After updating ossec and asl this morning i'm getting the following Ossec messages almost every minute. Anyone have a clue on what could have caused this.
OSSEC HIDS Notification.
2010 Mar 24 09:45:06
Received From: inet3170->/var/log/psa/maillog
Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the system."
Portion of the log(s):
Mar 24 09:45:05 inet3170 spamd[30589]: auto-whitelist: open of auto-whitelist file failed: locker: safe_lock: cannot create tmp lockfile /var/qmail/mailnames///.spamassassin/auto-whitelist.lock.inetxxxx.xxxxxxxx.com.30589 for /var/qmail/mailnames///.spamassassin/auto-whitelist.lock: No such file or directory
--END OF NOTIFICATION
OSSEC HIDS Notification.
2010 Mar 24 09:45:06
Received From: inet3170->/var/log/psa/maillog
Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the system."
Portion of the log(s):
Mar 24 09:45:05 inet3170 X-Qmail-Scanner-2.08st: [inetxxxx.xxxxxxx.com126943830179031522] Unable to close pipe to /var/qmail/bin/qmail-queue.orig [61] (#4.3.0) - Illegal seek
--END OF NOTIFICATION
Spam assassin and Qmail Scanner issue after update to 2.2.5
Spam assassin and Qmail Scanner issue after update to 2.2.5
James Nascimento
Chief Information Officer
East Commerce Solutions, Inc.
22 Morris Lane
East Providence, RI 02914
Ph. 800-527-5395 x263
Fax. 888-999-5891
Chief Information Officer
East Commerce Solutions, Inc.
22 Morris Lane
East Providence, RI 02914
Ph. 800-527-5395 x263
Fax. 888-999-5891
-
- Atomicorp Staff - Site Admin
- Posts: 8355
- Joined: Wed Dec 31, 1969 8:00 pm
- Location: earth
- Contact:
Re: Spam assassin and Qmail Scanner issue after update to 2.2.5
That means that whatever user spamd is running as cant write to /var/qmail/mailnames///.spamassassin/
Re: Spam assassin and Qmail Scanner issue after update to 2.2.5
All i see is either popuser or root using spamd when running TOP command. what i don't understand is how this was not a problem before then after i updated asl and ossec this morning and now all of a sudden this is happening.
And not sure where to begin to fix it.
And not sure where to begin to fix it.
James Nascimento
Chief Information Officer
East Commerce Solutions, Inc.
22 Morris Lane
East Providence, RI 02914
Ph. 800-527-5395 x263
Fax. 888-999-5891
Chief Information Officer
East Commerce Solutions, Inc.
22 Morris Lane
East Providence, RI 02914
Ph. 800-527-5395 x263
Fax. 888-999-5891
-
- Atomicorp Staff - Site Admin
- Posts: 8355
- Joined: Wed Dec 31, 1969 8:00 pm
- Location: earth
- Contact:
Re: Spam assassin and Qmail Scanner issue after update to 2.2.5
Probably because it wasnt able to detect it before. ASL 2.2.5 & OSSEC 2.4 can detect mail events now (like smtp/pop/imap brute forcing). Previous versions couldnt parse the mail logs. This has probably been happening for a while, just wasnt being reported.
Re: Spam assassin and Qmail Scanner issue after update to 2.2.5
So good guess is to probably remove spamassassin and qmail-scanner and re-install them all or am i way off? But if i do that does'nt it remove the atomic-scanner also? not sure what order i should choose.
James Nascimento
Chief Information Officer
East Commerce Solutions, Inc.
22 Morris Lane
East Providence, RI 02914
Ph. 800-527-5395 x263
Fax. 888-999-5891
Chief Information Officer
East Commerce Solutions, Inc.
22 Morris Lane
East Providence, RI 02914
Ph. 800-527-5395 x263
Fax. 888-999-5891
-
- Long Time Forum Regular
- Posts: 2813
- Joined: Sat Aug 20, 2005 9:30 am
- Location: The Netherlands
Re: Spam assassin and Qmail Scanner issue after update to 2.2.5
That Illegal seek message is caused by a bug in Plesk's qmail. There is a patched qmail-queue here: http://forum.parallels.com/showpost.php ... stcount=51
If you're using qmail-scanner make sure you replace /var/qmail/bin/qmail-queue.orig with the patched version (and match that file's ownership and permissions) instead of /var/qmail/bin/qmail-queue.
If you're using qmail-scanner make sure you replace /var/qmail/bin/qmail-queue.orig with the patched version (and match that file's ownership and permissions) instead of /var/qmail/bin/qmail-queue.
Lemonbit Internet Dedicated Server Management