Squirrelmail hangs forever (DNS cache problem)

by

in

Noticed that one squirrelmail sometime hangs.
It contained default directadmin installation configs.

Straced proccess, and found that it queries DNS servers for a quite long time (only snippet):

...
munmap(0xb7ef5000, 4096)                = 0
socket(PF_INET, SOCK_DGRAM, IPPROTO_IP) = 2108
connect(2108, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("127.0.0.1")}, 28) = 0
fcntl64(2108, F_GETFL)                  = 0x2 (flags O_RDWR)
fcntl64(2108, F_SETFL, O_RDWR|O_NONBLOCK) = 0
gettimeofday({1392720955, 282214}, NULL) = 0
poll([{fd=2108, events=POLLOUT}], 1, 0) = 1 ([{fd=2108, revents=POLLOUT}])
send(2108, "H\177\1\0\0\1\0\0\0\0\0\0\00248\003177\003231\003173\tspam"..., 54, MSG_NOSIGNAL) = 54
poll([{fd=2108, events=POLLIN}], 1, 5000) = 1 ([{fd=2108, revents=POLLIN}])
ioctl(2108, FIONREAD, [104])            = 0
recvfrom(2108, "H\177\201\203\0\1\0\0\0\1\0\0\00248\003177\003231\003173\tspam"..., 1024, 0, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("127.0.0.1")}, [16]) = 104
close(2108)                             = 0
time(NULL)                              = 1392720955
open("/etc/hosts", O_RDONLY)            = 2108
fcntl64(2108, F_GETFD)                  = 0
fcntl64(2108, F_SETFD, FD_CLOEXEC)      = 0
fstat64(2108, {st_mode=S_IFREG|0644, st_size=273, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7ef5000
read(2108, "# Do not remove the following li"..., 4096) = 273
read(2108, "", 4096)                    = 0
close(2108)                             = 0
munmap(0xb7ef5000, 4096)                = 0
socket(PF_INET, SOCK_DGRAM, IPPROTO_IP) = 2108
connect(2108, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("127.0.0.1")}, 28) = 0
fcntl64(2108, F_GETFL)                  = 0x2 (flags O_RDWR)
fcntl64(2108, F_SETFL, O_RDWR|O_NONBLOCK) = 0
gettimeofday({1392720955, 396610}, NULL) = 0
poll([{fd=2108, events=POLLOUT}], 1, 0) = 1 ([{fd=2108, revents=POLLOUT}])
send(2108, "\242Z\1\0\0\1\0\0\0\0\0\0\00248\003177\003231\003173\5dnsb"..., 48, MSG_NOSIGNAL) = 48
poll([{fd=2108, events=POLLIN}], 1, 5000) = 0 (Timeout)
socket(PF_INET, SOCK_DGRAM, IPPROTO_IP) = 2109
connect(2109, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("8.8.8.8")}, 28) = 0
fcntl64(2109, F_GETFL)                  = 0x2 (flags O_RDWR)
fcntl64(2109, F_SETFL, O_RDWR|O_NONBLOCK) = 0
gettimeofday({1392720960, 396031}, NULL) = 0
poll([{fd=2109, events=POLLOUT}], 1, 0) = 1 ([{fd=2109, revents=POLLOUT}])
send(2109, "\242Z\1\0\0\1\0\0\0\0\0\0\00248\003177\003231\003173\5dnsb"..., 48, MSG_NOSIGNAL) = 48
poll([{fd=2109, events=POLLIN}], 1, 3000) = 0 (Timeout)
socket(PF_INET, SOCK_DGRAM, IPPROTO_IP) = 2110
connect(2110, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("8.8.4.4")}, 28) = 0
fcntl64(2110, F_GETFL)                  = 0x2 (flags O_RDWR)
fcntl64(2110, F_SETFL, O_RDWR|O_NONBLOCK) = 0
gettimeofday({1392720963, 399893}, NULL) = 0
poll([{fd=2110, events=POLLOUT}], 1, 0) = 1 ([{fd=2110, revents=POLLOUT}])
send(2110, "\242Z\1\0\0\1\0\0\0\0\0\0\00248\003177\003231\003173\5dnsb"..., 48, MSG_NOSIGNAL) = 48
poll([{fd=2110, events=POLLIN}], 1, 6000) = 1 ([{fd=2110, revents=POLLIN}])
ioctl(2110, FIONREAD, [48])             = 0
