DKIM-milter restarting itself

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

DKIM-milter restarting itself

Zbigniew Szalbot-9
Hello,

I have an issue with dkim-milter and was advised to ask on the postifx
mailing list.

I am using postfix-2.5.1_2,1 on a FreeBSD 7 system in tandem with
dkim-milter-2.6.0 to sign outgoing mail with DKIM.

All works fine but every few days, dkim-milter gets restarted. I did ask
why this is happening on the dkim-milter mailing list, but they are
saying that it does not seem to be their fault.

To quote dkim-milter author:
 > >>>> This is a known problem.  I've looked into it with the help of
 > >>>> some other list participants, but so far I don't have a
 > >>>> solution.  Oddly, it only appears on systems where Postfix is
 > >>>> the MTA in use.
 > >>>>
 > >>>> The forensic data I've been shown suggests that something is
 > >>>> closing the socket that connects the filter to the MTA
 > >>>> improperly, but it's very hard to determine where or how that's
 > >>>> happening.

Someone else then said:
 > >>> I have a vague recollection of this coming on up postfix-users
 > >>> and being related to assumptions about buffer sizes that were
 > >>> unfortunate and it being fixed, but have been unable to find it
 > >>> in the archive.

Now to give a bit more background to the picture, it seems that
dkim-milter will sometimes "choke" and get restarted.

 From the log:
Jul  7 09:00:55 relay postfix/cleanup[13685]: warning: milter
inet:127.0.0.1:4445: can't read SMFIC_BODYEOB reply packet header:
Unknown error: 0
Jul  7 09:00:55 relay dkim-filter[787]: terminated with signal 11,
restarting

Now, I have no idea whether this is a postfix issue, because frankly
postfix is operating very well (no surprise here). So I am just asking
if you had any comments about this situation or how to debug it better.
I appreciate all your comments in advance! I hope is not my setup error!

$ postconf -n
broken_sasl_auth_clients = yes
command_directory = /usr/local/sbin
config_directory = /usr/local/etc/postfix
content_filter = smtp-amavis:[127.0.0.1]:10024
daemon_directory = /usr/local/libexec/postfix
data_directory = /var/db/postfix
debug_peer_level = 2
default_destination_rate_delay = 0
html_directory = no
local_destination_concurrency_limit = 2
mail_owner = postfix
mailq_path = /usr/local/bin/mailq
manpage_directory = /usr/local/man
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
mydomain = relay.lc-words.com
myhostname = relay.lc-words.com
mynetworks = 127.0.0.0/8, 62.121.130.110, 62.121.130.111
newaliases_path = /usr/local/bin/newaliases
proxy_read_maps = $local_recipient_maps $mydestination
$virtual_alias_maps   $virtual_alias_domains $virtual_mailbox_maps
$virtual_mailbox_domains  $relay_recipient_maps $relay_domains
$canonical_maps $sender_canonical_maps  $recipient_canonical_maps
$relocated_maps $transport_maps $mynetworks  $virtual_mailbox_limit_maps
queue_directory = /var/spool/postfix
readme_directory = no
relay_domains =
proxy:mysql:/usr/local/etc/postfix/mysql_relay_domains_maps.cf
lists.sgmlifewords.com
relay_recipient_maps =
proxy:mysql:/usr/local/etc/postfix/mysql_virtual_mailbox_maps.cf,
hash:/usr/local/etc/postfix/relay_recipients
sample_directory = /usr/local/etc/postfix
sendmail_path = /usr/local/sbin/sendmail
setgid_group = maildrop
smtp_generic_maps = hash:/usr/local/etc/postfix/generic
smtp_tls_loglevel = 0
smtp_tls_note_starttls_offer = yes
smtp_use_tls = yes
smtpd_delay_reject = yes
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks,    check_helo_access
hash:/usr/local/etc/postfix/disallow_my_domain,       permit
smtpd_recipient_restrictions = permit_mynetworks,
permit_sasl_authenticated,  reject_non_fqdn_hostname,
reject_non_fqdn_sender,  reject_non_fqdn_recipient,
reject_unlisted_recipient,  reject_unauth_destination,
reject_invalid_hostname,  reject_unverified_recipient,
check_client_access hash:/usr/local/etc/postfix/zen_whitelist
reject_rbl_client zen.spamhaus.org
smtpd_reject_unlisted_sender = yes
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_path = private/auth
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_tls_CAfile = /etc/ssl/postfix/smtpd.pem
smtpd_tls_cert_file = /etc/ssl/postfix/smtpd.pem
smtpd_tls_key_file = /etc/ssl/postfix/smtpd.pem
smtpd_tls_loglevel = 0
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
smtpd_use_tls = yes
soft_bounce = no
tls_random_source = dev:/dev/urandom
transport_maps = hash:/usr/local/etc/postfix/transport
unknown_local_recipient_reject_code = 550
virtual_alias_maps =
proxy:mysql:/usr/local/etc/postfix/mysql_virtual_alias_maps.cf
virtual_mailbox_domains =
proxy:mysql:/usr/local/etc/postfix/mysql_virtual_domains_maps.cf
virtual_mailbox_maps =
proxy:mysql:/usr/local/etc/postfix/mysql_virtual_mailbox_maps.cf
virtual_transport = virtual


