Centos
Centos 郵件伺服器上的 CLMAV:無法連接到 UNIX 套接字 clamd.sock
在我的 Centos 6.4 伺服器中,我使用帶有 Amavis/ClamAV 過濾器的 Postfix 和 Dovecot。最近我一直在嘗試解決我的垃圾郵件問題(只發生在 Gmail 和 Hotmail 中)所以我一直在跟踪日誌。
雖然我可以發送和接收電子郵件,但我已經意識到 Clamav 會導致 /var/log/maillog 中的錯誤,所以我認為如果我能解決這個錯誤,也許它可以幫助我解決垃圾郵件問題。
這是主要錯誤,我認為其餘的過程都很好。
(!)connect to /var/run/clamav/clamd.sock failed, attempt #1: Can't connect to UNIX socket /var/run/clamav/clamd.sock: No such file or directory
測試資訊:
XX.XX.XX.XX: Sender Client IP (This time Thunderbird) YY.YY.YY.YY: My mail server IP user@mydomain.com: Sender address target@thatdomain.com: Receiver address (This time Gmail)
當我從伺服器中的郵件帳戶發送電子郵件時,/var/log/maillog 的外觀如下:
postfix[3422]: warning: XX.XX.XX.XX: hostname XX.XX.XX.XX.static.ttnet.com.tr verification failed: Name or service not known postfix[3422]: connect from unknown[XX.XX.XX.XX] postfix[3422]: setting up TLS connection from unknown[XX.XX.XX.XX] postfix[3422]: Anonymous TLS connection established from unknown[XX.XX.XX.XX]: TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits) postfix[3422]: D894AC1E61: client=unknown[XX.XX.XX.XX], sasl_method=PLAIN, sasl_username=user@mydomain.com postfix/cleanup[3429]: D894AC1E61: message-id=<5270DDBB.8020506@mydomain.com> postfix/qmgr[1310]: D894AC1E61: from=<user@mydomain.com>, size=862, nrcpt=1 (queue active) amavis[3326]: (03326-01) ESMTP::10024 /var/amavis/tmp/amavis-20131030T102202-03326-IY7b8Pdi: <user@mydomain.com> -> <target@thatdomain.com> SIZE=862 Received: from host.mydomain.com ([127.0.0.1]) by localhost (mydomain.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP for <target@thatdomain.com>; Wed, 30 Oct 2013 10:22:02 +0000 (UTC) amavis[3326]: (03326-01) Checking: MemHkAhbAuqt [XX.XX.XX.XX] <user@mydomain.com> -> <target@thatdomain.com> amavis[3326]: (03326-01) Open relay? Nonlocal recips but not originating: target@thatdomain.com amavis[3326]: (03326-01) (!)connect to /var/run/clamav/clamd.sock failed, attempt #1: Can't connect to UNIX socket /var/run/clamav/clamd.sock: 2 amavis[3326]: (03326-01) ClamAV-clamd: All attempts (1) failed connecting to /var/run/clamav/clamd.sock, retrying (1) postfix[3422]: disconnect from unknown[XX.XX.XX.XX] amavis[3326]: (03326-01) (!)connect to /var/run/clamav/clamd.sock failed, attempt #1: Can't connect to UNIX socket /var/run/clamav/clamd.sock: No such file or directory amavis[3326]: (03326-01) (!)ClamAV-clamd: All attempts (1) failed connecting to /var/run/clamav/clamd.sock, retrying (2) amavis[3326]: (03326-01) (!)connect to /var/run/clamav/clamd.sock failed, attempt #1: Can't connect to UNIX socket /var/run/clamav/clamd.sock: No such file or directory amavis[3326]: (03326-01) (!)ClamAV-clamd av-scanner FAILED: run_av error: Too many retries to talk to /var/run/clamav/clamd.sock (All attempts (1) failed connecting to /var/run/clamav/clamd.sock) at (eval 113) line 600.\n amavis[3326]: (03326-01) (!)WARN: all primary virus scanners failed, considering backups postfix[3433]: connect from unknown[127.0.0.1] postfix[3433]: E52C1C1E71: client=unknown[127.0.0.1] postfix/cleanup[3429]: E52C1C1E71: message-id=<5270DDBB.8020506@mydomain.com> postfix/qmgr[1310]: E52C1C1E71: from=<user@mydomain.com>, size=1279, nrcpt=1 (queue active) amavis[3326]: (03326-01) FWD from <user@mydomain.com> -> <target@thatdomain.com>,BODY=7BIT 250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as E52C1C1E71 amavis[3326]: (03326-01) Passed CLEAN {RelayedOpenRelay}, [XX.XX.XX.XX]:33926 [XX.XX.XX.XX] <user@mydomain.com> -> <target@thatdomain.com>, Message-ID: <5270DDBB.8020506@mydomain.com>, mail_id: MemHkAhbAuqt, Hits: 0.106, size: 862, queued_as: E52C1C1E71, 14736 ms postfix/smtp[3430]: D894AC1E61: to=<target@thatdomain.