Centos

Centos 郵件伺服器上的 CLMAV:無法連接到 UNIX 套接字 clamd.sock

  • October 30, 2013

在我的 Centos 6.4 伺服器中,我使用帶有 Amavis/ClamAV 過濾器的 Postfix 和 Dovecot。最近我一直在嘗試解決我的垃圾郵件問題(只發生在 Gmail 和 Hotmail 中)所以我一直在跟踪日誌。

雖然我可以發送和接收電子郵件,但我已經意識到 Clamav 會導致 /var/log/maillog 中的錯誤,所以我認為如果我能解決這個錯誤,也許它可以幫助我解決垃圾郵件問題。

這是主要錯誤,我認為其餘的過程都很好。

(!)connect to /var/run/clamav/clamd.sock failed, attempt #1: Can't connect to UNIX socket /var/run/clamav/clamd.sock: No such file or directory

測試資訊:

XX.XX.XX.XX: Sender Client IP (This time Thunderbird)
YY.YY.YY.YY: My mail server IP
user@mydomain.com: Sender address
target@thatdomain.com: Receiver address (This time Gmail)

當我從伺服器中的郵件帳戶發送電子郵件時,/var/log/maillog 的外觀如下:

postfix[3422]: warning: XX.XX.XX.XX: hostname XX.XX.XX.XX.static.ttnet.com.tr verification failed: Name or service not known
postfix[3422]: connect from unknown[XX.XX.XX.XX]
postfix[3422]: setting up TLS connection from unknown[XX.XX.XX.XX]
postfix[3422]: Anonymous TLS connection established from unknown[XX.XX.XX.XX]: TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)
postfix[3422]: D894AC1E61: client=unknown[XX.XX.XX.XX], sasl_method=PLAIN, sasl_username=user@mydomain.com
postfix/cleanup[3429]: D894AC1E61: message-id=<5270DDBB.8020506@mydomain.com>
postfix/qmgr[1310]: D894AC1E61: from=<user@mydomain.com>, size=862, nrcpt=1 (queue active)
amavis[3326]: (03326-01) ESMTP::10024 /var/amavis/tmp/amavis-20131030T102202-03326-IY7b8Pdi: <user@mydomain.com> -> <target@thatdomain.com> SIZE=862 Received: from host.mydomain.com ([127.0.0.1]) by localhost (mydomain.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP for <target@thatdomain.com>; Wed, 30 Oct 2013 10:22:02 +0000 (UTC)
amavis[3326]: (03326-01) Checking: MemHkAhbAuqt [XX.XX.XX.XX] <user@mydomain.com> -> <target@thatdomain.com>
amavis[3326]: (03326-01) Open relay? Nonlocal recips but not originating: target@thatdomain.com
amavis[3326]: (03326-01) (!)connect to /var/run/clamav/clamd.sock failed, attempt #1: Can't connect to UNIX socket /var/run/clamav/clamd.sock: 2
amavis[3326]: (03326-01) ClamAV-clamd: All attempts (1) failed connecting to /var/run/clamav/clamd.sock, retrying (1)
postfix[3422]: disconnect from unknown[XX.XX.XX.XX]
amavis[3326]: (03326-01) (!)connect to /var/run/clamav/clamd.sock failed, attempt #1: Can't connect to UNIX socket /var/run/clamav/clamd.sock: No such file or directory
amavis[3326]: (03326-01) (!)ClamAV-clamd: All attempts (1) failed connecting to /var/run/clamav/clamd.sock, retrying (2)
amavis[3326]: (03326-01) (!)connect to /var/run/clamav/clamd.sock failed, attempt #1: Can't connect to UNIX socket /var/run/clamav/clamd.sock: No such file or directory
amavis[3326]: (03326-01) (!)ClamAV-clamd av-scanner FAILED: run_av error: Too many retries to talk to /var/run/clamav/clamd.sock (All attempts (1) failed connecting to /var/run/clamav/clamd.sock) at (eval 113) line 600.\n
amavis[3326]: (03326-01) (!)WARN: all primary virus scanners failed, considering backups
postfix[3433]: connect from unknown[127.0.0.1]
postfix[3433]: E52C1C1E71: client=unknown[127.0.0.1]
postfix/cleanup[3429]: E52C1C1E71: message-id=<5270DDBB.8020506@mydomain.com>
postfix/qmgr[1310]: E52C1C1E71: from=<user@mydomain.com>, size=1279, nrcpt=1 (queue active)
amavis[3326]: (03326-01) FWD from <user@mydomain.com> -> <target@thatdomain.com>,BODY=7BIT 250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as E52C1C1E71
amavis[3326]: (03326-01) Passed CLEAN {RelayedOpenRelay}, [XX.XX.XX.XX]:33926 [XX.XX.XX.XX] <user@mydomain.com> -> <target@thatdomain.com>, Message-ID: <5270DDBB.8020506@mydomain.com>, mail_id: MemHkAhbAuqt, Hits: 0.106, size: 862, queued_as: E52C1C1E71, 14736 ms
postfix/smtp[3430]: D894AC1E61: to=<target@thatdomain.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=15, delays=0.53/0.01/0.01/15, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as E52C1C1E71)
postfix/qmgr[1310]: D894AC1E61: removed
amavis[3326]: (03326-01) extra modules loaded: unicore/lib/gc_sc/Digit.pl, unicore/lib/gc_sc/SpacePer.pl
postfix/smtp[3436]: E52C1C1E71: to=<target@thatdomain.com>, relay=gmail-smtp-in.l.google.com[74.125.142.27]:25, delay=1.2, delays=0.01/0.02/0.68/0.5, dsn=2.0.0, status=sent (250 2.0.0 OK 1383128540 x12si3704513igx.15 - gsmtp)
postfix/qmgr[1310]: E52C1C1E71: removed
dovecot: imap-login: Login: user=<user@mydomain.com>, method=PLAIN, rip=::1, lip=::1, mpid=3439, secured
dovecot: imap(user@mydomain.com): Disconnected: Logged out bytes=90/777

