headers
John Elliot | 6 Oct 2010 00:27
Picon
Favicon

Log rotation ownership change

Hi,
 
One of our qmail boxes lost power recently, and ever since then when smtpd logs are rotated the ownership is changed to root:adm and a "previous" file is also created
 
-rw-r-----  1 root   adm     9.6M Oct  6 06:27 current.0
-rw-r-----  1 root   adm        0 Oct  6 06:26 previous
 
smtpd stops, and we see the following error:
 
root      1602  0.0  0.0  1336  212 ?        S    Sep06   0:00 readproctitle service errors: ...?multilog: warning: unable to set mode of /var/log/qmail/smtpd/previous, pausing: permission denied?multilog: warning: unable to set mode of /var/log/qmail/smtpd/previous, pausing: permission denied?multilog: warning: unable to set mode of /var/log/qmail/smtpd/previous, pausing: permission denied?multilog: warning: unable to set mode of /var/log/qmail/smtpd/previous, pausing: permission denied?
 
chowning the files back to qmaill:nofiles fixes the issue.
 
smtpd log run file:
 
/var/log/qmail/smtpd# cat /service/qmail-smtpd/log/run
#!/bin/sh
exec /usr/local/bin/setuidgid qmaill /usr/local/bin/multilog t s10000000 n20 /var/log/qmail/smtpd
 
I've tried changing the size parameter to different values to see if it was some other process changing the ownership, but each time the log hits the conf'd size, the root:adm issue happens.
 
Any suggestions are greatly appreciated.
 
 
Permalink | Reply | 1 comment |
headers
Andy Bradford | 6 Oct 2010 03:35

Re: Log rotation ownership change

Thus said John Elliot on Wed, 06 Oct 2010 08:57:30 +1030:

> -rw-r-----  1 root   adm     9.6M Oct  6 06:27 current.0
> 
> -rw-r-----  1 root   adm        0 Oct  6 06:26 previous

> /var/log/qmail/smtpd# cat /service/qmail-smtpd/log/run 
> #!/bin/sh
> exec /usr/local/bin/setuidgid qmaill /usr/local/bin/multilog t s10000000 n20 /var/log/qmail/smtpd

You are  not looking at the  right log/run script. ``previous''  is only
used by a multilog that is using  a !processor which I do not see above.
Also, you  have a file called  ``current.0'' which is not  part of stock
daemontools as far as I am aware; is this from a patch?

Andy
Permalink | Reply | 0 comments |
headers
John Elliot | 6 Oct 2010 03:55
Picon
Favicon

RE: Log rotation ownership change

>
> Thus said John Elliot on Wed, 06 Oct 2010 08:57:30 +1030:
>
> > -rw-r----- 1 root adm 9.6M Oct 6 06:27 current.0
> >
> > -rw-r----- 1 root adm 0 Oct 6 06:26 previous
>
> > /var/log/qmail/smtpd# cat /service/qmail-smtpd/log/run
> > #!/bin/sh
> > exec /usr/local/bin/setuidgid qmaill /usr/local/bin/multilog t s10000000 n20 /var/log/qmail/smtpd
>
> You are not looking at the right log/run script. ``previous'' is only
> used by a multilog that is using a !processor which I do not see above.
> Also, you have a file called ``current.0'' which is not part of stock
> daemontools as far as I am aware; is this from a patch?
>

Thanks for the response.
 
This was a Bill Shupp toaster install(Many years ago!) - qmail-smtpd is logging to current, but also "something" is creating current.1 etc:
 
-rwxr--r--  1 qmaill nofiles 9.6M Oct  6 11:04 <at> 400000004cabcb3635c3d11c.s
-rw-r--r--  1 qmaill nofiles 3.2M Oct  6 11:47 current
 
