Port 25

mikea mikea at MIKEA.ATH.CX
Wed Jun 25 14:41:19 IST 2003

On Wed, Jun 25, 2003 at 08:30:06AM -0500, Steve Douglas wrote:
> I am running RedHat version 9 with f-prot, dcc, and razor.  I am using
> MailScanner version 4.21-9.
> When I started I use the command check_MailScanner and receive the following
> results in my mail log:
> - MailScanner child caught a SIGH
> - MailScanner child caught a SIGH
> - MailScanner E-Mail Virus Scanner version 4.21-9 starting...
> - Enabling SpamAssassin auto-whitelist functionality...
> - Using locktype = flock
> I get the above for each instance of child process that is running (five
> MailScanner instances when I do a "ps -A"
> My firewall is completely off for the moment to remove any potential
> barriers and scanning does not show port 25.  In addition, when I send a
> test email nothing is forwarded.

Try doing `telnet <name-of-machine> 25`. If something answers and
puts up a banner, then there's a listener on 25, which probably is
your MTA. The banner will tell you what's there.

Mine gives this:

    $ telnet 25
    220- ESMTP
    220-It is a violation of applicable law to send spam
    220-to this server, and such violations may be prosecuted.
    220 Be aware: Oklahoma has Long Arm clauses in its computer crime statute.

but I'm paranoid and nasty, and longer banners tend to do ugly things to
badly-written ratware. I'm willing to do what I can to break ratware.

If you don't get a connection, then probably sendmail (or exim or
postfix or other_MTA) is not running, and you need to investigate that.
Try the "ps" command; on FreeBSD it would be something like
      `ps awwwwux | grep -i mail`
(without the "`") to catch all processes that have the character
string "mail" in any combination of upper/lower case.

If you get a connection but no banner, then *something* is listening
on port 25, but it may not be an MTA. That *definitely* merits serious
investigation, and the "netstat" command can be a great help.

Mike Andrews
mikea at mikea.ath.cx
Tired old sysadmin since 1964

More information about the MailScanner mailing list