Author Topic: Latest CWP Almalinux 9 sept2024 fresh instal = amavis timeout + mariadb Vmem exc  (Read 424 times)

0 Members and 1 Guest are viewing this topic.

Offline
*
Hello
I installed fresh almalinux 9 and CWP PRO according to the precise instructions given.

The server has 30Gb RAM, 8 CPU AMD EPYC 7282, AlmaLinux release 9.4 (Seafoam Ocelot) - Kernel Version: 5.14.0-427.35.1.el9_4.x86_64 - Platform: x86_64 kvm

Apache version: Apache/2.4.56
PHP version: 7.4.33 Forced PHP-FPM: 8.1
MySQL version: 10.5.22-MariaDB
FTP version: 1.0.51
Web Servers: nginx-varnish-apache

I settled all the basic about SSL, rDNS/PTR and other basic settings.

All seems to work fine so far.

I installed ClamAV, all went fine.

However, I tried to use "Postfix Mail Server Manager" in order to activate and use the following:

AntiSpam/AntiVirus (recommended): ClamAV, Amavis & Spamassassin, Requires 2Gb+ RAM
rDNS Check (recommended): Drop all emails if no rDNS/PTR
Install DKIM & SPF (recommended): Installs DKIM & SPF, enables DKIM for New Accounts and Domains
Install Policyd (recommended): Installs Policyd, enables hourly email limit per domain.

The result apparently was successful, but:

- AMaVis service do not start due to time limit, trying to restart it does give same error, after reboot also do not start
- OpenDKIM service started after activation, but after the reboot did not start, trying to restart it does work (apparently)

After activating those services I received various emails telling about these errors:

Account:      mysql
Resource:     Process Time
Exceeded:     7211 > 1800 (seconds)
Executable:   /usr/libexec/mariadbd
Command Line: /usr/libexec/mariadbd --basedir=/usr
PID:          916 (Parent PID:916)
Killed:       No

And this:

Account:      mysql
Resource:     Virtual Memory Size
Exceeded:     2092 > 512 (MB)
Executable:   /usr/libexec/mariadbd
Command Line: /usr/libexec/mariadbd --basedir=/usr
PID:          1443 (Parent PID:1443)
Killed:       No

and another one telling this:

Account:      clamupdate
Resource:     RSS Memory Size
Exceeded:     410 > 256 (MB)
Executable:   /usr/bin/freshclam
Command Line: freshclam
PID:          40327 (Parent PID:40276)
Killed:       No

I tried to search information/solutions to these issues and found only sparse information that I am not sure can work and do not seem exhaustive anyway.

To me seems that the "Postfix Mail Server Manager" automatic configurator is incomplete, would be nice if it would take care to add the correct variables in the proper configuration files to avoid getting those errors.

However, can anyone tell what should I fix in the configuration of the server in order to solve these issues?

Thank you in advance

Offline
*****
EL9 support is still in beta, so expect bugs.

Offline
*
Yes I know, my host do not offer almalinux 8, I did not want to do a manual install and opted to try almalinux 9

However, I found out that adding the line $inet_socket_bind = '127.0.0.1'; in /etc/amavisd/amavisd.conf seems to solve the problem, I also rebooted and amavis seems to start fine after this addition.

OpenDKIM instead after reboot is stopped, do not automatically start,  but if I manually start goes on and seems to work, I checked the logs and I get no particular info, only that failed to start, no details...

I cheked wheter was enabled to be started at boot, and was not, I enabled it, reboot and worked

As far as I know/discovered by myself as ignorant DIY buddy those were the culprits, I hope that beyond these issues those services truly work now, still have to check this...

BTW ... Silly question from an ignorant...
As I am not expert and have always doubts about security...

Can anyone confirm that that adding the line $inet_socket_bind = '127.0.0.1'; to /etc/amavisd/amavisd.conf does NOT cause security troubles or other kind of problems/errors?

Ty in advance

UPDATE:
I found this on the web

"If you bind a socket for receiving data to a specific address you can only receive data sent to this specific IP address. For example, if you bind to 127.0.0.1 you will be able to receive data from your own system but not from some other system on the local network, because they cannot send data to your 127.0.0.1: for one any data to 127.0.0.1 will be sent to their own 127.0.0.1 and second your 127.0.0.1 is an address on your internal loopback interface which is not reachable from outside."

If I do not understand wrong, there should be no major problems with this addition in the amavisd configuration, is that correct?

Ty
« Last Edit: September 18, 2024, 06:27:06 PM by David »

Offline
**
OpenDKIM:

If it doesn't start automatically on boot then most likely it isn't configured to start automatically. Run:

Code: [Select]
systemctl enable opendkim
and then check if it starts automatically after reboot.

Amavis:

Should be ok:
Code: [Select]
$inet_socket_bind = '127.0.0.1'
Just make sure postfix is configured to operate with amavis through 127.0.0.1.

Offline
*
Hello
ty, OK

how to check if postfix is configured to work with amavis on 127.0.0.1 ?

Which file(s) and lines in it should be checked?
Thank you

Offline
*****
There are certain installation steps that are needed for CWP on AL9.

Code: [Select]
dnf install spamassassin amavis
Otherwise you'll be chasing your tail.

To fix OpenDKIM on CWP & AL9 see:
https://kb.starburstservices.com/control-web-panel-cwp/control-web-panel-cwp-admin-tutorials/dkim-not-working-on-almalinux-9-with-cwp/