master.cf milter-related entry:
127.0.0.1:10025 inet n - n - - smtpd
   -o content_filter=
   -o local_recipient_maps=
   -o relay_recipient_maps=
   -o smtpd_restriction_classes=
   -o smtpd_delay_reject=no
   -o smtpd_client_restrictions=permit_mynetworks,reject
   -o smtpd_helo_restrictions=
   -o smtpd_sender_restrictions=
   -o smtpd_recipient_restrictions=permit_mynetworks,reject
   -o mynetworks_style=host
   -o mynetworks=127.0.0.0/8
   -o strict_rfc821_envelopes=yes
   -o smtpd_error_sleep_time=0
   -o smtpd_soft_error_limit=1001
   -o smtpd_hard_error_limit=1000
   -o smtpd_client_connection_count_limit=0
   -o smtpd_client_connection_rate_limit=0
   -o
receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_address_mappings
   -o milter_default_action=accept
   -o milter_macro_daemon_name=ORIGINATING
   -o smtpd_milters=inet:127.0.0.1:4445

Thank you very much in advance!

--
Zbigniew Szalbot
www.LCWords.com

smime.p7s (3K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: DKIM-milter restarting itself

Noel Jones-2
Zbigniew Szalbot wrote:

> Hello,
>
> I have an issue with dkim-milter and was advised to ask on the postifx
> mailing list.
>
> I am using postfix-2.5.1_2,1 on a FreeBSD 7 system in tandem with
> dkim-milter-2.6.0 to sign outgoing mail with DKIM.
>
> All works fine but every few days, dkim-milter gets restarted. I did ask
> why this is happening on the dkim-milter mailing list, but they are
> saying that it does not seem to be their fault.
>
> To quote dkim-milter author:
>  > >>>> This is a known problem.  I've looked into it with the help of
>  > >>>> some other list participants, but so far I don't have a
>  > >>>> solution.  Oddly, it only appears on systems where Postfix is
>  > >>>> the MTA in use.
>  > >>>>
>  > >>>> The forensic data I've been shown suggests that something is
>  > >>>> closing the socket that connects the filter to the MTA
>  > >>>> improperly, but it's very hard to determine where or how that's
>  > >>>> happening.
>
> Someone else then said:
>  > >>> I have a vague recollection of this coming on up postfix-users
>  > >>> and being related to assumptions about buffer sizes that were
>  > >>> unfortunate and it being fixed, but have been unable to find it
>  > >>> in the archive.
>
> Now to give a bit more background to the picture, it seems that
> dkim-milter will sometimes "choke" and get restarted.
>
>  From the log:
> Jul  7 09:00:55 relay postfix/cleanup[13685]: warning: milter
> inet:127.0.0.1:4445: can't read SMFIC_BODYEOB reply packet header:
> Unknown error: 0
> Jul  7 09:00:55 relay dkim-filter[787]: terminated with signal 11,
> restarting

>
> Now, I have no idea whether this is a postfix issue, because frankly
> postfix is operating very well (no surprise here). So I am just asking
> if you had any comments about this situation or how to debug it better.
> I appreciate all your comments in advance! I hope is not my setup error!

I'm using dkim-milter in a setup very similar to yours, but
with different software versions.
FreeBSD 5.3, postfix 2.6-20080511, dkim-milter 2.5.5.
Uptime on the dkim-filter process here is 69 days, which seems
to roughly correspond with when I upgraded to that version.

I don't see any glaring errors in your postfix config.

Maybe I'll upgrade dkim-milter before I go home tonight and
see what happens...

