I've lost a whole day and was angry and irritated after moving (migrating) a Working Qmail installation in a binary form from a Debian Lenny 5.0 to a Debian 7.0 Wheezy Linux. The whole migration exercise was quite of a crazy move and I can tell you it didn't worth the effort as I lost much more time than even if I went on installing the server following Thibs Great Qmail Tutorial.
Yes I know many would say why do you still bother with an old and unsupported Qmail Mail server and not go with Postfix, the logic is correct however the whole issue is the previous installation has a number of domains already running VirtualMail hosting using VPopMail, so migrating all the old mailboxes from Qmail to Postfix are not worthy IMHO. Plus I honestly love qmail for being so stable even today (even without support). After all most of Qmail is secure enough already 🙂
And to be honest I don't so much care about security as in the old days as I know NSA, does already have access to any server on planet 🙂
Almost always when a Qmail migration happens I end up swearing and sweating and generally getting crazy, but anyways …
The overall migration of binaries went quite OK I just copied every binary and all the related libraries from the old Debian 5.0 to Debian 7.0 and installed the following long list of perl deb binaries using apt-get:
dh-make-perl
libalgorithm-c3-perl
libalgorithm-diff-perl
libalgorithm-diff-xs-perl
libalgorithm-merge-perl
libapparmor-perl
libapt-pkg-perl
libarray-unique-perl
libclass-accessor-chained-perl
libclass-accessor-perl
libclass-c3-perl
libclass-c3-xs-perl
libclass-factory-util-perl
libclass-inspector-perl
libclass-isa-perl
libclass-load-perl
libclass-singleton-perl
libconfig-file-perl
libconvert-binhex-perl
libcrypt-openssl-bignum-perl
libcrypt-openssl-random-perl
libcrypt-openssl-rsa-perl
libcrypt-passwdmd5-perl
libcrypt-ssleay-perl
libdata-optlist-perl
libdata-section-perl
libdate-manip-perl
libdatetime-format-builder-perl
libdatetime-format-iso8601-perl
libdatetime-format-strptime-perl
libdatetime-locale-perl
libdatetime-perl
libdatetime-timezone-perl
libdbd-mysql-perl
libdbi-perl
libdevel-symdump-perl
libdigest-hmac-perl
libdigest-sha-perl
libdpkg-perl
libemail-address-perl
libemail-date-format-perl
libencode-detect-perl
libencode-locale-perl
libenv-sanctify-perl
liberror-perl
libexporter-lite-perl
libfcgi-perl
libfile-chdir-perl
libfile-fcntllock-perl
libfile-find-rule-perl
libfile-listing-perl
libfile-which-perl
libfont-afm-perl
libhtml-form-perl
libhtml-format-perl
libhtml-parser-perl
libhtml-tagset-perl
libhtml-template-perl
libhtml-tree-perl
libhttp-cookies-perl
libhttp-daemon-perl
libhttp-date-perl
libhttp-message-perl
libhttp-negotiate-perl
libhttp-server-simple-perl
libio-multiplex-perl
libio-socket-inet6-perl
libio-socket-ip-perl
libio-socket-ssl-perl
libio-string-perl
libio-stringy-perl
libip-country-perl
liblist-moreutils-perl
liblocale-gettext-perl
liblwp-mediatypes-perl
liblwp-protocol-https-perl
libmail-dkim-perl
libmail-sendmail-perl
libmail-spf-perl
libmailtools-perl
libmath-round-perl
libmime-tools-perl
libmodule-depends-perl
libmodule-implementation-perl
libmodule-runtime-perl
libmro-compat-perl
libnet-cidr-lite-perl
libnet-cidr-perl
libnet-daemon-perl
libnet-dns-perl
libnet-http-perl
libnet-ident-perl
libnet-ip-perl
libnet-server-perl
libnet-snmp-perl
libnet-ssleay-perl
libnetaddr-ip-perl
libnumber-compare-perl
libossp-uuid-perl
