Plesk 9.5.4 + Centos + qmails-canner 2.08-5 - SPF problem

Forum for getting help with Project Gamera, Spamassassin, Clamav, qmail-scanner and other anti-spam tools.
gines
Forum User
Forum User
Posts: 13
Joined: Mon Aug 30, 2010 1:27 pm

Plesk 9.5.4 + Centos + qmails-canner 2.08-5 - SPF problem

Unread post by gines »

Hi, first sorry for my english.

The problem is with a new server with migrated domains. I receive complaints from Ossec reports about that. I suspect that some message have problems, and I don't know if are delivered. Next a few log lines to explain the problem.

Jul 25 01:18:03 colossus689 spf filter[19753]: Error code: (26) DNS lookup failure
Jul 25 01:18:03 colossus689 spf filter[19753]: Failed to query MAIL-FROM: Temporary DNS failure for 'solucionesremotas.com.ar'.
Jul 25 01:18:03 colossus689 spf filter[19753]: SPF result: tempfail
Jul 25 01:18:03 colossus689 qmail-queue-handlers[19752]: handlers_stderr: DEFER
Jul 25 01:18:03 colossus689 qmail-queue-handlers[19752]: call_handlers: DEFER during call '/usr/local/psa/handlers/info/10-spf-Hl6Rjd/executable' handler
Jul 25 01:18:03 colossus689 qmail-queue-handlers[19752]: call_handlers: stop call handlers from dir '/usr/local/psa/handlers/before-queue/global'
Jul 25 01:18:03 colossus689 X-Qmail-Scanner-2.08st: [plesk4.enpatagonia.net131156746379819742] Unable to open pipe to /var/qmail/bin/qmail-queue.orig [61] (#4.3.0) -
Jul 25 01:18:03 colossus689 X-Qmail-Scanner-2.08st: [plesk4.enpatagonia.net131156746379819742] Unable to close pipe to /var/qmail/bin/qmail-queue.orig [61] (#4.3.0) - Illegal seek

If I understand well a DNS lookup failure with a mail generate a SPF DEFER exception that result in qmail-queue problem. I don't see mail with domain generating problem at queue, so I suspect that finally message are delivered. I don't saw this behavior before.

Please, I hope somebody can comment about this.

Thanks and best regards...

Gines
User avatar
mikeshinn
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
Posts: 4149
Joined: Thu Feb 07, 2008 7:49 pm
Location: Chantilly, VA

Re: Plesk 9.5.4 + Centos + qmails-canner 2.08-5 - SPF proble

Unread post by mikeshinn »

Jul 25 01:18:03 colossus689 X-Qmail-Scanner-2.08st: [plesk4.enpatagonia.net131156746379819742] Unable to close pipe to /var/qmail/bin/qmail-queue.orig [61] (#4.3.0) - Illegal seek
Thats a pretty serious error, it generally means mail is not being delivered. I recommend you contact Parallels about this.
gines
Forum User
Forum User
Posts: 13
Joined: Mon Aug 30, 2010 1:27 pm

Re: Plesk 9.5.4 + Centos + qmails-canner 2.08-5 - SPF proble

Unread post by gines »

I think the same. But, if you see log portion posted, only happens with this weird error about DNS for SPF verification. And there is no mail at queue with domains queried when errors are triggered.

Nobody saw this before? Any idea about solution?

Regards...

Gines
User avatar
mikeshinn
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
Posts: 4149
Joined: Thu Feb 07, 2008 7:49 pm
Location: Chantilly, VA

Re: Plesk 9.5.4 + Centos + qmails-canner 2.08-5 - SPF proble

Unread post by mikeshinn »

Jul 25 01:18:03 colossus689 spf filter[19753]: Error code: (26) DNS lookup failure
Jul 25 01:18:03 colossus689 spf filter[19753]: Failed to query MAIL-FROM: Temporary DNS failure for 'solucionesremotas.com.ar'.
Jul 25 01:18:03 colossus689 spf filter[19753]: SPF result: tempfail
Harmless, just means the domain likely has no SPF record.
Jul 25 01:18:03 colossus689 qmail-queue-handlers[19752]: handlers_stderr: DEFER
Jul 25 01:18:03 colossus689 qmail-queue-handlers[19752]: call_handlers: DEFER during call '/usr/local/psa/handlers/info/10-spf-Hl6Rjd/executable' handler
Jul 25 01:18:03 colossus689 qmail-queue-handlers[19752]: call_handlers: stop call handlers from dir '/usr/local/psa/handlers/before-queue/global'
Just means Plesk isnt going to check SPF record.
Jul 25 01:18:03 colossus689 X-Qmail-Scanner-2.08st: [plesk4.enpatagonia.net131156746379819742] Unable to open pipe to /var/qmail/bin/qmail-queue.orig [61] (#4.3.0) -
Jul 25 01:18:03 colossus689 X-Qmail-Scanner-2.08st: [plesk4.enpatagonia.net131156746379819742] Unable to close pipe to /var/qmail/bin/qmail-queue.orig [61] (#4.3.0) - Illegal seek
Thats a serious error, it means the mail was not delivered at all and qmail scanner is broken.
gines
Forum User
Forum User
Posts: 13
Joined: Mon Aug 30, 2010 1:27 pm

Re: Plesk 9.5.4 + Centos + qmails-canner 2.08-5 - SPF proble

Unread post by gines »

Because the problem is with qmail-queue.orig, I checked perms and ownership in /var/qmail/bin:
-r-xr-sr-x 1 mhandlers-user popuser 6653 Jul 25 20:23 qmail-queue
-r-xr-sr-x 1 root root 6653 Jul 22 19:57 qmail-queue.backup
-r-s--x--x 1 qmailq qmail 20872 Dec 8 2010 qmail-queue.moved
-rwxr-xr-x 1 qmailq qmail 74344 Dec 8 2010 qmail-queue.orig
-rwsr-xr-x 1 root root 74344 Jul 22 19:57 qmail-queue.orig.backup
-r-x--s--x 1 mhandlers-user popuser 71984 Dec 8 2010 qmail-remote

I changed qmail-queue.orig to this:
-r-xr-sr-x 1 mhandlers-user popuser 74344 Dec 8 2010 qmail-queue.orig

But the problem persist with this kind of mails. May be this file needs other perms?