 
-rw-r-----  1 qmaill nofiles 9.6M Oct  6 06:27 current.0
-rw-r-----  1 qmaill nofiles 1.7M Oct  5 08:09 current.1.gz
-rw-r-----  1 qmaill nofiles 1.6M Oct  4 11:18 current.2.gz
-rw-r-----  1 qmaill nofiles 1.7M Oct  3 13:47 current.3.gz
-rw-r-----  1 qmaill nofiles 1.7M Oct  2 16:36 current.4.gz
-rw-r-----  1 qmaill nofiles 1.7M Oct  1 07:59 current.5.gz
-rw-r-----  1 qmaill nofiles 2.9M Sep 30 16:47 current.6.gz
 
The only other multilog(Not qmail) appears to be clamd:
 
clamav    1617  0.0  0.0  1488  312 ?        S    Sep06   0:00 /usr/local/bin/multilog t /var/log/clamd
qmaill    1619  0.0  0.0  1488  272 ?        S    Sep06   0:00 multilog t s100000 n20 /var/log/qmail/pop3ds
qmaill    1620  0.0  0.0  1488  272 ?        S    Sep06   0:00 multilog t s100000 n20 /var/log/qmail/pop3d
qmaill    1621  0.0  0.0  1488  336 ?        S    Sep06   0:15 /usr/local/bin/multilog t s19999999 n20 /var/log/qmail
qmaill   25199  0.0  0.0  1488  336 ?        S    Sep30   0:35 /usr/local/bin/multilog t s10000000 n20 /var/log/qmail/smtpd
 
# cat /service/clamd/log/run
#!/bin/sh
exec /usr/local/bin/setuidgid clamav /usr/local/bin/multilog t /var/log/clamd
 
Perhaps clamd is the culprit?
 
 
 
 
Permalink | Reply | 4 comments |
headers
Scott Gifford | 7 Oct 2010 05:37
Gravatar

Re: Log rotation ownership change

On Tue, Oct 5, 2010 at 9:55 PM, John Elliot <johnelliot67 <at> hotmail.com> wrote:

[ ... ]
This was a Bill Shupp toaster install(Many years ago!) - qmail-smtpd is logging to current, but also "something" is creating current.1 etc:
 
-rwxr--r--  1 qmaill nofiles 9.6M Oct  6 11:04 <at> 400000004cabcb3635c3d11c.s
-rw-r--r--  1 qmaill nofiles 3.2M Oct  6 11:47 current
 
 
-rw-r-----  1 qmaill nofiles 9.6M Oct  6 06:27 current.0
-rw-r-----  1 qmaill nofiles 1.7M Oct  5 08:09 current.1.gz
-rw-r-----  1 qmaill nofiles 1.6M Oct  4 11:18 current.2.gz
-rw-r-----  1 qmaill nofiles 1.7M Oct  3 13:47 current.3.gz
-rw-r-----  1 qmaill nofiles 1.7M Oct  2 16:36 current.4.gz
-rw-r-----  1 qmaill nofiles 1.7M Oct  1 07:59 current.5.gz
-rw-r-----  1 qmaill nofiles 2.9M Sep 30 16:47 current.6.gz
 

That looks like you are using logrotate on your daemontools log directory.  Look in your /etc/logrotate.conf, /etc/logrotate.d, etc. (see the manpage for logrotate(8) for details).

-----Scott.

Permalink | Reply | 3 comments |
headers
John Elliot | 7 Oct 2010 05:59
Picon
Favicon

RE: Log rotation ownership change

Thanks Scott,
 
On Tue, Oct 5, 2010 at 9:55 PM, John Elliot <johnelliot67 <at> hotmail.com> wrote:
[ ... ]
This was a Bill Shupp toaster install(Many years ago!) - qmail-smtpd is logging to current, but also "something" is creating current.1 etc:
 
-rwxr--r--  1 qmaill nofiles 9.6M Oct  6 11:04 <at> 400000004cabcb3635c3d11c.s
-rw-r--r--  1 qmaill nofiles 3.2M Oct  6 11:47 current
 
