Page 1 of 2

Plesk 9.5.4 + Centos + qmails-canner 2.08-5 - SPF problem

Posted: Mon Jul 25, 2011 1:43 pm
by gines
Hi, first sorry for my english.

The problem is with a new server with migrated domains. I receive complaints from Ossec reports about that. I suspect that some message have problems, and I don't know if are delivered. Next a few log lines to explain the problem.

Jul 25 01:18:03 colossus689 spf filter[19753]: Error code: (26) DNS lookup failure
Jul 25 01:18:03 colossus689 spf filter[19753]: Failed to query MAIL-FROM: Temporary DNS failure for 'solucionesremotas.com.ar'.
Jul 25 01:18:03 colossus689 spf filter[19753]: SPF result: tempfail
Jul 25 01:18:03 colossus689 qmail-queue-handlers[19752]: handlers_stderr: DEFER
Jul 25 01:18:03 colossus689 qmail-queue-handlers[19752]: call_handlers: DEFER during call '/usr/local/psa/handlers/info/10-spf-Hl6Rjd/executable' handler
Jul 25 01:18:03 colossus689 qmail-queue-handlers[19752]: call_handlers: stop call handlers from dir '/usr/local/psa/handlers/before-queue/global'
Jul 25 01:18:03 colossus689 X-Qmail-Scanner-2.08st: [plesk4.enpatagonia.net131156746379819742] Unable to open pipe to /var/qmail/bin/qmail-queue.orig [61] (#4.3.0) -
Jul 25 01:18:03 colossus689 X-Qmail-Scanner-2.08st: [plesk4.enpatagonia.net131156746379819742] Unable to close pipe to /var/qmail/bin/qmail-queue.orig [61] (#4.3.0) - Illegal seek

If I understand well a DNS lookup failure with a mail generate a SPF DEFER exception that result in qmail-queue problem. I don't see mail with domain generating problem at queue, so I suspect that finally message are delivered. I don't saw this behavior before.

Please, I hope somebody can comment about this.

Thanks and best regards...

Gines

Re: Plesk 9.5.4 + Centos + qmails-canner 2.08-5 - SPF proble

Posted: Mon Jul 25, 2011 2:57 pm
by mikeshinn
Jul 25 01:18:03 colossus689 X-Qmail-Scanner-2.08st: [plesk4.enpatagonia.net131156746379819742] Unable to close pipe to /var/qmail/bin/qmail-queue.orig [61] (#4.3.0) - Illegal seek
Thats a pretty serious error, it generally means mail is not being delivered. I recommend you contact Parallels about this.

Re: Plesk 9.5.4 + Centos + qmails-canner 2.08-5 - SPF proble

Posted: Mon Jul 25, 2011 6:28 pm
by gines
I think the same. But, if you see log portion posted, only happens with this weird error about DNS for SPF verification. And there is no mail at queue with domains queried when errors are triggered.

Nobody saw this before? Any idea about solution?

Regards...

Gines

Re: Plesk 9.5.4 + Centos + qmails-canner 2.08-5 - SPF proble

Posted: Mon Jul 25, 2011 6:41 pm
by mikeshinn
Jul 25 01:18:03 colossus689 spf filter[19753]: Error code: (26) DNS lookup failure
Jul 25 01:18:03 colossus689 spf filter[19753]: Failed to query MAIL-FROM: Temporary DNS failure for 'solucionesremotas.com.ar'.
Jul 25 01:18:03 colossus689 spf filter[19753]: SPF result: tempfail
Harmless, just means the domain likely has no SPF record.
Jul 25 01:18:03 colossus689 qmail-queue-handlers[19752]: handlers_stderr: DEFER
Jul 25 01:18:03 colossus689 qmail-queue-handlers[19752]: call_handlers: DEFER during call '/usr/local/psa/handlers/info/10-spf-Hl6Rjd/executable' handler
Jul 25 01:18:03 colossus689 qmail-queue-handlers[19752]: call_handlers: stop call handlers from dir '/usr/local/psa/handlers/before-queue/global'
Just means Plesk isnt going to check SPF record.
Jul 25 01:18:03 colossus689 X-Qmail-Scanner-2.08st: [plesk4.enpatagonia.net131156746379819742] Unable to open pipe to /var/qmail/bin/qmail-queue.orig [61] (#4.3.0) -
Jul 25 01:18:03 colossus689 X-Qmail-Scanner-2.08st: [plesk4.enpatagonia.net131156746379819742] Unable to close pipe to /var/qmail/bin/qmail-queue.orig [61] (#4.3.0) - Illegal seek
Thats a serious error, it means the mail was not delivered at all and qmail scanner is broken.