libpackage-deprecationmanager-perl
libpackage-stash-perl
libpackage-stash-xs-perl
libparams-classify-perl
libparams-util-perl
libparams-validate-perl
libparse-debcontrol-perl
libparse-debianchangelog-perl
libparse-syslog-perl
libpcre-ocaml-dev
libpcre3:amd64
libpcre3-dev
libpcrecpp0:amd64
libperl-dev
libperl5.14
libpod-coverage-perl
libregexp-assemble-perl
librpc-xml-perl
librrds-perl
libsoap-lite-perl
libsocket-perl
libsocket6-perl
libsoftware-license-perl
libsub-exporter-perl
libsub-install-perl
libsub-name-perl
libswitch-perl
libsys-hostname-long-perl
libsys-syslog-perl
libtask-weaken-perl
libterm-readkey-perl
libtest-distribution-perl
libtest-pod-coverage-perl
libtest-pod-perl
libtext-charwidth-perl
libtext-glob-perl
libtext-iconv-perl
libtext-template-perl
libtext-wrapi18n-perl
libtie-ixhash-perl
libtimedate-perl
libtry-tiny-perl
liburi-perl
libwww-mechanize-perl
libwww-perl
libwww-robotrules-perl
libxml-namespacesupport-perl
libxml-parser-perl
libxml-sax-base-perl
libxml-sax-expat-perl
libxml-sax-perl
libxml-simple-perl
libyaml-perl
libyaml-syck-perl
perl
perl-base
perl-doc
perl-modules
spamassassin
spf-tools-perl
I've also installed with apt-get daemontools and daemontools-run ucspi and some others to get all the necessery binaries qmail needs the whole list of apt installed packages is here
I've also copied all the old binaries from /usr/local/lib from server1 to server2, some others from /usr/local/share and /usr/share as well as /usr/lib/courier /usr/lib/courier-authlib /usr/local/libexec /usr/local/sbin also had to link a couple of libraries such as /usr/lib/libcrypto* , link /usr/lib/libperl.so.5.10 to /usr/lib/libperl.so.5.14 and copy /usr/lib/libltdl.so.3 and few others which i don't exactly remember.
Well anyways once I've copied everything Qmail looked fined except I had a couple of permission issues and had to clean up and fix the queue with qfixq, I've also used qmail-scanner*/contrib/test_installation.sh script to test whether qmail-scanner was running fine, e.g.:
./test_installation.sh -doit
As well as
qmr_inst_check
script, thanks to which I've captured and resolved few of permission problems
Finally I've stuck upon this shitty errors (appearing) in /var/log/syslog and /var/log/messages
Jul 21 22:04:19 vps186637 qmail-scanner-queue.pl: X-Qmail-Scanner-2.08st:[] cannot create /var/spool/qscan/tmp – Permission denied
Jul 21 22:08:27 vps186637 qmail-scanner-queue.pl: X-Qmail-Scanner-2.08st:[] cannot create /var/spool/qscan/tmp – Permission denied
Jul 21 22:08:38 vps186637 qmail-scanner-queue.pl: X-Qmail-Scanner-2.08st:[] cannot create /var/spool/qscan/tmp – Permission denied
Jul 21 22:11:17 vps186637 qmail-scanner-queue.pl: X-Qmail-Scanner-2.08st:[] cannot create /var/spool/qscan/tmp – Permission denied
Jul 21 22:16:09 vps186637 qmail-scanner-queue.pl: X-Qmail-Scanner-2.08st:[] cannot create /var/spool/qscan/tmp – Permission denied
Jul 21 22:19:15 vps186637 qmail-scanner-queue.pl: X-Qmail-Scanner-2.08st:[] cannot create /var/spool/qscan/tmp – Permission denied
Jul 21 22:38:59 ns2 qmail-scanner-queue.pl: X-Qmail-Scanner-2.08st:[] cannot create /var/spool/qscan/tmp – Permission denied
Jul 21 22:42:33 ns2 qmail-scanner-queue.pl: X-Qmail-Scanner-2.08st:[] cannot create /var/spool/qscan/tmp – Permission denied
Jul 21 22:43:49 ns2 qmail-scanner-queue.pl: X-Qmail-Scanner-2.08st:[] cannot create /var/spool/qscan/tmp – Permission denied
