Plesk 9.5.4 + Centos + qmails-canner 2.08-5 - SPF problem
Plesk 9.5.4 + Centos + qmails-canner 2.08-5 - SPF problem
Hi, first sorry for my english.
The problem is with a new server with migrated domains. I receive complaints from Ossec reports about that. I suspect that some message have problems, and I don't know if are delivered. Next a few log lines to explain the problem.
Jul 25 01:18:03 colossus689 spf filter[19753]: Error code: (26) DNS lookup failure
Jul 25 01:18:03 colossus689 spf filter[19753]: Failed to query MAIL-FROM: Temporary DNS failure for 'solucionesremotas.com.ar'.
Jul 25 01:18:03 colossus689 spf filter[19753]: SPF result: tempfail
Jul 25 01:18:03 colossus689 qmail-queue-handlers[19752]: handlers_stderr: DEFER
Jul 25 01:18:03 colossus689 qmail-queue-handlers[19752]: call_handlers: DEFER during call '/usr/local/psa/handlers/info/10-spf-Hl6Rjd/executable' handler
Jul 25 01:18:03 colossus689 qmail-queue-handlers[19752]: call_handlers: stop call handlers from dir '/usr/local/psa/handlers/before-queue/global'
Jul 25 01:18:03 colossus689 X-Qmail-Scanner-2.08st: [plesk4.enpatagonia.net131156746379819742] Unable to open pipe to /var/qmail/bin/qmail-queue.orig [61] (#4.3.0) -
Jul 25 01:18:03 colossus689 X-Qmail-Scanner-2.08st: [plesk4.enpatagonia.net131156746379819742] Unable to close pipe to /var/qmail/bin/qmail-queue.orig [61] (#4.3.0) - Illegal seek
If I understand well a DNS lookup failure with a mail generate a SPF DEFER exception that result in qmail-queue problem. I don't see mail with domain generating problem at queue, so I suspect that finally message are delivered. I don't saw this behavior before.
Please, I hope somebody can comment about this.
Thanks and best regards...
Gines
The problem is with a new server with migrated domains. I receive complaints from Ossec reports about that. I suspect that some message have problems, and I don't know if are delivered. Next a few log lines to explain the problem.
Jul 25 01:18:03 colossus689 spf filter[19753]: Error code: (26) DNS lookup failure
Jul 25 01:18:03 colossus689 spf filter[19753]: Failed to query MAIL-FROM: Temporary DNS failure for 'solucionesremotas.com.ar'.
Jul 25 01:18:03 colossus689 spf filter[19753]: SPF result: tempfail
Jul 25 01:18:03 colossus689 qmail-queue-handlers[19752]: handlers_stderr: DEFER
Jul 25 01:18:03 colossus689 qmail-queue-handlers[19752]: call_handlers: DEFER during call '/usr/local/psa/handlers/info/10-spf-Hl6Rjd/executable' handler
Jul 25 01:18:03 colossus689 qmail-queue-handlers[19752]: call_handlers: stop call handlers from dir '/usr/local/psa/handlers/before-queue/global'
Jul 25 01:18:03 colossus689 X-Qmail-Scanner-2.08st: [plesk4.enpatagonia.net131156746379819742] Unable to open pipe to /var/qmail/bin/qmail-queue.orig [61] (#4.3.0) -
Jul 25 01:18:03 colossus689 X-Qmail-Scanner-2.08st: [plesk4.enpatagonia.net131156746379819742] Unable to close pipe to /var/qmail/bin/qmail-queue.orig [61] (#4.3.0) - Illegal seek
If I understand well a DNS lookup failure with a mail generate a SPF DEFER exception that result in qmail-queue problem. I don't see mail with domain generating problem at queue, so I suspect that finally message are delivered. I don't saw this behavior before.
Please, I hope somebody can comment about this.
Thanks and best regards...
Gines
- mikeshinn
- Atomicorp Staff - Site Admin
- Posts: 4149
- Joined: Thu Feb 07, 2008 7:49 pm
- Location: Chantilly, VA
Re: Plesk 9.5.4 + Centos + qmails-canner 2.08-5 - SPF proble
Thats a pretty serious error, it generally means mail is not being delivered. I recommend you contact Parallels about this.Jul 25 01:18:03 colossus689 X-Qmail-Scanner-2.08st: [plesk4.enpatagonia.net131156746379819742] Unable to close pipe to /var/qmail/bin/qmail-queue.orig [61] (#4.3.0) - Illegal seek
Michael Shinn
Atomicorp - Security For Everyone
Atomicorp - Security For Everyone
Re: Plesk 9.5.4 + Centos + qmails-canner 2.08-5 - SPF proble
I think the same. But, if you see log portion posted, only happens with this weird error about DNS for SPF verification. And there is no mail at queue with domains queried when errors are triggered.
