mailman disabled but keep getting "Excessive resource usage: mailman" email
Hello,
Could someone help me as to why I am keep getting "Excessive resource usage: mailman" message in the email after disabling mailman in Tweak Settings? Notification email always comes around 3:30am. I also shown as disabled in Service Manager and the service is not being monitored. Am I missing something I should be checking?
-
Hey there! If you run the following command on your server do you see any mailman processes running? ps aux | grep mailman
If not, I would check the headers of the message to be sure it is being sent from an active server, or the same server you're expecting. For example, if a server was migrated recently, the hostname could be the same but the message could be sending from a different machine, leading to confusion.0 -
Thanks for the quick reply. When I run that code, it says: [root@host03 ~]# ps aux |grep mailman root 107887 0.0 0.0 12148 1108 pts/0 S+ 14:51 0:00 grep --color=auto mailman
We did migrate the server recently, however, this is definitely coming from the new server. Each server has different host name and I verified it in the email notification that it was in fact coming from the new server. I also requested to destroy the old server about a week ago, and I confirmed that it was no longer accessible.0 -
Just to be 100% certain, did you check the IP address from the mail header and not just the hostname? I know it sounds crazy, but it's not really any crazier than getting mailman notifications after you just confirmed there are no processes running with that last command. It's also possible there is *something* attempting to run mailman at that time. Maybe using a tool like sys-snap ( 0 -
I did not check the IP, but it is difinately coming from the new server. Old server was host2.XXXXXXXXXXX.com and the new server is host03.XXXXXXXXXXX.com, and it was coming from root@host03.XXXXXXXXXXX.com. I also never had this issue from the old server (and we never used the mailing list). Every time when I see the email notification it says (each email notification with different date & time and PID): [QUOTE] Time: Mon Jan 30 03:27:09 2023 -0600 Account: mailman Resource: Virtual Memory Size Exceeded: 277 > 256 (MB) Executable: /usr/lib/systemd/systemd Command Line: (sd-pam) PID: 4110292 (Parent PID:4110290) Killed: No
But the process is never seen if I see Process Manager (maybe it's killed by the time I check it?). I will try to install sys-snap as recommended and see how that goes...0 -
It's also worth noting that these notifications come from CSF/LFD, and not cPanel, so maybe there is an issue there. 0 -
What are the types of possible issues it may have? Are they issues that are unrelated to mailman, but triggering this message? Sorry I'm a beginner... 0 -
Okay, thanks. I will try running sys-snap tonight first and see what the log says overnight. 0 -
Let us know what you see! 0 -
So, I run the logging, then I pulled the information around the time I was getting the excessive resource usage email (3:27AM), and this was what I was getting: [QUOTE] [root@host03 /]# /root/sys-snap.pl --print 3:15 3:45 user: root cpu-score: 91.90 memory-score: 369.70 user: mailman cpu-score: 4.00 memory-score: 0.00 user: cpanelsolr cpu-score: 2.70 memory-score: 145.80 user: XXXXXX cpu-score: 2.60 memory-score: 0.00 user: systuser cpu-score: 0.00 memory-score: 5.40 user: dbus cpu-score: 0.00 memory-score: 0.00 user: dovenull cpu-score: 0.00 memory-score: 0.00 user: polkitd cpu-score: 0.00 memory-score: 2.70 user: chrony cpu-score: 0.00 memory-score: 0.00 user: mysql cpu-score: 0.00 memory-score: 16.20 user: named cpu-score: 0.00 memory-score: 32.40 user: cpanelconnecttrack cpu-score: 0.00 memory-score: 0.00 user: memcached cpu-score: 0.00 memory-score: 0.00 user: ossecr cpu-score: 0.00 memory-score: 0.00 user: nscd cpu-score: 0.00 memory-score: 0.00 user: sshd cpu-score: 0.00 memory-score: 0.00 user: telegraf cpu-score: 0.00 memory-score: 16.20 user: _imunify cpu-score: 0.00 memory-score: 0.00 user: dovecot cpu-score: 0.00 memory-score: 0.00 user: ossec cpu-score: 0.00 memory-score: 0.00 user: mailnull cpu-score: 0.00 memory-score: 0.00 user: nobody cpu-score: 0.00 memory-score: 156.60 user: cpanelphpmyadmin cpu-score: 0.00 memory-score: 0.00