Re: Plesk 9.5.4 + Centos + qmails-canner 2.08-5 - SPF proble

Posted: Mon Jul 25, 2011 8:24 pm
by gines
Because the problem is with qmail-queue.orig, I checked perms and ownership in /var/qmail/bin:
-r-xr-sr-x 1 mhandlers-user popuser 6653 Jul 25 20:23 qmail-queue
-r-xr-sr-x 1 root root 6653 Jul 22 19:57 qmail-queue.backup
-r-s--x--x 1 qmailq qmail 20872 Dec 8 2010 qmail-queue.moved
-rwxr-xr-x 1 qmailq qmail 74344 Dec 8 2010 qmail-queue.orig
-rwsr-xr-x 1 root root 74344 Jul 22 19:57 qmail-queue.orig.backup
-r-x--s--x 1 mhandlers-user popuser 71984 Dec 8 2010 qmail-remote

I changed qmail-queue.orig to this:
-r-xr-sr-x 1 mhandlers-user popuser 74344 Dec 8 2010 qmail-queue.orig

But the problem persist with this kind of mails. May be this file needs other perms?

I tryed uninstalling qmail-scanner and there is no problem. This only happens with qmail-scanner when try to user qmail-queue.orig. May be I need other qmail-scanner.orig file?

Regards...

Gines

Re: Plesk 9.5.4 + Centos + qmails-canner 2.08-5 - SPF proble

Posted: Mon Jul 25, 2011 9:54 pm
by gines
In order to give more information:

I verified that qmail-queue.orig it's the original qmail-queue from psa-qmail rpm version.

I verified to that qmail-scanner-queue.pl have this configuration line:
my $qmailqueue = '/var/qmail/bin/qmail-queue.orig';

If I think well the problem it's with ownership/perms or this version of qmail-scanner have problems using the original qmail-queue of the actualized version of Plesk 9.5.4 which is:
psa-qmail-1.03-cos5.build95101209.08.x86_64.rpm

There is a patch of Plesk for qmail-smtpd but it's out of this problem.

Regards...

Gines

Re: Plesk 9.5.4 + Centos + qmails-canner 2.08-5 - SPF proble

Posted: Mon Jul 25, 2011 11:24 pm
by mikeshinn
I dont think your issue is permissions, as I recall there was a bug in PSAs qmail package. Have you contacted parallels to ask them about this error?

Re: Plesk 9.5.4 + Centos + qmails-canner 2.08-5 - SPF proble

Posted: Tue Jul 26, 2011 8:40 am
by gines
My hosting provider is Server4You. I asked them now, because when I tried to post a ticket on Parallels they stated that it's a Partner License.

Thanks in advance if somebody have a hint about this.

Regards...

Gines

Re: Plesk 9.5.4 + Centos + qmails-canner 2.08-5 - SPF proble

Posted: Tue Jul 26, 2011 9:22 am
by gines
Server4you said that they don't support soft not installed by them, because the problem it's with qmail-scanner. Weird.

Any hint will be appreciated.

Regards...

Gines

Re: Plesk 9.5.4 + Centos + qmails-canner 2.08-5 - SPF proble

Posted: Tue Jul 26, 2011 9:23 am
by gines
The problem isn't with psa qmail, because when I uninstall qmail-scanner there is no problem at all. When I re install error appears again.

Regards...

Gines

Re: Plesk 9.5.4 + Centos + qmails-canner 2.08-5 - SPF proble

Posted: Tue Jul 26, 2011 9:48 am
by scott
The illegal seek message is actually coming from the plesk handler, not qmail-scanner. Whats happening is that the handler is not reporting the error message, but does send the error code. That code is picked up and reported by qmail-scanner as an illegal seek.

Re: Plesk 9.5.4 + Centos + qmails-canner 2.08-5 - SPF proble

Posted: Tue Jul 26, 2011 10:59 am
by gines
There is a way to obtain more information about the error trying to solve the problem? It's fired by qmail-scanner anyway. As I told there is no problem without qmail-scanner.

Regards...

Gines

Re: Plesk 9.5.4 + Centos + qmails-canner 2.08-5 - SPF proble

Posted: Tue Jul 26, 2011 11:59 am
by scott
Well I suspect that one (or more) of the plesk handlers is exiting with an error code other than 0. I don't know for sure but I can speculate on the causes there, for example some applications will exit with a code other than 0 or 1 if a DNS lookup fails. If that application is something like SPF that would happen pretty frequently.

Re: Plesk 9.5.4 + Centos + qmails-canner 2.08-5 - SPF proble

Posted: Tue Jul 26, 2011 2:17 pm
by mikeshinn
Server4you said that they don't support soft not installed by them, because the problem it's with qmail-scanner. Weird.
So what do they want you to do about blocking spam and viruses? Install nothing? :-)

I'd dump them as a hosting company if I were you and find someone that is willing to help you.

Re: Plesk 9.5.4 + Centos + qmails-canner 2.08-5 - SPF proble

Posted: Tue Jul 26, 2011 5:53 pm
by gines
Scott, I agree with you. But, this SPF problem not abort the queue when qmail-scanner is not installed. May be the problem is with the form used by qmail-scanner to call qmail-queue.orig pipe. By the way, why with this configuration? I never saw this problem with others configurations.

Mike, I suppose they hope I must pay for antivirus/spam licenses installed with Plesk. :-)

Regards...

Gines