linux

Squirrelmail hangs forever (DNS cache problem)

Noticed that one squirrelmail sometime hangs.
It contained default directadmin installation configs.

Straced proccess, and found that it queries DNS servers for a quite long time (only snippet):

...
munmap(0xb7ef5000, 4096)                = 0
socket(PF_INET, SOCK_DGRAM, IPPROTO_IP) = 2108
connect(2108, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("127.0.0.1")}, 28) = 0
fcntl64(2108, F_GETFL)                  = 0x2 (flags O_RDWR)
fcntl64(2108, F_SETFL, O_RDWR|O_NONBLOCK) = 0
gettimeofday({1392720955, 282214}, NULL) = 0
poll([{fd=2108, events=POLLOUT}], 1, 0) = 1 ([{fd=2108, revents=POLLOUT}])
send(2108, "H\177\1\0\0\1\0\0\0\0\0\0\00248\003177\003231\003173\tspam"..., 54, MSG_NOSIGNAL) = 54
poll([{fd=2108, events=POLLIN}], 1, 5000) = 1 ([{fd=2108, revents=POLLIN}])
ioctl(2108, FIONREAD, [104])            = 0
recvfrom(2108, "H\177\201\203\0\1\0\0\0\1\0\0\00248\003177\003231\003173\tspam"..., 1024, 0, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("127.0.0.1")}, [16]) = 104
close(2108)                             = 0
time(NULL)                              = 1392720955
open("/etc/hosts", O_RDONLY)            = 2108
fcntl64(2108, F_GETFD)                  = 0
fcntl64(2108, F_SETFD, FD_CLOEXEC)      = 0
fstat64(2108, {st_mode=S_IFREG|0644, st_size=273, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7ef5000
read(2108, "# Do not remove the following li"..., 4096) = 273
read(2108, "", 4096)                    = 0
close(2108)                             = 0
munmap(0xb7ef5000, 4096)                = 0
socket(PF_INET, SOCK_DGRAM, IPPROTO_IP) = 2108
connect(2108, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("127.0.0.1")}, 28) = 0
fcntl64(2108, F_GETFL)                  = 0x2 (flags O_RDWR)
fcntl64(2108, F_SETFL, O_RDWR|O_NONBLOCK) = 0
gettimeofday({1392720955, 396610}, NULL) = 0
poll([{fd=2108, events=POLLOUT}], 1, 0) = 1 ([{fd=2108, revents=POLLOUT}])
send(2108, "\242Z\1\0\0\1\0\0\0\0\0\0\00248\003177\003231\003173\5dnsb"..., 48, MSG_NOSIGNAL) = 48
poll([{fd=2108, events=POLLIN}], 1, 5000) = 0 (Timeout)
socket(PF_INET, SOCK_DGRAM, IPPROTO_IP) = 2109
connect(2109, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("8.8.8.8")}, 28) = 0
fcntl64(2109, F_GETFL)                  = 0x2 (flags O_RDWR)
fcntl64(2109, F_SETFL, O_RDWR|O_NONBLOCK) = 0
gettimeofday({1392720960, 396031}, NULL) = 0
poll([{fd=2109, events=POLLOUT}], 1, 0) = 1 ([{fd=2109, revents=POLLOUT}])
send(2109, "\242Z\1\0\0\1\0\0\0\0\0\0\00248\003177\003231\003173\5dnsb"..., 48, MSG_NOSIGNAL) = 48
poll([{fd=2109, events=POLLIN}], 1, 3000) = 0 (Timeout)
socket(PF_INET, SOCK_DGRAM, IPPROTO_IP) = 2110
connect(2110, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("8.8.4.4")}, 28) = 0
fcntl64(2110, F_GETFL)                  = 0x2 (flags O_RDWR)
fcntl64(2110, F_SETFL, O_RDWR|O_NONBLOCK) = 0
gettimeofday({1392720963, 399893}, NULL) = 0
poll([{fd=2110, events=POLLOUT}], 1, 0) = 1 ([{fd=2110, revents=POLLOUT}])
send(2110, "\242Z\1\0\0\1\0\0\0\0\0\0\00248\003177\003231\003173\5dnsb"..., 48, MSG_NOSIGNAL) = 48
poll([{fd=2110, events=POLLIN}], 1, 6000) = 1 ([{fd=2110, revents=POLLIN}])
ioctl(2110, FIONREAD, [48])             = 0
recvfrom(2110, "\242Z\201\202\0\1\0\0\0\0\0\0\00248\003177\003231\003173\5dnsb"..., 1024, 0, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("8.8.4.4")}, [16]) = 48
close(2108)                             = 0
close(2109)                             = 0
close(2110)                             = 0
socket(PF_INET, SOCK_DGRAM, IPPROTO_IP) = 2108
connect(2108, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("127.0.0.1")}, 28) = 0
fcntl64(2108, F_GETFL)                  = 0x2 (flags O_RDWR)
fcntl64(2108, F_SETFL, O_RDWR|O_NONBLOCK) = 0
gettimeofday({1392720968, 243445}, NULL) = 0
poll([{fd=2108, events=POLLOUT}], 1, 0) = 1 ([{fd=2108, revents=POLLOUT}])
send(2108, "\242Z\1\0\0\1\0\0\0\0\0\0\00248\003177\003231\003173\5dnsb"..., 48, MSG_NOSIGNAL) = 48
poll([{fd=2108, events=POLLIN}], 1, 5000) = 0 (Timeout)
socket(PF_INET, SOCK_DGRAM, IPPROTO_IP) = 2109
connect(2109, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("8.8.8.8")}, 28) = 0
fcntl64(2109, F_GETFL)                  = 0x2 (flags O_RDWR)
fcntl64(2109, F_SETFL, O_RDWR|O_NONBLOCK) = 0
gettimeofday({1392720973, 266865}, NULL) = 0
poll([{fd=2109, events=POLLOUT}], 1, 0) = 1 ([{fd=2109, revents=POLLOUT}])
send(2109, "\242Z\1\0\0\1\0\0\0\0\0\0\00248\003177\003231\003173\5dnsb"..., 48, MSG_NOSIGNAL) = 48
poll([{fd=2109, events=POLLIN}], 1, 3000) = 0 (Timeout)
socket(PF_INET, SOCK_DGRAM, IPPROTO_IP) = 2110
connect(2110, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("8.8.4.4")}, 28) = 0
fcntl64(2110, F_GETFL)                  = 0x2 (flags O_RDWR)
fcntl64(2110, F_SETFL, O_RDWR|O_NONBLOCK) = 0
gettimeofday({1392720976, 278949}, NULL) = 0
poll([{fd=2110, events=POLLOUT}], 1, 0) = 1 ([{fd=2110, revents=POLLOUT}])
send(2110, "\242Z\1\0\0\1\0\0\0\0\0\0\00248\003177\003231\003173\5dnsb"..., 48, MSG_NOSIGNAL) = 48
poll([{fd=2110, events=POLLIN}], 1, 6000) = 1 ([{fd=2110, revents=POLLIN}])
ioctl(2110, FIONREAD, [48])             = 0
recvfrom(2110, "\242Z\201\202\0\1\0\0\0\0\0\0\00248\003177\003231\003173\5dnsb"..., 1024, 0, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("8.8.4.4")}, [16]) = 48