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=15, delays=0.53/0.01/0.01/15, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as E52C1C1E71) postfix/qmgr[1310]: D894AC1E61: removed amavis[3326]: (03326-01) extra modules loaded: unicore/lib/gc_sc/Digit.pl, unicore/lib/gc_sc/SpacePer.pl postfix/smtp[3436]: E52C1C1E71: to=<target@thatdomain.com>, relay=gmail-smtp-in.l.google.com[74.125.142.27]:25, delay=1.2, delays=0.01/0.02/0.68/0.5, dsn=2.0.0, status=sent (250 2.0.0 OK 1383128540 x12si3704513igx.15 - gsmtp) postfix/qmgr[1310]: E52C1C1E71: removed dovecot: imap-login: Login: user=<user@mydomain.com>, method=PLAIN, rip=::1, lip=::1, mpid=3439, secured dovecot: imap(user@mydomain.com): Disconnected: Logged out bytes=90/777
以下是 Gmail 中收到的郵件的原始碼:
Delivered-To: target@thatdomain.com Received: by 10.68.54.102 with SMTP id i6csp217498pbp; Wed, 30 Oct 2013 03:22:20 -0700 (PDT) X-Received: by 10.50.6.99 with SMTP id z3mr1702938igz.27.1383128540254; Wed, 30 Oct 2013 03:22:20 -0700 (PDT) Return-Path: <user@mydomain.com> Received: from host.mydomain.com (mydomain.com. [YY.YY.YY.YY]) by mx.google.com with ESMTPS id x12si3704513igx.15.2013.10.30.03.22.19 for <target@thatdomain.com> (version=TLSv1 cipher=RC4-SHA bits=128/128); Wed, 30 Oct 2013 03:22:20 -0700 (PDT) Received-SPF: pass (google.com: domain of user@mydomain.com designates YY.YY.YY.YY as permitted sender) client-ip=YY.YY.YY.YY; Authentication-Results: mx.google.com; spf=pass (google.com: domain of user@mydomain.com designates YY.YY.YY.YY as permitted sender) smtp.mail=user@mydomain.com Received: from localhost (unknown [127.0.0.1]) by host.mydomain.com (Postfix) with ESMTP id E52C1C1E71 for <target@thatdomain.com>; Wed, 30 Oct 2013 10:22:16 +0000 (UTC) X-Virus-Scanned: amavisd-new at mydomain.com Received: from host.mydomain.com ([127.0.0.1]) by localhost (mydomain.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MemHkAhbAuqt for <target@thatdomain.com>; Wed, 30 Oct 2013 10:22:02 +0000 (UTC) Received: from [192.168.2.15] (unknown [XX.XX.XX.XX]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by host.mydomain.com (Postfix) with ESMTPSA id D894AC1E61 for <target@thatdomain.com>; Wed, 30 Oct 2013 10:22:01 +0000 (UTC) Message-ID: <5270DDBB.8020506@mydomain.com> Date: Wed, 30 Oct 2013 12:21:47 +0200 From: mydomain Development Base <user@mydomain.com> User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.0 MIME-Version: 1.0 To: target@thatdomain.com Subject: That's the mail Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit <html> <head> <meta http-equiv="content-type" content="text/html; charset=ISO-8859-1"> </head> <body text="#000000" bgcolor="#FFFFFF"> <font face="Helvetica, Arial, sans-serif">What's up?</font> </body> </html>
雖然這一切看起來都很好,並且已經被 amavisd-new 掃描過,但它進入了垃圾郵件。我不一定要問為什麼,但如果它與未正確掃描有關,我需要解決這個問題。
以下是我在 /etc/amavisd.conf 文件中使用 CLAAV 的方法:
['ClamAV-clamd', \&ask_daemon, ["CONTSCAN {}\n", "/var/run/clamav/clamd.sock"], qr/\bOK$/m, qr/\bFOUND$/m, qr/^.*?: (?!Infected Archive)(.*) FOUND$/m ],
/var/run/clamav/ 目錄下不存在文件 clamd.sock,並且該目錄由 clamav 使用者和組 chowned(不存在時服務不會啟動)。我不知道它是否是在執行時創建和刪除的動態文件,但我認為權限沒有任何問題,可能缺少某些程序或服務來創建文件。
有任何想法嗎?提前致謝。
您需要確保已將 clamd 配置為在 amavisd(在 /etc/amavisd.conf 中)和 clamd(/etc/clamd.conf)中以相同的方式提供套接字,否則它們將無法通信。