Loading ...
Sorry, an error occurred while loading the content.
 

Re: postscreen log lines reporting warnings and fatal errors

Expand Messages
  • Robert Lopez
    ... It was built from postfix-2.10.0.tar.gz, from Porcupine. -- Robert Lopez Unix Systems Administrator Central New Mexico Community College (CNM) 525 Buena
    Message 1 of 9 , Jun 14 4:33 PM
      On Fri, Jun 14, 2013 at 3:09 PM, Wietse Venema <wietse@...> wrote:
      > Robert Lopez:
      >> I am trying to understand the cause/causes of these log lines:
      >>
      >> 1) postfix/postscreen[####]: fatal: error [-30986] seeking
      >> /var/lib/postfix/postscreen_cache.db: Success
      >
      > Your Berkeley DB is screwed up.
      >
      > Code fragment from src/util/dict_db.c:
      >
      > /*
      > * Database lookup.
      > */
      > status =
      > dict_db->cursor->c_get(dict_db->cursor, &db_key, &db_value, db_function);
      > if (status != 0 && status != DB_NOTFOUND)
      > msg_fatal("error [%d] seeking %s: %m", status, dict_db->dict.name);
      >
      > Did you build Postfix yourself or is this a package?
      >
      > Wietse

      It was built from postfix-2.10.0.tar.gz, from Porcupine.


      --
      Robert Lopez
      Unix Systems Administrator
      Central New Mexico Community College (CNM)
      525 Buena Vista SE
      Albuquerque, New Mexico 87106
    • Wietse Venema
      ... Then, you made a mistake. Most likely you have multiple copies of Berkeley DB on the same system and now have Berkeley DB DLL hell. My advice is to avoid
      Message 2 of 9 , Jun 14 5:36 PM
        Robert Lopez:
        > 1) postfix/postscreen[####]: fatal: error [-30986] seeking
        > /var/lib/postfix/postscreen_cache.db: Success

        Wietse:
        > Your Berkeley DB is screwed up.
        >
        > Code fragment from src/util/dict_db.c:
        >
        > status =
        > dict_db->cursor->c_get(dict_db->cursor, &db_key, &db_value, db_function);
        > if (status != 0 && status != DB_NOTFOUND)
        > msg_fatal("error [%d] seeking %s: %m", status, dict_db->dict.name);
        >
        > Did you build Postfix yourself or is this a package?

        Robert Lopez:
        > It was built from postfix-2.10.0.tar.gz, from Porcupine.

        Then, you made a mistake. Most likely you have multiple copies of
        Berkeley DB on the same system and now have Berkeley DB DLL hell.

        My advice is to avoid installing multiple Berkeley DB copies, and
        to use the Berkeley DB that comes with the operating system.

        Wietse
      • Benny Pedersen
        ... locate postfix/postscreen ldd will show the problem why it fails under gentoo its ldd /usr/libexec/postfix/postscreen if its a break its
        Message 3 of 9 , Jun 14 5:49 PM
          wietse@... skrev den 2013-06-15 02:36:

          > My advice is to avoid installing multiple Berkeley DB copies, and
          > to use the Berkeley DB that comes with the operating system.

          locate postfix/postscreen
          ldd <result-path>

          will show the problem why it fails

          under gentoo its "ldd /usr/libexec/postfix/postscreen"

          if its a break its fixed by issueing revdep-rebuild

          --
          senders that put my email into body content will deliver it to my own
          trashcan, so if you like to get reply, dont do it
        • Robert Lopez
          It would not surprise me in the least to find out I did something wrong. :-} I know I did yum install db4-devel as part of packages I believed were
          Message 4 of 9 , Jun 17 12:56 PM
            It would not surprise me in the least to find out I did something wrong. :-}

            I know I did "yum install db4-devel" as part of packages I believed
            were prerequisites to installing Postfix.
            My recall is that I was missing a /usr/include file when test building
            a Postfix and I did a "yum provides" that lead me to the decision to
            install db4-devel.

            I am not convinced there are two copied of Berkeley DB installed.

            Does this look like two Berkeley DB copies? ...