 
-rw-r-----  1 qmaill nofiles 9.6M Oct  6 06:27 current.0
-rw-r-----  1 qmaill nofiles 1.7M Oct  5 08:09 current.1.gz
-rw-r-----  1 qmaill nofiles 1.6M Oct  4 11:18 current.2.gz
-rw-r-----  1 qmaill nofiles 1.7M Oct  3 13:47 current.3.gz
-rw-r-----  1 qmaill nofiles 1.7M Oct  2 16:36 current.4.gz
-rw-r-----  1 qmaill nofiles 1.7M Oct  1 07:59 current.5.gz
-rw-r-----  1 qmaill nofiles 2.9M Sep 30 16:47 current.6.gz
 

>That looks like you are using logrotate on your daemontools log directory.  Look in your /etc/logrotate.conf, /etc/logrotate.d, etc. (see the manpage for logrotate(8) for details).
 
I had checked logrotate, and couldn't find anything in there that references /var/log/qmail/*
 

# cat /etc/logrotate.conf
# see "man logrotate" for details
# rotate log files weekly
weekly
# keep 4 weeks worth of backlogs
rotate 4
# create new (empty) log files after rotating old ones
create
# uncomment this if you want your log files compressed
#compress
# packages drop log rotation information into this directory
include /etc/logrotate.d
# no packages own wtmp, or btmp -- we'll rotate them here
/var/log/wtmp {
    missingok
    monthly
    create 0664 root utmp
    rotate 1
}
/var/log/btmp {
    missingok
    monthly
    create 0664 root utmp
    rotate 1
}
Nothing in logrotate.d looks to be doing it either.
 
# ls -lah /etc/logrotate.d/*
-rw-r--r--  1 root root  79 Sep 29  2004 /etc/logrotate.d/aptitude
-rw-r--r--  1 root root 384 Nov 12  2004 /etc/logrotate.d/base-config
-rw-r--r--  1 root root 170 Nov  8  2004 /etc/logrotate.d/exim4-base
-rw-r--r--  1 root root  94 Jul 17  2004 /etc/logrotate.d/ppp
-rw-r--r--  1 root root 301 Sep 18  2005 /etc/logrotate.d/squid
 
Still thinking clam has something to do with it - I might try disabling it.
 
 
 
 
 
Permalink | Reply | 2 comments |
headers
FLoh Leeber | 7 Oct 2010 11:06
Picon
Gravatar

qmail-remote issues

Dear all,
 
can somebody answer the question what qmail-remote is doing, when the load goes to 100% and there are the following strace-logs being made:
 
(lots of them before, can go on for minutes I think)
...
...
...
[pid  4678] time(NULL)                  = 1286441615
[pid  4678] select(4, [3], [3], NULL, {572, 0}) = 1 (out [3], left {572, 0})
[pid  4678] time(NULL)                  = 1286441615
[pid  4678] read(3, 0x805ad00, 7)       = -1 EAGAIN (Resource temporarily unavai lable)
[pid  4678] time(NULL)                  = 1286441615
[pid  4678] select(4, [3], [3], NULL, {572, 0}) = 1 (out [3], left {572, 0})
[pid  4678] time(NULL)                  = 1286441615
[pid  4678] read(3, 0x805ad00, 7)       = -1 EAGAIN (Resource temporarily unavai lable)
[pid  4678] time(NULL)                  = 1286441615
[pid  4678] select(4, [3], [3], NULL, {572, 0}) = 1 (out [3], left {572, 0})
[pid  4678] time(NULL)                  = 1286441615
[pid  4678] read(3, 0x805ad00, 7)       = -1 EAGAIN (Resource temporarily unavai lable)
[pid  4678] time(NULL)                  = 1286441615
[pid  4678] select(4, [3], [3], NULL, {572, 0}) = 1 (out [3], left {572, 0})
[pid  4678] time(NULL)                  = 1286441615
[pid  4678] read(3, 0x805ad00, 7)       = -1 EAGAIN (Resource temporarily unavai lable)
[pid  4678] time(NULL)                  = 1286441615
[pid  4678] select(4, [3], [3], NULL, {572, 0}) = 2 (in [3], out [3], left {572,  0})
[pid  4678] time(NULL)                  = 1286441616
[pid  4678] read(3, "", 7)              = 0
[pid  4678] fcntl64(3, F_GETFL)         = 0x802 (flags O_RDWR|O_NONBLOCK)
[pid  4678] fcntl64(3, F_SETFL, O_RDWR) = 0
[pid  4678] fcntl64(3, F_GETFL)         = 0x2 (flags O_RDWR)
[pid  4678] fcntl64(3, F_SETFL, O_RDWR) = 0
[pid  4678] write(1, "ZTLS not available: connect fail"..., 77 <unfinished ...>
What goes wrong with TLS, and how to prevent this busy waiting there?
 