Nobody saw this before? Any idea about solution?
Regards...
Gines
Nobody saw this before? Any idea about solution?
Regards...
Gines
- mikeshinn
- Atomicorp Staff - Site Admin
- Posts: 4149
- Joined: Thu Feb 07, 2008 7:49 pm
- Location: Chantilly, VA
Re: Plesk 9.5.4 + Centos + qmails-canner 2.08-5 - SPF proble
Harmless, just means the domain likely has no SPF record.Jul 25 01:18:03 colossus689 spf filter[19753]: Error code: (26) DNS lookup failure
Jul 25 01:18:03 colossus689 spf filter[19753]: Failed to query MAIL-FROM: Temporary DNS failure for 'solucionesremotas.com.ar'.
Jul 25 01:18:03 colossus689 spf filter[19753]: SPF result: tempfail
Just means Plesk isnt going to check SPF record.Jul 25 01:18:03 colossus689 qmail-queue-handlers[19752]: handlers_stderr: DEFER
Jul 25 01:18:03 colossus689 qmail-queue-handlers[19752]: call_handlers: DEFER during call '/usr/local/psa/handlers/info/10-spf-Hl6Rjd/executable' handler
Jul 25 01:18:03 colossus689 qmail-queue-handlers[19752]: call_handlers: stop call handlers from dir '/usr/local/psa/handlers/before-queue/global'
Thats a serious error, it means the mail was not delivered at all and qmail scanner is broken.Jul 25 01:18:03 colossus689 X-Qmail-Scanner-2.08st: [plesk4.enpatagonia.net131156746379819742] Unable to open pipe to /var/qmail/bin/qmail-queue.orig [61] (#4.3.0) -
Jul 25 01:18:03 colossus689 X-Qmail-Scanner-2.08st: [plesk4.enpatagonia.net131156746379819742] Unable to close pipe to /var/qmail/bin/qmail-queue.orig [61] (#4.3.0) - Illegal seek
Michael Shinn
Atomicorp - Security For Everyone
Atomicorp - Security For Everyone
Re: Plesk 9.5.4 + Centos + qmails-canner 2.08-5 - SPF proble
Because the problem is with qmail-queue.orig, I checked perms and ownership in /var/qmail/bin:
-r-xr-sr-x 1 mhandlers-user popuser 6653 Jul 25 20:23 qmail-queue
-r-xr-sr-x 1 root root 6653 Jul 22 19:57 qmail-queue.backup
-r-s--x--x 1 qmailq qmail 20872 Dec 8 2010 qmail-queue.moved
-rwxr-xr-x 1 qmailq qmail 74344 Dec 8 2010 qmail-queue.orig
-rwsr-xr-x 1 root root 74344 Jul 22 19:57 qmail-queue.orig.backup
-r-x--s--x 1 mhandlers-user popuser 71984 Dec 8 2010 qmail-remote
I changed qmail-queue.orig to this:
-r-xr-sr-x 1 mhandlers-user popuser 74344 Dec 8 2010 qmail-queue.orig
But the problem persist with this kind of mails. May be this file needs other perms?
I tryed uninstalling qmail-scanner and there is no problem. This only happens with qmail-scanner when try to user qmail-queue.orig. May be I need other qmail-scanner.orig file?
Regards...
Gines
-r-xr-sr-x 1 mhandlers-user popuser 6653 Jul 25 20:23 qmail-queue
-r-xr-sr-x 1 root root 6653 Jul 22 19:57 qmail-queue.backup
-r-s--x--x 1 qmailq qmail 20872 Dec 8 2010 qmail-queue.moved
-rwxr-xr-x 1 qmailq qmail 74344 Dec 8 2010 qmail-queue.orig
-rwsr-xr-x 1 root root 74344 Jul 22 19:57 qmail-queue.orig.backup
-r-x--s--x 1 mhandlers-user popuser 71984 Dec 8 2010 qmail-remote
I changed qmail-queue.orig to this:
-r-xr-sr-x 1 mhandlers-user popuser 74344 Dec 8 2010 qmail-queue.orig
But the problem persist with this kind of mails. May be this file needs other perms?
I tryed uninstalling qmail-scanner and there is no problem. This only happens with qmail-scanner when try to user qmail-queue.orig. May be I need other qmail-scanner.orig file?
Regards...
Gines
Re: Plesk 9.5.4 + Centos + qmails-canner 2.08-5 - SPF proble
In order to give more information:
I verified that qmail-queue.orig it's the original qmail-queue from psa-qmail rpm version.