...



After “querying” for some time, it generated file:

/var/www/html/squirrelmail/data/dnscache


As quick investigation revealed, it’s squirrelmail spam filter enabled by directadmin:

$plugins[1] = 'filters';


It contains old and already non working blacklist links, for spam control.
Found README file of current squirrelmail version spam plugin here

Snippet from README:

This is a poor alternative to procmail or Elm's filter programs. This is a
pathetic replacement for good RBL mail scanning when you get the mail. This is
more for systems that can't/won't offer that kind of functionality and you 
still require it.

This is slow. Yep. Slow.


So my advice would be just to disable this plugin and use other filters on server.
With directadmin there is perfect spam filter: spamassassin, or You may add blacklist filters straight to Your mail transfer agent (most used postfix and exim have this feature).

If there is a question how to disable it, here is example (default directadmin squirrelmail config):

$plugins[0] = 'spamcop';
$plugins[1] = 'filters';
$plugins[2] = 'squirrelspell';

make to:

$plugins[0] = 'spamcop';
$plugins[1] = 'squirrelspell';



Problem solved


Related Posts

DirectAdmin x509: certificate has expired

License check failure See the Debug GuideReason: request failed: Post “https://licensing.directadmin.com/start”: x509: certificate has expired or is not yet valid: current time 2022-10-26T11:51:22+03:00 is after 2021-09-30T14:01:15Z The issue is likely due to server CA root certificates being too old. If you are using Centos 7 which is still supported –…

Installing Debian on GuruPlug Server Plus

Let’s hookup our GuruPlug JTAG board as described in GuruPlug serial connection post. Latest debian testing images for GuruPlug may be found here. Boot up the device: => usb start starting USB… USB0: USB EHCI 1.00 scanning bus 0 for devices… 4 USB Device(s) found scanning usb for storage devices……

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.