regards Florian
 
Permalink | Reply | 3 comments |
headers
Markus Stumpf | 7 Oct 2010 13:00
Picon
Favicon

Re: qmail-remote issues

On Thu, Oct 07, 2010 at 11:06:08AM +0200, FLoh Leeber wrote:
> What goes wrong with TLS, and how to prevent this busy waiting there? 

TLS is neither part of vanilla qmail nor netqmail.
Which patch are you using?

	\Maex
Permalink | Reply | 2 comments |
headers
FLoh Leeber | 7 Oct 2010 13:48
Picon
Gravatar

Re: qmail-remote issues

Hi,

its the TLS patch from http://inoa.net/qmail-tls/ - the latest version I 
would suppose....

thanks florian

----- Original Message ----- 
From: "Markus Stumpf" <lists-qmail <at> maexotic.de>
To: "FLoh Leeber" <flori <at> bin.org.in>
Cc: <qmail <at> list.cr.yp.to>
Sent: Thursday, October 07, 2010 1:00 PM
Subject: Re: qmail-remote issues

> On Thu, Oct 07, 2010 at 11:06:08AM +0200, FLoh Leeber wrote:
>> What goes wrong with TLS, and how to prevent this busy waiting there?
>
> TLS is neither part of vanilla qmail nor netqmail.
> Which patch are you using?
>
> \Maex
>
>
Permalink | Reply | 1 comment |
headers
Dan Ritter | 7 Oct 2010 16:24
Picon

Re: Log rotation ownership change

On Thu, Oct 07, 2010 at 02:29:38PM +1030, John Elliot wrote:
> 
> >That looks like you are using logrotate on your daemontools log directory.  Look in your
/etc/logrotate.conf, /etc/logrotate.d, etc. (see the manpage for logrotate(8) for details).
>  
> I had checked logrotate, and couldn't find anything in there that references /var/log/qmail/*
>  
> 
> # cat /etc/logrotate.conf 
> # see "man logrotate" for details
> # rotate log files weekly
> weekly
> # keep 4 weeks worth of backlogs
> rotate 4
> # create new (empty) log files after rotating old ones
> create
> # uncomment this if you want your log files compressed
> #compress
> # packages drop log rotation information into this directory
> include /etc/logrotate.d

^ this line, as was mentioned, includes all of the files in
logrotate.d as configuration elements. Look there.

-dsr-
Permalink | Reply | 1 comment |
headers
Olivier Mueller | 7 Oct 2010 20:22
Picon
Favicon

rblsmtpd & b.barracudacentral.org : not working anymore since middle of Septembre 2010 -> fix

Hello,

If, like me, you noticed that your b.barracudacentral.org based rblsmtpd
blacklisting is not working anymore, you can try to replace the :
	-r b.barracudacentral.org
part by :
	-r b.barracudacentral.org:IP_%IP%_blacklisted_by_barracudacentral.org 
in your qmail-smtpd/run file. It may solve the issue (it did here). 

Other lists like for example zen.spamhaus.org are fine, because they are
still setting a TXT record for listed IP's, but it is not the case
(anymore) for the barracuda RBL. 

You will probably need a patched rblsmptd version for that (with
ucspi-rss.patch or ucspi-rss2.patch from
http://qmail.jms1.net/ucspi-tcp/ )

Regards & HTH,
Olivier
Permalink | Reply | 0 comments |

Gmane