以下是 Gmail 中收到的郵件的原始碼:

Delivered-To: target@thatdomain.com
Received: by 10.68.54.102 with SMTP id i6csp217498pbp;
       Wed, 30 Oct 2013 03:22:20 -0700 (PDT)
X-Received: by 10.50.6.99 with SMTP id z3mr1702938igz.27.1383128540254;
       Wed, 30 Oct 2013 03:22:20 -0700 (PDT)
Return-Path: <user@mydomain.com>
Received: from host.mydomain.com (mydomain.com. [YY.YY.YY.YY])
       by mx.google.com with ESMTPS id x12si3704513igx.15.2013.10.30.03.22.19
       for <target@thatdomain.com>
       (version=TLSv1 cipher=RC4-SHA bits=128/128);
       Wed, 30 Oct 2013 03:22:20 -0700 (PDT)
Received-SPF: pass (google.com: domain of user@mydomain.com designates YY.YY.YY.YY as permitted sender) client-ip=YY.YY.YY.YY;
Authentication-Results: mx.google.com;
      spf=pass (google.com: domain of user@mydomain.com designates YY.YY.YY.YY as permitted sender) smtp.mail=user@mydomain.com
Received: from localhost (unknown [127.0.0.1])
   by host.mydomain.com (Postfix) with ESMTP id E52C1C1E71
   for <target@thatdomain.com>; Wed, 30 Oct 2013 10:22:16 +0000 (UTC)
X-Virus-Scanned: amavisd-new at mydomain.com
Received: from host.mydomain.com ([127.0.0.1])
   by localhost (mydomain.com [127.0.0.1]) (amavisd-new, port 10024)
   with ESMTP id MemHkAhbAuqt for <target@thatdomain.com>;
   Wed, 30 Oct 2013 10:22:02 +0000 (UTC)
Received: from [192.168.2.15] (unknown [XX.XX.XX.XX])
   (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits))
   (No client certificate requested)
   by host.mydomain.com (Postfix) with ESMTPSA id D894AC1E61
   for <target@thatdomain.com>; Wed, 30 Oct 2013 10:22:01 +0000 (UTC)
Message-ID: <5270DDBB.8020506@mydomain.com>
Date: Wed, 30 Oct 2013 12:21:47 +0200
From: mydomain Development Base <user@mydomain.com>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.0
MIME-Version: 1.0
To: target@thatdomain.com
Subject: That's the mail
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit

<html>
 <head>

   <meta http-equiv="content-type" content="text/html; charset=ISO-8859-1">
 </head>
 <body text="#000000" bgcolor="#FFFFFF">
   <font face="Helvetica, Arial, sans-serif">What's up?</font>
 </body>
</html>

雖然這一切看起來都很好,並且已經被 amavisd-new 掃描過,但它進入了垃圾郵件。我不一定要問為什麼,但如果它與未正確掃描有關,我需要解決這個問題。

以下是我在 /etc/amavisd.conf 文件中使用 CLAAV 的方法:

['ClamAV-clamd',
 \&ask_daemon, ["CONTSCAN {}\n", "/var/run/clamav/clamd.sock"],
 qr/\bOK$/m, qr/\bFOUND$/m,
 qr/^.*?: (?!Infected Archive)(.*) FOUND$/m ],

/var/run/clamav/ 目錄下不存在文件 clamd.sock,並且該目錄由 clamav 使用者和組 chowned(不存在時服務不會啟動)。我不知道它是否是在執行時創建和刪除的動態文件,但我認為權限沒有任何問題,可能缺少某些程序或服務來創建文件。

有任何想法嗎?提前致謝。

您需要確保已將 clamd 配置為在 amavisd(在 /etc/amavisd.conf 中)和 clamd(/etc/clamd.conf)中以相同的方式提供套接字,否則它們將無法通信。

引用自:https://serverfault.com/questions/549617