesn't seem to generate any
actionable debugging output anywhere that I can see.
Does anyone have any suggestions for debugging this issue? I know
there's been some talk of bad signatures for ClamAV recently, but
I _thought_ I'd eliminated that as a possibility by turning off
clam in simcontrol. If that's not the case, how would I identify
(and suppress) a bad signature?
Thanks,
Angus
---------------------------------------------------------------------
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail:
qmailtoaster-list-h...@qmailtoaster.com
---------------------------------------------------------------------
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail:
qmailtoaster-list-h...@qmailtoaster.com
---------------------------------------------------------------------
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
---------------------------------------------------------------------
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
---------------------------------------------------------------------
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
--
https://raingod.com/
---------------------------------------------------------------------
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
