Exim paniclog on host.mydomain.com has non-zero size

chris · June 1, 2022, 6:34am

Hi there, since a few days HestiaCP started to send me (by e-mail) a few warnings like these:

exim paniclog /var/log/exim4/paniclog on host.mydomain.com has non-zero size, mail system might be broken. Up to 10 lines are quoted below.

2022-05-28 11:07:03 1nusPX-0027QW-2Y malware acl condition: clamd /var/run/clamav/clamd.ctl : unable to connect to UNIX socket (/var/run/clamav/clamd.ctl): Connection refused

I checked the /var/log/exim4/paniclog which contained exactly the warning thas was e-mailed to me by my Hestia installation:

root@host:/var/log/exim4# cat paniclog
2022-05-28 11:07:03 1nusPX-0027QW-2Y malware acl condition: clamd /var/run/clamav/clamd.ctl : unable to connect to UNIX socket (/var/run/clamav/clamd.ctl): Connection refused
2022-05-28 15:16:22 1nuwIo-002DyJ-FY malware acl condition: clamd /var/run/clamav/clamd.ctl : unable to connect to UNIX socket (/var/run/clamav/clamd.ctl): Connection refused
2022-05-29 00:58:39 1nv5OJ-002Qs1-JF malware acl condition: clamd /var/run/clamav/clamd.ctl : unable to connect to UNIX socket (/var/run/clamav/clamd.ctl): Connection refused

If I than look at my exim4 mainlog at the given date + time, I get the following error:

2022-05-28 11:07:03 1nusPX-0027QW-2Y <= [email protected] H=host.mydomain.com (clientdomain.nl) [XX.XX.XXX.XX*ip-from-my-vps*] P=esmtpsa X=TLS1.3:ECDHE_X25519__RSA_PSS_RSAE_SHA256__AES_256_GCM:256 CV=no SNI="mail.clientdomain.nl" A=dovecot_login:[email protected] S=702 [email protected]
2022-05-28 11:07:03 1nusPX-0027QW-2Y => [email protected] R=send_via_smtp_relay T=smtp_relay_smtp H=mail.smtp2go.com [176.58.103.10*ip-from-smtp2go*] X=TLS1.2:ECDHE_SECP256R1__RSA_SHA256__AES_256_GCM:256 CV=yes A=smtp_relay_login K C="250- 719 byte chunk, total 719\\n250 OK id=1nusPX-9EFL5M-FB"
2022-05-28 11:07:03 1nusPX-0027QW-2Y Completed

I did setup a SMTP2GO relay for this client which works fine. Might it be an issue on his side; f.e. that he still tries to send e-mail over HestiaCP instead of SMTP2GO?

Thank you very much in advance!

eris · June 1, 2022, 6:47am

Check if ClamAV is running…

Mails send over relay are first going trough exim on local host

See:
R=send_via_smtp_relay T=smtp_relay_smtp H=mail.smtp2go.co

chris · June 1, 2022, 7:13am

Thank you @eris, the first time I saw this warning appear (a few days ago) ClamAV was not running, so I enabled it again through Hestia GUI. I checked again sudo systemctl status clamav-daemon just now and it is running.

jlguerrero · June 1, 2022, 7:27am

You should be fine

chris · June 1, 2022, 8:26am

Thanks @jlguerrero, after I enabled clamav again it has been running but I still get these warnings…

Raphael · June 1, 2022, 8:36am

I would suggest to truncate the exim log file.

chris · June 1, 2022, 9:49am

Thanks you @Raphael, I’ll try that as soon as I’m home. Perhaps one bit of information to add is that I made him change his SMTP settings from mail.clientdomain.nl to mail.smtp2go.com.
(Which I also did with my own Hestia hosted mail account without these warnings.)

chris · June 4, 2022, 9:31pm

@Raphael thanks a lot! I renamed the paniclog file and it did not get recreated by the system (which will happen in case needed correct?) in the last days. So I think it’s solved.

falzo · June 5, 2022, 7:06am

just a sidenote: if you move or delete a logfile it’s usually recommended to reload/restart the related service, to make sure it creates all files needed.
some services fail silently in logging their messages if the logfiles disappear. that’s why logrotate also always reloads service after fiddling with their logs

chris · June 5, 2022, 9:25am

Ha @falzo, thanks! I just restarted Exim, just in case

system · July 5, 2022, 9:26am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.