So, apparently, mailman is there although it says the memory score is 0.00...should I just get a support from ConfigServer? Or should I be pulling different kind of information?0 -
Ah, that actually helps a lot. While we do remove entries from Apache when mailman is disabled in Tweak Settings (you can find more details on this here: ) we don't delete the user on the system. I suppose it's technically possible, however unlikely, that user is being used for malicious activity. Could you run this command so I can see the UID for the user? It should be a low number, in the 200s grep mailman /etc/passwd0 -
For some reasons, this is not allowing me to post a reply with the information I obtained...it tells me to try again later there may be some more details in browser console... 0 -
Okay, so I guess the forum does not like the "passwd" in the texts. After running the command I received below response: [QUOTE] mailman:x:994:991:GNU Mailing List Manager:/usr/local/cpanel/3rdparty/mailman:/usr/local/cpanel/bin/noshell 0 -
That was just Cloudflare being overprotective. We're fixing that when we do the next Forums update. I think it would be best to create a ticket so we can confirm there are no security issues on the machine. 0 -
That was just Cloudflare being overprotective. We're fixing that when we do the next Forums update. I think it would be best to create a ticket so we can confirm there are no security issues on the machine.
Okay, thanks. Will do.0 -
Once you do that, please post the ticket number here so I can follow along! 0 -
Once you do that, please post the ticket number here so I can follow along!
It seems like cPanel wants me to open support ticket at cPanel license provider first before opening ticket at cPanel support, so I have just opened the ticket with them. I can post the outcome after I get a feedback here though.0 -
That sounds good! It's usually best to go with the license provider first, although anyone with root access to their server is welcome to contact us. 0 -
Yes, that issue was solved in version 70. If that didn't happen, it's possible there were other issues that could have been investigated. 0 -
The support says that there were entries in Apache (/var/cpanel/templates/apache2_4/ea4_main.default) that should have been removed. He was referring to these lines: [QUOTE] [% IF !skipmailman -%] Alias /mailman/archives /usr/local/cpanel/3rdparty/mailman/archives/public/ Alias /pipermail /usr/local/cpanel/3rdparty/mailman/archives/public/ [% END -%]
[QUOTE] [% IF !skipmailman -%] ScriptAlias /mailman /usr/local/cpanel/3rdparty/mailman/cgi-bin/ [% END -%]
So regardless of the status in Tweak Settings and Service Manager, did this file need to be edited manually?0 -
No, that isn't the proper way to resolve the issue. cPanel will replace the template with as part of the nightly update. It might be time to just make a ticket with us. 0 -
Okay. I will open a ticket. I will provide the ticket number once submitted. Thank you. 0 -
Update: cPanel ticket# is 94527290. 0 -
Thanks for that - I'm following along on my end now. 0 -
It finally appeared to stop yesterday after I made below changes to ConfigServer (Firewall Configuration): [QUOTE] PT_USERMEM = 1024 (Default 256) PT_USERTIME = 0 (Default 1800)
Granted, this may happen again, but I did not receive single notification of "Excessive memory usage" notification overnight since yesterday. It was not mailman, but I later found out it was caused by Imunify360. I had tracked down to WebShield in Imunify360 that was causing a lot of memory usage, and actually it was causing hourly notification over the weekend (pointing to /usr/sbin/imunify360-webshield), but once I made above change to ConfigServer, it stopped finally. Thank you for your support.0
Please sign in to leave a comment.
Comments
26 comments