[Mimedefang] MsgID between sendmail and mimedefang issue

Bill Cole mdlist-20140424 at billmail.scconsult.com
Thu Nov 18 14:51:03 EST 2021 

On 2021-11-18 at 11:28:08 UTC-0500 (Thu, 18 Nov 2021 18:28:08 +0200)
Ernst du Plooy via MIMEDefang <mimedefang at lists.mimedefang.org>
is rumored to have said:

> I tried to reinstall MIME::Tools, but the issue remains.

I see no way that MIME::Tools could possibly be relevant.

> No space issues
> root at relay2 ~]# df -h |grep MIMEDefang
> tmpfs           4.0G  3.4M  4.0G   1% /var/spool/MIMEDefang/

Do you see these events if you put that on real disk?

> The inital example I've sent is extremely confusing and I can't really 
> wrap
> my head around it.  To make things easier and to first look at the
> directory problem I extracted another example:

I do not see more than one queue ID in these log lines.

> [root at relay2 ~]# cat /var/log/maillog |grep 1AIFm3xE022061
> Nov 18 17:48:05 relay2 mimedefang.pl[17432]: 1AIFm3xE022061: SPF 
> Result:
> *pass*pass*nightsbridge.co.za: 34.193.196.229 is authorized to use '
> xxx at nightsbridge.co.za' in 'mfrom' identity (mechanism 'mx'
> matched)*34.193.196.229*<booking at nightsbridge.co.za>*mail.nightsbridge.com
> Nov 18 17:48:05 relay2 mimedefang.pl[17432]: 1AIFm3xE022061: NOTICE: 
> All
> Filter Recipient tests passed
> Nov 18 17:48:06 relay2 sendmail[22061]: 1AIFm3xE022061: from=<
> booking at nightsbridge.co.za>, size=2719, class=0, nrcpts=1,
> msgid=<172494053.52128.1637250479567 at localnode>, proto=ESMTP, 
> daemon=MTA,
> relay=mail1.nightsbridge.com [34.193.196.229]
> Nov 18 17:48:06 relay2 mimedefang.pl[17375]: 1AIFm3xE022061:
> MDLOG,1AIFm3xE022061,RECEIVE (sbn),,,<xxx at nightsbridge.co.za>,<
> xxx at villabali.co.za>,Booking for Villa Bali Boutique Hotel (xxx) - 
> xxxn%2C
> arriving 15 Dec 2021
> Nov 18 17:48:06 relay2 mimedefang.pl[17375]: 1AIFm3xE022061: Rules 
> Used:
> xxx.co.za
> Nov 18 17:48:06 relay2 mimedefang.pl[17375]: 1AIFm3xE022061: DKIM 
> Domain:
> xxx.co.za
> Nov 18 17:48:06 relay2 mimedefang.pl[17375]: 1AIFm3xE022061: Executing
> DMARC for Domain (nightsbridge.co.za) and IP (34.193.196.229).
> Nov 18 17:48:06 relay2 mimedefang.pl[17375]: 1AIFm3xE022061: DKIM pass
> DMARC: v=DMARC1; p=reject; rua=mailto:mailmaster at nightsbridge.com;
> ruf=mailto:mailmaster at nightsbridge.com; adkim=s; aspf=s
> Nov 18 17:48:06 relay2 mimedefang.pl[17375]: 1AIFm3xE022061: Clamd 
> returned
> error: File path check failure: No such file or directory.
> Nov 18 17:48:06 relay2 mimedefang.pl[17375]: 1AIFm3xE022061: 
> Anti-Virus:
> Running virus scanner
> Nov 18 17:48:06 relay2 mimedefang.pl[17375]: 1AIFm3xE022061: 
> Anti-Virus:
> result: From: <xxx at nightsbridge.co.za> | Message: 999 swerr | Action:
> tempfail | Virus-Name:  | Complete-Message:
> Nov 18 17:48:06 relay2 mimedefang.pl[17375]: 1AIFm3xE022061: 
> Anti-Virus:
> scanner tempfail!
> Nov 18 17:48:06 relay2 mimedefang.pl[17375]: 1AIFm3xE022061: High Load
> Server
> Nov 18 17:48:06 relay2 mimedefang.pl[17375]: 1AIFm3xE022061: NOTICE: 
> All
> Filter tests passwd
> Nov 18 17:48:06 relay2 mimedefang.pl[17375]: 1AIFm3xE022061: NOTICE:  
> Scan
> complete.
> Nov 18 17:48:06 relay2 mimedefang[10998]: 1AIFm3xE022061: Filter did 
> not
> create RESULTS file
> Nov 18 17:48:06 relay2 mimedefang[10998]: 1AIFm3xE022061:
> lstat(/var/spool/MIMEDefang/mdefang-1AIFm3xE022061) failed: No such 
> file or
> directory
> Nov 18 17:48:06 relay2 mimedefang[10998]: 1AIFm3xE022061: failed to 
> clean
> up /var/spool/MIMEDefang/mdefang-1AIFm3xE022061: No such file or 
> directory
> Nov 18 17:48:06 relay2 sendmail[22061]: 1AIFm3xE022061: Milter: data,
> reject=451 4.3.2 Please try again later
> Nov 18 17:48:06 relay2 sendmail[22061]: 1AIFm3xE022061: to=<
> res at villabali.co.za>, delay=00:00:01, pri=32719, stat=Please try again 
> later

The only oddity I see here is that something whacked the MD working 
directory for 1AIFm3xE022061 while MD was still working with it.

[...]

> Maybe we should look at the new example to simplify things for now.

OK, but it does have the difference of NOT having any issue with 
multiple queue IDs.

So: why was that working directory missing mid-scan? Or was it never 
created? I have no ideas. Is /var/spool/MIMEDefang writeable by the user 
running mimedefang? Could SELinux or AppArmor be interfering?




-- 
Bill Cole
bill at scconsult.com or billcole at apache.org
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Not Currently Available For Hire

More information about the MIMEDefang mailing list