Jul 21 22:46:05 ns2 qmail-scanner-queue.pl: X-Qmail-Scanner-2.08st:[] cannot create /var/spool/qscan/tmp – Permission denied
Jul 21 22:50:40 ns2 qmail-scanner-queue.pl: X-Qmail-Scanner-2.08st:[] cannot create /var/spool/qscan/tmp – Permission denied
Jul 21 22:53:08 ns2 qmail-scanner-queue.pl: X-Qmail-Scanner-2.08st:[] cannot create /var/spool/qscan/tmp – Permission denied
There is plenty of things written about this:
qmail-scanner-queue.pl: X-Qmail-Scanner-2.08st:[] cannot create /var/spool/qscan/tmp – Permission denied
But all written is too obscure and too old already somewhere between 2004 and 2010, I've been digging through Gentoo Forums, Fedora Debian and other Linux installs and everyone used to be pointing a permission issue with /var/spool/qscan/ said theoretically to be causing the error, however all looked perfectly fine with my /var/spool/qscan , e.g.:
roo@ns2:/usr/local/src# ls -ld /var/spool/qscan/
drwxr-s— 6 qscand qscand 4096 Jul 21 23:07 /var/spool/qscan/
ls -al /var/spool/qscan/
total 244904
drwxr-s— 6 qscand qscand 4096 Jul 21 23:07 .
drwxr-xr-x 4 root root 4096 Jul 20 21:17 ..
drwxrwx— 5 qscand qscand 4096 Oct 12 2011 archives
-rwxr-x— 1 qscand qscand 1434 Oct 12 2011 log-report.sh
-rw——- 1 qscand qscand 249731919 Jul 21 23:11 qmail-queue.log
-rw——- 1 qscand qscand 398225 Oct 28 2011 qmail-queue.log.1
-rw-rw—- 1 root qscand 74 Jul 21 23:07 qmail-scanner-queue-version.txt
lrwxrwxrwx 1 root qscand 16 Jul 21 23:07 qscan -> /var/spool/qscan
drwxrwx— 5 qscand qscand 4096 Oct 12 2011 quarantine
-rw-r—– 1 root qscand 12288 Jul 21 23:07 quarantine-events.db
-rw-r—– 1 qscand qscand 10443 Oct 12 2011 quarantine-events.txt
-rw-rw—- 1 qscand qscand 580033 Jul 21 23:07 quarantine.log
-rw-r—– 1 qscand qscand 2739 Oct 12 2011 settings_per_domain.txt
drwxr-x— 3 qscand qscand 4096 Jul 21 23:11 tmp
drwxrwx— 5 qscand qscand 4096 Oct 12 2011 working
Some suggested that /var/spool/qscan should be owned by qscand:clamav instead so I tried this but it didn't help,
others recommended adding clamav groupid into qscand's but this didn't help either:
root@ns2:/usr/local/src# grep -i clamav /etc/group
qscand:x:163:clamav,vpopmail
clamav:x:105:
Besides that I was getting also this shitty error:
Jul 21 20:05:42 vps186637 qmail-scanner-queue.pl: X-Qmail-Scanner-2.08st:[ns2143750194279012466] clamdscan: corrupt or unknown clamd scanner error or memory/resource/perms problem – exit status -1/72057594037927935
Jul 21 20:06:51 vps186637 qmail-scanner-queue.pl: X-Qmail-Scanner-2.08st:[ns2143750201179013125] clamdscan: corrupt or unknown clamd scanner error or memory/resource/perms problem – exit status -1/72057594037927935
Jul 21 20:15:42 vps186637 qmail-scanner-queue.pl: X-Qmail-Scanner-2.08st:[ns214375025407906015] clamdscan: corrupt or unknown clamd scanner error or memory/resource/perms problem – exit status -1/72057594037927935
Jul 21 20:16:06 vps186637 qmail-scanner-queue.pl: X-Qmail-Scanner-2.08st:[ns2143750256579011980] clamdscan: corrupt or unknown clamd scanner error or memory/resource/perms problem – exit status -1/72057594037927935
Jul 21 20:18:54 vps186637 qmail-scanner-queue.pl: X-Qmail-Scanner-2.08st:[ns2143750273479014847] clamdscan: corrupt or unknown clamd scanner error or memory/resource/perms problem – exit status -1/72057594037927935
Jul 21 20:21:03 vps186637 qmail-scanner-queue.pl: X-Qmail-Scanner-2.08st:[ns2143750286379028491] clamdscan: corrupt or unknown clamd scanner error or memory/resource/perms problem – exit status -1/72057594037927935
