AV plugins and loggin
Jon Guymon
guymon at RAEINTERNET.COM
Wed Jun 11 23:00:12 IST 2003
Forgive the long message.
The sig is added by a different server, I'm not using the MailScanner
server in production yet.
What follows is a transcript of stopping MailScanner, starting it,
examining the maillog while sending an eicar message, and the header of
the message when it reaches its destination.
enjoy :]
[root at wayne init.d]# /etc/init.d/MailScanner stop
Shutting down MailScanner daemons:
MailScanner: [ OK ]
incoming sendmail: [ OK ]
outgoing sendmail: [ OK ]
[root at wayne init.d]# /etc/init.d/sendmail stop
Shutting down sendmail: [FAILED]
[root at wayne init.d]# ps afx | grep sendmail
[root at wayne init.d]# /etc/init.d/MailScanner start
Starting MailScanner daemons:
incoming sendmail: [ OK ]
outgoing sendmail: [ OK ]
MailScanner: [ OK ]
[root at wayne init.d]# ps afx | grep sendmail
16817 ? S 0:00 sendmail: accepting connections
16826 ? S 0:00 /usr/sbin/sendmail -q15m -OPidFile
/var/run/sendmail.
[root at wayne init.d]# tail -f /var/log/maillog
Jun 11 16:52:05 localhost MailScanner[16603]: MailScanner child caught a
SIGHUP
Jun 11 16:52:05 localhost MailScanner[16602]: MailScanner child caught a
SIGHUP
Jun 11 16:52:25 localhost sendmail[16808]: alias database /etc/aliases
rebuilt by gnarg
Jun 11 16:52:25 localhost sendmail[16808]: /etc/aliases: 42 aliases,
longest 57
bytes, 489 bytes total
Jun 11 16:52:26 localhost sendmail[16817]: starting daemon (8.11.6): SMTP
Jun 11 16:52:26 localhost sendmail[16826]: starting daemon (8.11.6):
queueing at 00:15:00
Jun 11 16:52:27 localhost MailScanner[16845]: MailScanner E-Mail Virus
Scanner version 4.21-9 starting...
Jun 11 16:52:27 localhost MailScanner[16845]: Using locktype = flock
Jun 11 16:52:37 localhost MailScanner[16851]: MailScanner E-Mail Virus
Scanner version 4.21-9 starting...
Jun 11 16:52:37 localhost MailScanner[16851]: Using locktype = flock
Jun 11 16:52:47 localhost MailScanner[16853]: MailScanner E-Mail Virus
Scanner version 4.21-9 starting...
Jun 11 16:52:47 localhost MailScanner[16853]: Using locktype = flock
Jun 11 16:52:57 localhost MailScanner[16854]: MailScanner E-Mail Virus
Scanner version 4.21-9 starting...
Jun 11 16:52:57 localhost MailScanner[16854]: Using locktype = flock
Jun 11 16:53:07 localhost MailScanner[16855]: MailScanner E-Mail Virus
Scanner version 4.21-9 starting...
Jun 11 16:53:07 localhost MailScanner[16855]: Using locktype = flock
Jun 11 16:55:03 localhost sendmail[16867]: h5BKt2x16867: from=root,
size=96, class=0, nrcpts=1,
msgid=<200306112055.h5BKt2x16867 at wayne.raeinternet.com>,
relay=root at localhost
Jun 11 16:55:03 localhost sendmail[16870]: h5BKt2x16867:
to=XXXX at slackworks.com, ctladdr=root (0/0), delay=00:00:01,
xdelay=00:00:00, mailer=esmtp, pri=30096, relay=chopper.slackworks.com.
[64.244.30.42], dsn=2.0.0, stat=Sent (h5BLswi7027397 Message accepted
for delivery)
---------
From - Wed Jun 11 17:54:30 2003
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
Return-Path: <root at wayne.raeinternet.com>
Received: from wayne.raeinternet.com (raeinternet.com [216.150.133.100])
by chopper.slackworks.com (8.12.8/8.12.8) with ESMTP id
h5BLswi7027397
for <XXXX at slackworks.com; Wed, 11 Jun 2003 17:54:58 -0400
Received: (from root at localhost)
by wayne.raeinternet.com (8.11.6/8.11.6) id h5BKt2x16867
for XXXX at slackworks.com; Wed, 11 Jun 2003 16:55:02 -0400
Date: Wed, 11 Jun 2003 16:55:02 -0400
From: root <root at wayne.raeinternet.com>
Message-Id: <200306112055.h5BKt2x16867 at wayne.raeinternet.com>
To: XXXX at slackworks.com
X-DCC-servers-Metrics: chopper.slackworks.com 1049; Body=9 Fuz1=9
X-Spam-Status: No, hits=0.0 required=10.0
tests=none
version=2.52
X-Spam-Level:
X-Spam-Checker-Version: SpamAssassin 2.52 (1.174.2.8-2003-03-24-exp)
Kevin Spicer wrote
>If that doesn't help could you post enough of your mail log to show the
>sequence of events when a mail is recieved and dispatched.
>
>
>
Scanned by RAV AntiVirus for MailServers. AntiVirus, AntiSpam, Content Filtering. http://raeinternet.com
More information about the MailScanner
mailing list