Hi,
I noticed recently, that exim's mysql queries fail, if the configured
clamd can't be reached via his socket (because he is offline).
2016-08-09 10:27:21 1bX2Nd-0004XA-7P malware acl condition: clamd:
unable to connect to UNIX socket (/var/run/clamd.exim/clamd.sock): No
such file or directory
2016-08-09 10:27:21 1bX2Nd-0004XA-7P H=mx3.scnem.com [80.190.129.136]
X=TLSv1.2:DHE-RSA-AES256-GCM-SHA384:256 F=<bounce@???> temporarily
rejected after DATA: MYSQL: no data found
I check the database, was up and running fine.
I checked the database connection, was up and running
I checked the database content... guess what, it was ok.
I restarted exim, the error message keept coming
I restarted clamd ( with some kicks and pushes into the deamons *** )
the messages about "no data" disappeared.
Result:
Exim blames SQL to have not returned data, but it did.
Here is the rule in question:
warn condition = ${if eq{$authenticated_id}{} {1}{0}}
condition = ${if forany{<, $recipients}{match{${lookup
mysql {SELECT 1 FROM ************* }}}{1}} {1}{0}}
malware = *
set acl_m_virus = 1
log_message = This message contains a virus
($malware_name) forwarding to safemailbox.
add_header = X-Virus-Flag: YES
and if exim processes the conditions in the correct order, mysql comes
first before clamd even got asked to test it.
TODO:
I'm pretty sure, you need to correct the error message to reflect what
really failed here!
@clamd.exim Devs:
The time, where a 8K read loop was state of the art, is long gone.
Please increase the read buffer to a more performant value i.e. 1M .
The overhead from your small read packages slows down the start of the
daemon, where systemd checks the startup time and cancels
that startup, if it takes too long. A system under pressure gets slowed
down by his start (iowise), because that deamon doesn't start, but is
necessary for ie. exim to get pressure of it. Germans call this a
"Teufelskreis" ;)
Why want to know why clamd decreases the pressure ?
Because with the above bug of exim, telling the sending MTA a 451 has
happend, the mails get resend over and over again.
If clamd works, the processing goes on, and the messages gets processed
finally , one way or the other.
best regards,
Marius