Jul 21 22:07:47 vps186637 qmail-scanner-queue.pl: X-Qmail-Scanner-2.08st:[ns2143750926779010097] clamdscan: corrupt or unknown clamd scanner error or memory/resource/perms problem – exit status 512/2
…
All the time in logs, so I thought something might be wrong with clamdscan and followed and tried some suggestions from qms1.net as described here, however none of the fixes described there worked for me …
I also tried to reinstall clamav from source using a bit of modified version of this tutorial
This didn't help either … I saw some suggestions online that the permission issues are caused by some wrong clamd.conf and freshclamd.conf configuration options – failing clamdscan, but this didn't work either. I also tried to remove clamdscan and substitute it with clamscan as a suggested workaround but this didn't work either …
I spend about 6 hours trying to catch what is causing this issues so finally I went on and re-installed bigger part of Qmail using Thibs tutorial over the old installation.
I've also tried in mean time multiple time to rebuild qmail scanner database with:
setuidgid qscand /var/qmail/bin/qmail-scanner-queue.pl -g
Played around with permissions in /etc/clamav e.g.
chown -R qscand:clamav /var/log/clamav /var/lib/clamav /var/run/clamav
chown qscand:qscand /etc/clamav/freshclam.conf
Created:
/etc/cron.daily/qmail-scanner with following content
cat /etc/cron.daily/qmail-scanner
setuidgid qscand /var/qmail/bin/qmail-scanner-queue.pl -z
However in /var/log/qmail/qmail-smtpd/current and /var/log/qmail-send/current I continously got:
Qmail 451 qq temporary problem (#4.3.0) error
Interestingly during looking for a solution to the 451 qq temporary problem and:
status: qmail-todo stop processing asap / status: exiting – I've stumbled to my own blog post here 🙂
Finally, I tried to reinstall qmail-scanner and in mean time update it to Version: 2.11 – st – patch – 20130319
Just to realized something was wrong with suidperl, e.g. in Debian 7.0.* Wheezy perl-suid binary is no longer in repositories so only way to have suidperl there is either to re-compile perl from source manually which is too much work and I think in most cases not worthy the effort or to use a small suid-wrapper:
#include <unistd.h>
#include <errno.h>
main( int argc, char ** argv, char ** envp )
{
if( setgid(getegid()) ) perror( "setgid" );
if( setuid(geteuid()) ) perror( "setuid" );
envp = 0; /* blocks IFS attack on non-bash shells */
system( "/usr/bin/perl", argv, envp );
perror( argv[0] );
return errno;
}
Create it into a file lets say suid-wrapperc and compile the file with GNU C Compiler:
$ gcc -o suid-wrapper suid-wrapper.c
Then move the suid-wrapper produced binary into /usr/bin/suidperl e.g.
$ mv suid-wrapper /usr/bin/suidperl
Last you will need to edit /var/qmail/bin/qmail-scanner-queue.pl
# vim /var/qmail/bin/qmail-scaner-queue.pl
And substitute
#!/usr/bin/perl -T
with:
#!/usr/bin/suidperl
Note!!! that qmail-scanner-queue.pl permissions should be suid and owned by qscand:qscand as follows:
ls -al /var/qmail/bin/qmail-scanner-queue.pl
-rwsr-sr-x 1 qscand qscand 159727 Jul 21 23:11 /var/qmail/bin/qmail-scanner-queue.pl
Finally to resolve the error I had to restart qmail via qmailctl start / stop script:
root@ns2:/var/qmail/bin# qmailctl restart
Restarting qmail:
* Stopping qmail-smtpdssl.