recvfrom(2110, "\242Z\201\202\0\1\0\0\0\0\0\0\00248\003177\003231\003173\5dnsb"..., 1024, 0, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("8.8.4.4")}, [16]) = 48
close(2108)                             = 0
close(2109)                             = 0
close(2110)                             = 0
socket(PF_INET, SOCK_DGRAM, IPPROTO_IP) = 2108
connect(2108, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("127.0.0.1")}, 28) = 0
fcntl64(2108, F_GETFL)                  = 0x2 (flags O_RDWR)
fcntl64(2108, F_SETFL, O_RDWR|O_NONBLOCK) = 0
gettimeofday({1392720968, 243445}, NULL) = 0
poll([{fd=2108, events=POLLOUT}], 1, 0) = 1 ([{fd=2108, revents=POLLOUT}])
send(2108, "\242Z\1\0\0\1\0\0\0\0\0\0\00248\003177\003231\003173\5dnsb"..., 48, MSG_NOSIGNAL) = 48
poll([{fd=2108, events=POLLIN}], 1, 5000) = 0 (Timeout)
socket(PF_INET, SOCK_DGRAM, IPPROTO_IP) = 2109
connect(2109, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("8.8.8.8")}, 28) = 0
fcntl64(2109, F_GETFL)                  = 0x2 (flags O_RDWR)
fcntl64(2109, F_SETFL, O_RDWR|O_NONBLOCK) = 0
gettimeofday({1392720973, 266865}, NULL) = 0
poll([{fd=2109, events=POLLOUT}], 1, 0) = 1 ([{fd=2109, revents=POLLOUT}])
send(2109, "\242Z\1\0\0\1\0\0\0\0\0\0\00248\003177\003231\003173\5dnsb"..., 48, MSG_NOSIGNAL) = 48
poll([{fd=2109, events=POLLIN}], 1, 3000) = 0 (Timeout)
socket(PF_INET, SOCK_DGRAM, IPPROTO_IP) = 2110
connect(2110, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("8.8.4.4")}, 28) = 0
fcntl64(2110, F_GETFL)                  = 0x2 (flags O_RDWR)
fcntl64(2110, F_SETFL, O_RDWR|O_NONBLOCK) = 0
gettimeofday({1392720976, 278949}, NULL) = 0
poll([{fd=2110, events=POLLOUT}], 1, 0) = 1 ([{fd=2110, revents=POLLOUT}])
send(2110, "\242Z\1\0\0\1\0\0\0\0\0\0\00248\003177\003231\003173\5dnsb"..., 48, MSG_NOSIGNAL) = 48
poll([{fd=2110, events=POLLIN}], 1, 6000) = 1 ([{fd=2110, revents=POLLIN}])
ioctl(2110, FIONREAD, [48])             = 0
recvfrom(2110, "\242Z\201\202\0\1\0\0\0\0\0\0\00248\003177\003231\003173\5dnsb"..., 1024, 0, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("8.8.4.4")}, [16]) = 48

...



After “querying” for some time, it generated file:

/var/www/html/squirrelmail/data/dnscache


As quick investigation revealed, it’s squirrelmail spam filter enabled by directadmin:

$plugins[1] = 'filters';


It contains old and already non working blacklist links, for spam control.
Found README file of current squirrelmail version spam plugin here

Snippet from README:

This is a poor alternative to procmail or Elm's filter programs. This is a
pathetic replacement for good RBL mail scanning when you get the mail. This is
more for systems that can't/won't offer that kind of functionality and you 
still require it.

This is slow. Yep. Slow.


So my advice would be just to disable this plugin and use other filters on server.
With directadmin there is perfect spam filter: spamassassin, or You may add blacklist filters straight to Your mail transfer agent (most used postfix and exim have this feature).

If there is a question how to disable it, here is example (default directadmin squirrelmail config):

$plugins[0] = 'spamcop';
$plugins[1] = 'filters';
$plugins[2] = 'squirrelspell';

make to:

$plugins[0] = 'spamcop';
$plugins[1] = 'squirrelspell';



Problem solved



Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.