Port 25

Derek Winkler dwinkler at ALGORITHMICS.COM
Wed Jun 25 14:46:07 IST 2003 

RedHat's sendmail config by default only listens on 127.0.0.1

Try doing...

netstat -an | grep :25

and see what addresses sendmail is listening on.

To modify this, look at /etc/mail/sendmail.mc

-----Original Message-----
From: mikea [mailto:mikea at mikea.ath.cx]
Sent: Wednesday, June 25, 2003 9:41 AM
To: MAILSCANNER at jiscmail.ac.uk
Subject: Re: Port 25


On Wed, Jun 25, 2003 at 08:30:06AM -0500, Steve Douglas wrote:
> I am running RedHat version 9 with f-prot, dcc, and razor.  I am using
> MailScanner version 4.21-9.
>
> When I started I use the command check_MailScanner and receive the
following
> results in my mail log:
> - MailScanner child caught a SIGH
> - MailScanner child caught a SIGH
> - MailScanner E-Mail Virus Scanner version 4.21-9 starting...
> - Enabling SpamAssassin auto-whitelist functionality...
> - Using locktype = flock
>
> I get the above for each instance of child process that is running (five
> MailScanner instances when I do a "ps -A"
>
> My firewall is completely off for the moment to remove any potential
> barriers and scanning does not show port 25.  In addition, when I send a
> test email nothing is forwarded.

Try doing `telnet <name-of-machine> 25`. If something answers and
puts up a banner, then there's a listener on 25, which probably is
your MTA. The banner will tell you what's there.

Mine gives this:

    $ telnet 127.0.0.1 25
    220- ESMTP
    220-
    220-
    220-It is a violation of applicable law to send spam
    220-to this server, and such violations may be prosecuted.
    220-
    220 Be aware: Oklahoma has Long Arm clauses in its computer crime
statute.

but I'm paranoid and nasty, and longer banners tend to do ugly things to
badly-written ratware. I'm willing to do what I can to break ratware.

If you don't get a connection, then probably sendmail (or exim or
postfix or other_MTA) is not running, and you need to investigate that.
Try the "ps" command; on FreeBSD it would be something like
      `ps awwwwux | grep -i mail`
(without the "`") to catch all processes that have the character
string "mail" in any combination of upper/lower case.

If you get a connection but no banner, then *something* is listening
on port 25, but it may not be an MTA. That *definitely* merits serious
investigation, and the "netstat" command can be a great help.

--
Mike Andrews
mikea at mikea.ath.cx
Tired old sysadmin since 1964
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030625/9dfa43ba/attachment.html

More information about the MailScanner mailing list