* Stopping qmail-smtpd.
* Sending qmail-send SIGTERM and restarting.
* Restarting qmail-smtpd.
* Restarting qmail-smtpdssl.
Finally to test emails are sent and receiver properly I used good old mail command part of bsd-mailx deb package
# mail -s "testing 12345678" testemail1234@gmail.com
asdfadf
.
Cc:
I've also tested with plain telnet to verify no errors because often the mail command doesn't return (show) errors on email sent and errors are written only in /var/log/mail.log or /var/log/qmail/* logs
# telnet localhost 25
Trying 127.0.0.1…
Connected to localhost.
Escape character is '^]'.
220 servername.localdomain.tld ESMTP
mail from: <testmail@test.com>
250 ok
rcpt to: <nospam@test.com>
250 ok
data
354 go ahead
From: Test_sender <testmail@test.com>
To: Test_receiver <nospam@test.com>
Subject: Just a stupid SMTP test
Just a test !
.
250 ok 1279384489 qp 3711
quit
221 servername.localdomain.tld
Connection closed by foreign host.
One other thing which probably helped I did was:
# qmailctl doqueue
Thanks God this time, it worked out without any QQ errors 🙂 !
![this thirt party PAE Externsion Kernel Patch](http://<p> <img alt="Upgrade-Windows-7-Vista-XP-to-Windows-10-upgrade-howto-observations-post-fixes" src="https://www.pc-freak.net/images/Upgrade-Windows-7-Vista-XP-to-Windows-10-upgrade-howto-observations-post-fixes.png" style="width: 500px; height: 361px;" /> </p> <p> However as I've been upgrading my sister's computer previously running Windows 7 to Windows 10 (the process of upgrading is really simple you just <a href="https://www.microsoft.com/software-download/windows10">download </a><strong><a href="https://www.microsoft.com/software-download/windows10">Windows-Media-Creation-tool from Microsoft website </a>and the rest comes to few clicks (Accept Windows 10 User Agreement, Create current install restore point (backup) etc.) and waiting some 30 minutes or so for the upgrade to complete.<br /> <br /> <img alt="windows-7-to-10-windows-setup-upgrade-this-pc-prompt" src="https://www.pc-freak.net/images/windows-7-to-10-windows-setup-upgrade-this-pc-prompt.png" style="width: 500px; height: 393px;" /></strong><br /> <br /> <strong>Then it was up to downloading some other updates on a few times and restarting the computer, each time the upgrades were made and all the computer was ready. I've installed Avira (AntiVirus) as I usually do on new PCs and downloaded a bunch of anti-malware (<em>MalwareBytes / Rfkill / Zemanta</em>) to make sure that the old upgraded WIndows was not already infected before the upgrade and I've found a bunch of malware, that got quickly cleared up.</strong><br /> <br /> Anyways I've tried also another tool called <a href="http://www.reimageplus.com"><strong>ReimagePlus - Online Computer Repair</strong> </a>in <strong>order to check whether there are no some broken WIndows system files after the upgrade </strong><br /> <br /> <img alt="Reimage_Repair-Windows-fix-windows-failing-services-and-broken-windows-installations-clear-up-malware" src="https://www.pc-freak.net/images/Reimage_Repair-Windows-fix-windows-failing-services-and-broken-windows-installations-clear-up-malware.png" style="width: 600px; height: 406px;" /><br /> (here I have to say I've done that besides <em>running in an Administrator command prompt</em> (<strong>cmd.exe</strong>) and running<br /> </p> <blockquote> <strong>sfc /scannow </strong> </blockquote> <p> <br /> <strong>command to check base system files integrity, which luckily showed no problems with the Win base system files.</strong><br /> <br /> <strong>ReimagePlus </strong>however showed some failed services and some failed programs that were previously installed from Windows 7 before the upgrade and even it showed indication for Trojan present on computer but since ReImagePlus is a payed software and I didn't have the money to spend on it, I just proceeded to clean up what was found manually.