--
Noel Jones





>
> $ postconf -n
> broken_sasl_auth_clients = yes
> command_directory = /usr/local/sbin
> config_directory = /usr/local/etc/postfix
> content_filter = smtp-amavis:[127.0.0.1]:10024
> daemon_directory = /usr/local/libexec/postfix
> data_directory = /var/db/postfix
> debug_peer_level = 2
> default_destination_rate_delay = 0
> html_directory = no
> local_destination_concurrency_limit = 2
> mail_owner = postfix
> mailq_path = /usr/local/bin/mailq
> manpage_directory = /usr/local/man
> mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
> mydomain = relay.lc-words.com
> myhostname = relay.lc-words.com
> mynetworks = 127.0.0.0/8, 62.121.130.110, 62.121.130.111
> newaliases_path = /usr/local/bin/newaliases
> proxy_read_maps = $local_recipient_maps $mydestination
> $virtual_alias_maps   $virtual_alias_domains $virtual_mailbox_maps
> $virtual_mailbox_domains  $relay_recipient_maps $relay_domains
> $canonical_maps $sender_canonical_maps  $recipient_canonical_maps
> $relocated_maps $transport_maps $mynetworks  $virtual_mailbox_limit_maps
> queue_directory = /var/spool/postfix
> readme_directory = no
> relay_domains =
> proxy:mysql:/usr/local/etc/postfix/mysql_relay_domains_maps.cf
> lists.sgmlifewords.com
> relay_recipient_maps =
> proxy:mysql:/usr/local/etc/postfix/mysql_virtual_mailbox_maps.cf,
> hash:/usr/local/etc/postfix/relay_recipients
> sample_directory = /usr/local/etc/postfix
> sendmail_path = /usr/local/sbin/sendmail
> setgid_group = maildrop
> smtp_generic_maps = hash:/usr/local/etc/postfix/generic
> smtp_tls_loglevel = 0
> smtp_tls_note_starttls_offer = yes
> smtp_use_tls = yes
> smtpd_delay_reject = yes
> smtpd_helo_required = yes
> smtpd_helo_restrictions = permit_mynetworks,    check_helo_access
> hash:/usr/local/etc/postfix/disallow_my_domain,       permit
> smtpd_recipient_restrictions = permit_mynetworks,
> permit_sasl_authenticated,  reject_non_fqdn_hostname,
> reject_non_fqdn_sender,  reject_non_fqdn_recipient,
> reject_unlisted_recipient,  reject_unauth_destination,
> reject_invalid_hostname,  reject_unverified_recipient,
> check_client_access hash:/usr/local/etc/postfix/zen_whitelist
> reject_rbl_client zen.spamhaus.org
> smtpd_reject_unlisted_sender = yes
> smtpd_sasl_auth_enable = yes
> smtpd_sasl_authenticated_header = yes
> smtpd_sasl_local_domain = $myhostname
> smtpd_sasl_path = private/auth
> smtpd_sasl_security_options = noanonymous
> smtpd_sasl_type = dovecot
> smtpd_tls_CAfile = /etc/ssl/postfix/smtpd.pem
> smtpd_tls_cert_file = /etc/ssl/postfix/smtpd.pem
> smtpd_tls_key_file = /etc/ssl/postfix/smtpd.pem
> smtpd_tls_loglevel = 0
> smtpd_tls_received_header = yes
> smtpd_tls_session_cache_timeout = 3600s
> smtpd_use_tls = yes
> soft_bounce = no
> tls_random_source = dev:/dev/urandom
> transport_maps = hash:/usr/local/etc/postfix/transport
> unknown_local_recipient_reject_code = 550
> virtual_alias_maps =
> proxy:mysql:/usr/local/etc/postfix/mysql_virtual_alias_maps.cf
> virtual_mailbox_domains =
> proxy:mysql:/usr/local/etc/postfix/mysql_virtual_domains_maps.cf
> virtual_mailbox_maps =
> proxy:mysql:/usr/local/etc/postfix/mysql_virtual_mailbox_maps.cf
> virtual_transport = virtual
>
>
> master.cf milter-related entry:
> 127.0.0.1:10025 inet n - n - - smtpd
>   -o content_filter=
>   -o local_recipient_maps=
>   -o relay_recipient_maps=
>   -o smtpd_restriction_classes=
>   -o smtpd_delay_reject=no
>   -o smtpd_client_restrictions=permit_mynetworks,reject
>   -o smtpd_helo_restrictions=
>   -o smtpd_sender_restrictions=
>   -o smtpd_recipient_restrictions=permit_mynetworks,reject
>   -o mynetworks_style=host
>   -o mynetworks=127.0.0.0/8
>   -o strict_rfc821_envelopes=yes
>   -o smtpd_error_sleep_time=0
>   -o smtpd_soft_error_limit=1001
>   -o smtpd_hard_error_limit=1000
>   -o smtpd_client_connection_count_limit=0
>   -o smtpd_client_connection_rate_limit=0
>   -o
> receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_address_mappings
>
>   -o milter_default_action=accept
>   -o milter_macro_daemon_name=ORIGINATING
>   -o smtpd_milters=inet:127.0.0.1:4445
>
> Thank you very much in advance!
>

Reply | Threaded
Open this post in threaded view
|

Re: DKIM-milter restarting itself

Wietse Venema
In reply to this post by Zbigniew Szalbot-9
Zbigniew Szalbot:

>  From the log:
> Jul  7 09:00:55 relay postfix/cleanup[13685]: warning: milter
> inet:127.0.0.1:4445: can't read SMFIC_BODYEOB reply packet header:
> Unknown error: 0
> Jul  7 09:00:55 relay dkim-filter[787]: terminated with signal 11,
> restarting
>
> Now, I have no idea whether this is a postfix issue, because frankly
> postfix is operating very well (no surprise here). So I am just asking
> if you had any comments about this situation or how to debug it better.
> I appreciate all your comments in advance! I hope is not my setup error!

Signal 11 is a bug in the program that dies. It is usually the
result from an attempt to access an invalid memory address.

As for how to debug dkim-milter, this is not the most appropriate
mailing list. All I can do is tell you to record all postfix-to-milter
traffic with tcpdump including the full packet content, and if you
can capture a session where dkim-milter crashes, then I can tell
you what the packets meant.

        Wietse