I tryed uninstalling qmail-scanner and there is no problem. This only happens with qmail-scanner when try to user qmail-queue.orig. May be I need other qmail-scanner.orig file?

Regards...

Gines
gines
Forum User
Forum User
Posts: 13
Joined: Mon Aug 30, 2010 1:27 pm

Re: Plesk 9.5.4 + Centos + qmails-canner 2.08-5 - SPF proble

Unread post by gines »

In order to give more information:

I verified that qmail-queue.orig it's the original qmail-queue from psa-qmail rpm version.

I verified to that qmail-scanner-queue.pl have this configuration line:
my $qmailqueue = '/var/qmail/bin/qmail-queue.orig';

If I think well the problem it's with ownership/perms or this version of qmail-scanner have problems using the original qmail-queue of the actualized version of Plesk 9.5.4 which is:
psa-qmail-1.03-cos5.build95101209.08.x86_64.rpm

There is a patch of Plesk for qmail-smtpd but it's out of this problem.

Regards...

Gines
User avatar
mikeshinn
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
Posts: 4149
Joined: Thu Feb 07, 2008 7:49 pm
Location: Chantilly, VA

Re: Plesk 9.5.4 + Centos + qmails-canner 2.08-5 - SPF proble

Unread post by mikeshinn »

I dont think your issue is permissions, as I recall there was a bug in PSAs qmail package. Have you contacted parallels to ask them about this error?
gines
Forum User
Forum User
Posts: 13
Joined: Mon Aug 30, 2010 1:27 pm

Re: Plesk 9.5.4 + Centos + qmails-canner 2.08-5 - SPF proble

Unread post by gines »

My hosting provider is Server4You. I asked them now, because when I tried to post a ticket on Parallels they stated that it's a Partner License.

Thanks in advance if somebody have a hint about this.

Regards...

Gines
gines
Forum User
Forum User
Posts: 13
Joined: Mon Aug 30, 2010 1:27 pm

Re: Plesk 9.5.4 + Centos + qmails-canner 2.08-5 - SPF proble

Unread post by gines »

Server4you said that they don't support soft not installed by them, because the problem it's with qmail-scanner. Weird.

Any hint will be appreciated.

Regards...

Gines
gines
Forum User
Forum User
Posts: 13
Joined: Mon Aug 30, 2010 1:27 pm

Re: Plesk 9.5.4 + Centos + qmails-canner 2.08-5 - SPF proble

Unread post by gines »

The problem isn't with psa qmail, because when I uninstall qmail-scanner there is no problem at all. When I re install error appears again.

Regards...

Gines
scott
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
Posts: 8355
Joined: Wed Dec 31, 1969 8:00 pm
Location: earth
Contact:

Re: Plesk 9.5.4 + Centos + qmails-canner 2.08-5 - SPF proble

Unread post by scott »

The illegal seek message is actually coming from the plesk handler, not qmail-scanner. Whats happening is that the handler is not reporting the error message, but does send the error code. That code is picked up and reported by qmail-scanner as an illegal seek.
gines
Forum User
Forum User
Posts: 13
Joined: Mon Aug 30, 2010 1:27 pm

Re: Plesk 9.5.4 + Centos + qmails-canner 2.08-5 - SPF proble

Unread post by gines »

There is a way to obtain more information about the error trying to solve the problem? It's fired by qmail-scanner anyway. As I told there is no problem without qmail-scanner.

Regards...

Gines
scott
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
Posts: 8355
Joined: Wed Dec 31, 1969 8:00 pm
Location: earth
Contact:

Re: Plesk 9.5.4 + Centos + qmails-canner 2.08-5 - SPF proble

Unread post by scott »

Well I suspect that one (or more) of the plesk handlers is exiting with an error code other than 0. I don't know for sure but I can speculate on the causes there, for example some applications will exit with a code other than 0 or 1 if a DNS lookup fails. If that application is something like SPF that would happen pretty frequently.
User avatar
mikeshinn
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
Posts: 4149
Joined: Thu Feb 07, 2008 7:49 pm
Location: Chantilly, VA

Re: Plesk 9.5.4 + Centos + qmails-canner 2.08-5 - SPF proble

Unread post by mikeshinn »

Server4you said that they don't support soft not installed by them, because the problem it's with qmail-scanner. Weird.
So what do they want you to do about blocking spam and viruses? Install nothing? :-)

I'd dump them as a hosting company if I were you and find someone that is willing to help you.
gines
Forum User
Forum User
Posts: 13
Joined: Mon Aug 30, 2010 1:27 pm

Re: Plesk 9.5.4 + Centos + qmails-canner 2.08-5 - SPF proble

Unread post by gines »

Scott, I agree with you. But, this SPF problem not abort the queue when qmail-scanner is not installed. May be the problem is with the form used by qmail-scanner to call qmail-queue.orig pipe. By the way, why with this configuration? I never saw this problem with others configurations.

Mike, I suppose they hope I must pay for antivirus/spam licenses installed with Plesk. :-)

Regards...

Gines
Post Reply