<br /> <br /> After that the computer ran fine, with the only strange thing that some data was from hard drive was red a bit too frequently, after a short call with a close friend (<strong>Nomen</strong>) - thx man, he suggested that the frequenty hdd usage might be related to <em><strong>Windows Search Indexing service database rebuilt</strong></em> and he adviced me to disable it which I did following <a href="https://www.howtogeek.com/howto/windows-vista/speed-up-or-disable-windows-search-indexing-in-vista/">this article How to speed up Windows by disabling Search Index Service.</a><br /> <br /> <br /> One issue worthy to mention <strong>stumbled upon after the upgrade was problems with Windows Explorer which was frequently crashing and "restarting the Desktop"</strong>, but once, I've enabled all <strong>upgrades from Microsoft and Applied them after some update failures and restarts</strong>, once all was up2date to all latest from Microsoft, Explorer started working normally. </p> <p> In the mean time while Windows Explorer was crashing in order to browse my file system I used the <a href="https://www.winnc.com/download/">good old Win Total Command or Norton Commander for Windows - WinNC (with its most cool bizzarre own File Explorer tool)</a>.<br /> <br /> <img alt="Windows-Total-commander-tool-running-on-MS-Windows-10" src="https://www.pc-freak.net/images/Windows-Total-commander-tool-running-on-MS-Windows-10.png" style="width: 500px; height: 374px;" /><br /> <br /> As I wanted to run a MalwareBytes scan and Antivirus under Windows Safe-Mode, I tried entering it by restarting the Computer and <strong>pressing F8 a number of times before the Windows boot screen but this didn't work </strong>as Safe-Mode boot was changed in Windows 10 to be callable in another way because of <strong>some extra Windows Boot speed up optimizations</strong>, in short<span style="font-size:16px;"><strong> the easiest way I found to enter Windows 10 Safe Mode was to Hit Start Button -> Choose Restart PC and keep pressed SHIFT button simultaneously</strong></span><br /> that calls a menu that gives you some restore options, along with safe mode options for those who want to read more on <a href="http://www.digitalcitizen.life/4-ways-boot-safe-mode-windows-10">How to Enter Safe mode (Command Prompt) on Windows 10 - please read this article.</a><br /> <br /> <br /> <br /> <img alt="Windows-10-enable-Safe-Mode-options-screen" src="https://www.pc-freak.net/images/Windows-10-enable-Safe-Mode-options-screen.jpg" style="width: 500px; height: 300px;" /> </p> <p> Once the upgrade was over and all below done unfortunately I've realized her previously installed <em>WIndows 7 is x86 (32 bit) version</em> and the <strong>Acer notebook 5736Z where it is being installed is actually X64 (64 bit), hence I've decided to upgrade my dear sis computer to a 64 Bit Windows 10 and researched online whether, there is some tool that is capable to upgrade WIndows 10 from 32 bit to Windows 10 64 bit just to find out the only option is to either use some program to creaty a backup of files on the PC or to manually copy files to external hard drive and reinstall with a Windows 10 64 bit bootable USB Flash or CD / DVD image, so I took my USB flash and used again Windows Media Creation Tool to burn Windows and re-install with the 64 bit iso.<br /> <br /> If you're wonder about why I choose to re-install finally<em> Win 10 32 bit with Win 64 bit</em>, because you might think performance difference might be not really so dramatic, then I have to say the Acer notebook is equipped with 4 Gigabytes of RAM Memory and Windows 10 32bit (Pro) could recognize a maximum of 3 Gigabytes (2.9 GB if I have to be precise) and 1 Gigabyte of memory stayes totally unusued with <em>Winblows 10 32 bit</em>.<br /> <br /> <em>Well that's all folks, the rest I did was to just boot from the USB drive just burned and re-install WIndows and copy my files from User profile / Downloads / Pictures / Music etc. to the same locations on the new installed Windows 10 professional 64 bit and enjoy the better performance.</em></strong> </p>){kind=link}