Testing MailScanner

[Antony Stone]

On Monday 25 August 2003 11:41 pm, Vernon Webb wrote:

> > I'm not a RedHat user, but this looks encouraging to me (you're *sure*
> > those sendmail instances aren't bypassing MailScanner and delivering
> > direct...?).
>
> How would I know this?

By checking how many sendmail instances are getting started, with what 
command-line options, and ensuring that there are:

 - exactly one sendmail process accepting incoming SMTP connections and 
queueing to the directory where MailScanner looks for email to scan (ie this 
sendmail does not try to deliver email), and

 - exactly one sendmail process (called a "queue runner" in current 
sendmail-speak) which checks the outbound MailScanner queue and delivers 
email, locally or remotely.

> > What do the headers say on an email which should be blocked? 
>
> That's the problem they are not saying anything about MailScanner.
> Shouldn't they at least say scanned?

Yes.   I think you have a direct-delivery sendmail process bypassing 
MailScanner.

> > What does your syslog show as the mail is being processed?
>
> I think that we mave have found something here:
>
> Aug 25 18:31:12 home sendmail[4474]: NOQUEUE: SYSERR(root):
> opendaemonsocket: daemon MTA: cannot bind: Address already in use
> Aug 25 18:31:12 home sendmail[4474]: daemon MTA: problem creating SMTP
> socket

Looks like there is an existing sendmail process listening on port 25, and in 
all probability directly delivering everything it receives.

Check your startup scripts for all occurrences of sendmail.

Sorry I can't be more specific but I'm not a RedHat person.

Regards,

Antony.

-- 

Anyone that's normal doesn't really achieve much.

 - Mark Blair, Australian rocket engineer