Port 25

Steve Douglas steve.douglas at SBIINCORPORATED.COM
Wed Jun 25 14:51:17 IST 2003


If you don't get a connection, then probably sendmail (or exim or
> postfix or other_MTA) is not running, and you need to investigate that.
> Try the "ps" command; on FreeBSD it would be something like
>       `ps awwwwux | grep -i mail`

I received
root      2011  0.0  0.3  5952 2560 ?        S    08:17   0:00 [sendmail]
smmsp     2016  0.0  0.3  5752 2300 ?        S    08:17   0:00 [sendmail]
root      2022  0.0  0.3  5844 2396 ?        S    08:17   0:00 [sendmail]
root      2343  0.0  1.7 14740 11220 ?       S    08:21   0:00 /usr/bin/perl
-I/
usr/lib/MailScanner /usr/sbin/MailScanner /etc/MailScanner/MailScanner.conf
root      2344  0.0  4.2 30656 27156 ?       S    08:21   0:00 /usr/bin/perl
-I/
usr/lib/MailScanner /usr/sbin/MailScanner /etc/MailScanner/MailScanner.conf
root      2347  0.0  4.2 30640 27136 ?       S    08:22   0:00 /usr/bin/perl
-I/
usr/lib/MailScanner /usr/sbin/MailScanner /etc/MailScanner/MailScanner.conf
root      2350  0.0  4.2 30640 27140 ?       S    08:22   0:00 /usr/bin/perl
-I/
usr/lib/MailScanner /usr/sbin/MailScanner /etc/MailScanner/MailScanner.conf
root      2355  0.0  4.2 30656 27156 ?       S    08:22   0:00 /usr/bin/perl
-I/
usr/lib/MailScanner /usr/sbin/MailScanner /etc/MailScanner/MailScanner.conf
root      2360  0.0  4.2 30636 27136 ?       S    08:22   0:00 /usr/bin/perl
-I/
usr/lib/MailScanner /usr/sbin/MailScanner /etc/MailScanner/MailScanner.conf
root      2828  0.0  0.1  3576  648 ttyp1    S    08:49   0:00 grep -i mail

SD
:-)


> -----Original Message-----
> From: mikea [mailto:mikea at MIKEA.ATH.CX]
> Sent: Wednesday, June 25, 2003 8:41 AM
> To: MAILSCANNER at JISCMAIL.AC.UK
> Subject: Re: Port 25
>
> On Wed, Jun 25, 2003 at 08:30:06AM -0500, Steve Douglas wrote:
> > I am running RedHat version 9 with f-prot, dcc, and razor.  I am using
> > MailScanner version 4.21-9.
> >
> > When I started I use the command check_MailScanner and receive the
> following
> > results in my mail log:
> > - MailScanner child caught a SIGH
> > - MailScanner child caught a SIGH
> > - MailScanner E-Mail Virus Scanner version 4.21-9 starting...
> > - Enabling SpamAssassin auto-whitelist functionality...
> > - Using locktype = flock
> >
> > I get the above for each instance of child process that is running (five
> > MailScanner instances when I do a "ps -A"
> >
> > My firewall is completely off for the moment to remove any potential
> > barriers and scanning does not show port 25.  In addition, when I send a
> > test email nothing is forwarded.
>
> Try doing `telnet <name-of-machine> 25`. If something answers and
> puts up a banner, then there's a listener on 25, which probably is
> your MTA. The banner will tell you what's there.
>
> Mine gives this:
>
>     $ telnet 127.0.0.1 25
>     220- ESMTP
>     220-
>     220-
>     220-It is a violation of applicable law to send spam
>     220-to this server, and such violations may be prosecuted.
>     220-
>     220 Be aware: Oklahoma has Long Arm clauses in its computer crime
> statute.
>
> but I'm paranoid and nasty, and longer banners tend to do ugly things to
> badly-written ratware. I'm willing to do what I can to break ratware.
>
> If you don't get a connection, then probably sendmail (or exim or
> postfix or other_MTA) is not running, and you need to investigate that.
> Try the "ps" command; on FreeBSD it would be something like
>       `ps awwwwux | grep -i mail`
> (without the "`") to catch all processes that have the character
> string "mail" in any combination of upper/lower case.
>
> If you get a connection but no banner, then *something* is listening
> on port 25, but it may not be an MTA. That *definitely* merits serious
> investigation, and the "netstat" command can be a great help.
>
> --
> Mike Andrews
> mikea at mikea.ath.cx
> Tired old sysadmin since 1964



More information about the MailScanner mailing list