Exim paniclog on host.mydomain.com has non-zero size

Hi there, since a few days HestiaCP started to send me (by e-mail) a few warnings like these:

exim paniclog /var/log/exim4/paniclog on host.mydomain.com has non-zero size, mail system might be broken. Up to 10 lines are quoted below.

2022-05-28 11:07:03 1nusPX-0027QW-2Y malware acl condition: clamd /var/run/clamav/clamd.ctl : unable to connect to UNIX socket (/var/run/clamav/clamd.ctl): Connection refused

I checked the /var/log/exim4/paniclog which contained exactly the warning thas was e-mailed to me by my Hestia installation:

[email protected]:/var/log/exim4# cat paniclog
2022-05-28 11:07:03 1nusPX-0027QW-2Y malware acl condition: clamd /var/run/clamav/clamd.ctl : unable to connect to UNIX socket (/var/run/clamav/clamd.ctl): Connection refused
2022-05-28 15:16:22 1nuwIo-002DyJ-FY malware acl condition: clamd /var/run/clamav/clamd.ctl : unable to connect to UNIX socket (/var/run/clamav/clamd.ctl): Connection refused
2022-05-29 00:58:39 1nv5OJ-002Qs1-JF malware acl condition: clamd /var/run/clamav/clamd.ctl : unable to connect to UNIX socket (/var/run/clamav/clamd.ctl): Connection refused

If I than look at my exim4 mainlog at the given date + time, I get the following error:

2022-05-28 11:07:03 1nusPX-0027QW-2Y <= [email protected] H=host.mydomain.com (clientdomain.nl) [XX.XX.XXX.XX*ip-from-my-vps*] P=esmtpsa X=TLS1.3:ECDHE_X25519__RSA_PSS_RSAE_SHA256__AES_256_GCM:256 CV=no SNI="mail.clientdomain.nl" A=dovecot_login:[email protected] S=702 [email protected]
2022-05-28 11:07:03 1nusPX-0027QW-2Y => [email protected] R=send_via_smtp_relay T=smtp_relay_smtp H=mail.smtp2go.com [176.58.103.10*ip-from-smtp2go*] X=TLS1.2:ECDHE_SECP256R1__RSA_SHA256__AES_256_GCM:256 CV=yes A=smtp_relay_login K C="250- 719 byte chunk, total 719\\n250 OK id=1nusPX-9EFL5M-FB"
2022-05-28 11:07:03 1nusPX-0027QW-2Y Completed

I did setup a SMTP2GO relay for this client which works fine. Might it be an issue on his side; f.e. that he still tries to send e-mail over HestiaCP instead of SMTP2GO?

Thank you very much in advance!

Check if ClamAV is running…

Mails send over relay are first going trough exim on local host

See:
R=send_via_smtp_relay T=smtp_relay_smtp H=mail.smtp2go.co

Thank you @eris, the first time I saw this warning appear (a few days ago) ClamAV was not running, so I enabled it again through Hestia GUI. I checked again sudo systemctl status clamav-daemon just now and it is running.

You should be fine

Thanks @jlguerrero, after I enabled clamav again it has been running but I still get these warnings…

I would suggest to truncate the exim log file.

1 Like

Thanks you @ScIT, I’ll try that as soon as I’m home. Perhaps one bit of information to add is that I made him change his SMTP settings from mail.clientdomain.nl to mail.smtp2go.com.
(Which I also did with my own Hestia hosted mail account without these warnings.)

@ScIT thanks a lot! I renamed the paniclog file and it did not get recreated by the system (which will happen in case needed correct?) in the last days. So I think it’s solved.

1 Like

just a sidenote: if you move or delete a logfile it’s usually recommended to reload/restart the related service, to make sure it creates all files needed.
some services fail silently in logging their messages if the logfiles disappear. that’s why logrotate also always reloads service after fiddling with their logs :wink:

2 Likes

Ha @falzo, thanks! I just restarted Exim, just in case :slight_smile:

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.