I verified to that qmail-scanner-queue.pl have this configuration line:
my $qmailqueue = '/var/qmail/bin/qmail-queue.orig';
If I think well the problem it's with ownership/perms or this version of qmail-scanner have problems using the original qmail-queue of the actualized version of Plesk 9.5.4 which is:
psa-qmail-1.03-cos5.build95101209.08.x86_64.rpm
There is a patch of Plesk for qmail-smtpd but it's out of this problem.
Regards...
Gines
I verified that qmail-queue.orig it's the original qmail-queue from psa-qmail rpm version.
I verified to that qmail-scanner-queue.pl have this configuration line:
my $qmailqueue = '/var/qmail/bin/qmail-queue.orig';
If I think well the problem it's with ownership/perms or this version of qmail-scanner have problems using the original qmail-queue of the actualized version of Plesk 9.5.4 which is:
psa-qmail-1.03-cos5.build95101209.08.x86_64.rpm
There is a patch of Plesk for qmail-smtpd but it's out of this problem.
Regards...
Gines
- mikeshinn
- Atomicorp Staff - Site Admin
- Posts: 4149
- Joined: Thu Feb 07, 2008 7:49 pm
- Location: Chantilly, VA
Re: Plesk 9.5.4 + Centos + qmails-canner 2.08-5 - SPF proble
I dont think your issue is permissions, as I recall there was a bug in PSAs qmail package. Have you contacted parallels to ask them about this error?
Michael Shinn
Atomicorp - Security For Everyone
Atomicorp - Security For Everyone
Re: Plesk 9.5.4 + Centos + qmails-canner 2.08-5 - SPF proble
My hosting provider is Server4You. I asked them now, because when I tried to post a ticket on Parallels they stated that it's a Partner License.
Thanks in advance if somebody have a hint about this.
Regards...
Gines
Thanks in advance if somebody have a hint about this.
Regards...
Gines
Re: Plesk 9.5.4 + Centos + qmails-canner 2.08-5 - SPF proble
Server4you said that they don't support soft not installed by them, because the problem it's with qmail-scanner. Weird.
Any hint will be appreciated.
Regards...
Gines
Any hint will be appreciated.
Regards...
Gines
Re: Plesk 9.5.4 + Centos + qmails-canner 2.08-5 - SPF proble
The problem isn't with psa qmail, because when I uninstall qmail-scanner there is no problem at all. When I re install error appears again.
Regards...
Gines
Regards...
Gines
-
- Atomicorp Staff - Site Admin
- Posts: 8355
- Joined: Wed Dec 31, 1969 8:00 pm
- Location: earth
- Contact:
Re: Plesk 9.5.4 + Centos + qmails-canner 2.08-5 - SPF proble
The illegal seek message is actually coming from the plesk handler, not qmail-scanner. Whats happening is that the handler is not reporting the error message, but does send the error code. That code is picked up and reported by qmail-scanner as an illegal seek.
Re: Plesk 9.5.4 + Centos + qmails-canner 2.08-5 - SPF proble
There is a way to obtain more information about the error trying to solve the problem? It's fired by qmail-scanner anyway. As I told there is no problem without qmail-scanner.
Regards...
Gines
Regards...
Gines
-
- Atomicorp Staff - Site Admin
- Posts: 8355
- Joined: Wed Dec 31, 1969 8:00 pm
- Location: earth
- Contact:
Re: Plesk 9.5.4 + Centos + qmails-canner 2.08-5 - SPF proble
Well I suspect that one (or more) of the plesk handlers is exiting with an error code other than 0. I don't know for sure but I can speculate on the causes there, for example some applications will exit with a code other than 0 or 1 if a DNS lookup fails. If that application is something like SPF that would happen pretty frequently.
- mikeshinn
- Atomicorp Staff - Site Admin
- Posts: 4149
- Joined: Thu Feb 07, 2008 7:49 pm
- Location: Chantilly, VA
Re: Plesk 9.5.4 + Centos + qmails-canner 2.08-5 - SPF proble
So what do they want you to do about blocking spam and viruses? Install nothing?Server4you said that they don't support soft not installed by them, because the problem it's with qmail-scanner. Weird.
I'd dump them as a hosting company if I were you and find someone that is willing to help you.
Michael Shinn
Atomicorp - Security For Everyone
Atomicorp - Security For Everyone
Re: Plesk 9.5.4 + Centos + qmails-canner 2.08-5 - SPF proble
Scott, I agree with you. But, this SPF problem not abort the queue when qmail-scanner is not installed. May be the problem is with the form used by qmail-scanner to call qmail-queue.orig pipe. By the way, why with this configuration? I never saw this problem with others configurations.
Mike, I suppose they hope I must pay for antivirus/spam licenses installed with Plesk.
Regards...
Gines
Mike, I suppose they hope I must pay for antivirus/spam licenses installed with Plesk.
Regards...
Gines