            [root@mg08 ~]# locate postfix/postscreen
            /etc/postfix/postscreen_access.cidr
            /usr/libexec/postfix/postscreen
            /var/lib/postfix/postscreen_cache.db
            /var/www/postfix/postscreen.8.html
            [root@mg08 ~]# ldd /usr/libexec/postfix/postscreen
            linux-vdso.so.1 => (0x00007fff31fff000)
            libpcre.so.0 => /lib64/libpcre.so.0 (0x00007fcc8fc38000)
            libdb-4.7.so => /lib64/libdb-4.7.so (0x00007fcc8f8c4000)
            libnsl.so.1 => /lib64/libnsl.so.1 (0x00007fcc8f6aa000)
            libresolv.so.2 => /lib64/libresolv.so.2 (0x00007fcc8f490000)
            libc.so.6 => /lib64/libc.so.6 (0x00007fcc8f0fd000)
            libpthread.so.0 => /lib64/libpthread.so.0 (0x00007fcc8eedf000)
            /lib64/ld-linux-x86-64.so.2 (0x00007fcc8fe6d000)
            [root@mg08 ~]# locate libdb
            /lib64/libdb-4.7.so
            /lib64/libdbus-1.so.3
            /lib64/libdbus-1.so.3.4.0
            /usr/lib64/libdb-4.7.so
            /usr/lib64/libdb.so
            /usr/lib64/libdb_cxx-4.7.so
            /usr/lib64/libdb_cxx.so
            /usr/lib64/libdbus-glib-1.so.2
            /usr/lib64/libdbus-glib-1.so.2.1.0
            /usr/share/doc/rsyslog-5.8.10/omlibdbi.html
            [root@mg08 ~]# locate include/db
            /usr/include/db.h
            /usr/include/db4
            /usr/include/db_185.h
            /usr/include/db_cxx.h
            /usr/include/db4/db.h
            /usr/include/db4/db_185.h
            /usr/include/db4/db_cxx.h
            /usr/local/src/postfix-2.10.0/include/db_common.h


            This is an install on a VM instance of Red Hat Enterprise Linux Server
            release 6.4 (Santiago), Linux mg08 2.6.32-358.6.1.el6.x86_64 #1 SMP
            Fri Mar 29 16:51:51 EDT 2013 x86_64 x86_64 x86_64 GNU/Linux.


            --
            Robert Lopez
            Unix Systems Administrator
            Central New Mexico Community College (CNM)
            525 Buena Vista SE
            Albuquerque, New Mexico 87106
          • Wietse Venema
            ... I suggest that you install a compiled version of Postfix, and that you use a simpler program to become familiar with the process of building your own
            Message 5 of 9 , Jun 17 1:11 PM
              Robert Lopez:
              > It would not surprise me in the least to find out I did something wrong. :-}
              >
              > I know I did "yum install db4-devel" as part of packages I believed
              > were prerequisites to installing Postfix.
              > My recall is that I was missing a /usr/include file when test building
              > a Postfix and I did a "yum provides" that lead me to the decision to
              > install db4-devel.

              I suggest that you install a compiled version of Postfix, and that
              you use a simpler program to become familiar with the process of
              building your own binaries.

              Running ldd(1) on Postfix will not show if some library has its own
              dependency on a DIFFERENT Berkeley DB version. While Postfix will
              report library mis-matches if it can, other libraries may not, and
              just thrash your memory.

              Wietse
            • Robert Lopez
              ... There existed a project goal to install a postfix with postscreen. The goal was set because one night a botnet had crashed two production mail gateways
              Message 6 of 9 , Jun 17 2:44 PM
                On Mon, Jun 17, 2013 at 2:11 PM, Wietse Venema <wietse@...> wrote:

                > I suggest that you install a compiled version of Postfix, and that
                > you use a simpler program to become familiar with the process of
                > building your own binaries.

                There existed a project goal to install a postfix with postscreen.
                The goal was set because one night a botnet had crashed two production
                mail gateways which were both coming up on retirement dates.
                The crashing had never been seen before (or since for that matter).

                There exists another goal of moving all college RHEL4 and RHEL 5
                physical servers to RHEL 6 on VM as they reach retirement.

                The currently available Redhat yum package (binary) for RHEL 6 is postfix 2.6.6.

                The ftp.wl0.org site has no package for RHEL 6.
                It does have a 2.9 package for RHEL 5.

                A development build of a VM using RHEL 5 and 2.9 from ftp.wl0.org was built.
                Another development build of a VM using RHEL 6 and 2.10.0 from source was built.
                A team of people examined both development servers and did not detect
                the problem.

                The postfix 2.10.0 compiled build on RHEL 6 was selected because it
                satisfied both goals.

                Another VM instance was built in a test environment using the exact
                same scripts (except for IP and hostname; read from include file).
                It was tested by another team for a few weeks and the current problem
                was not detected.

                A production server was built using all the same build scripts that
                built the previous servers.
                Only under real production load did the problem become apparent and
                only after over two weeks of production use.

                Wietse, Thank you. At this point I must take your advice to my team
                and management to discuss our options.

                --
                Robert Lopez
                Unix Systems Administrator
                Central New Mexico Community College (CNM)
                525 Buena Vista SE
                Albuquerque, New Mexico 87106
              • Robert Lopez
                After looking at past logs an seeing the errors only began after the email gateway had been running for a few weeks, I deleted the
                Message 7 of 9 , Jun 18 10:54 AM
                  After looking at past logs an seeing the errors only began after the
                  email gateway had been running for a few weeks, I deleted the
                  /var/lib/postfix/postscreen_cache.db.
                  Restarting postfix now has a happy postscreen+bdb again.


                  --
                  Robert Lopez
                  Unix Systems Administrator
                  Central New Mexico Community College (CNM)
                  525 Buena Vista SE
                  Albuquerque, New Mexico 87106
                Your message has been successfully submitted and would be delivered to recipients shortly.