Port 25
Steve Douglas
steve.douglas at SBIINCORPORATED.COM
Wed Jun 25 14:51:17 IST 2003
If you don't get a connection, then probably sendmail (or exim or
> postfix or other_MTA) is not running, and you need to investigate that.
> Try the "ps" command; on FreeBSD it would be something like
> `ps awwwwux | grep -i mail`
I received
root 2011 0.0 0.3 5952 2560 ? S 08:17 0:00 [sendmail]
smmsp 2016 0.0 0.3 5752 2300 ? S 08:17 0:00 [sendmail]
root 2022 0.0 0.3 5844 2396 ? S 08:17 0:00 [sendmail]
root 2343 0.0 1.7 14740 11220 ? S 08:21 0:00 /usr/bin/perl
-I/
usr/lib/MailScanner /usr/sbin/MailScanner /etc/MailScanner/MailScanner.conf
root 2344 0.0 4.2 30656 27156 ? S 08:21 0:00 /usr/bin/perl
-I/
usr/lib/MailScanner /usr/sbin/MailScanner /etc/MailScanner/MailScanner.conf
root 2347 0.0 4.2 30640 27136 ? S 08:22 0:00 /usr/bin/perl
-I/
usr/lib/MailScanner /usr/sbin/MailScanner /etc/MailScanner/MailScanner.conf
root 2350 0.0 4.2 30640 27140 ? S 08:22 0:00 /usr/bin/perl
-I/
usr/lib/MailScanner /usr/sbin/MailScanner /etc/MailScanner/MailScanner.conf
root 2355 0.0 4.2 30656 27156 ? S 08:22 0:00 /usr/bin/perl
-I/
usr/lib/MailScanner /usr/sbin/MailScanner /etc/MailScanner/MailScanner.conf
root 2360 0.0 4.2 30636 27136 ? S 08:22 0:00 /usr/bin/perl
-I/
usr/lib/MailScanner /usr/sbin/MailScanner /etc/MailScanner/MailScanner.conf
root 2828 0.0 0.1 3576 648 ttyp1 S 08:49 0:00 grep -i mail
SD
:-)
> -----Original Message-----
> From: mikea [mailto:mikea at MIKEA.ATH.CX]
> Sent: Wednesday, June 25, 2003 8:41 AM
> To: MAILSCANNER at JISCMAIL.AC.UK
> Subject: Re: Port 25
>
> On Wed, Jun 25, 2003 at 08:30:06AM -0500, Steve Douglas wrote:
> > I am running RedHat version 9 with f-prot, dcc, and razor. I am using
> > MailScanner version 4.21-9.
> >
> > When I started I use the command check_MailScanner and receive the
> following
> > results in my mail log:
> > - MailScanner child caught a SIGH
> > - MailScanner child caught a SIGH
> > - MailScanner E-Mail Virus Scanner version 4.21-9 starting...
> > - Enabling SpamAssassin auto-whitelist functionality...
> > - Using locktype = flock
> >
> > I get the above for each instance of child process that is running (five
> > MailScanner instances when I do a "ps -A"
> >
> > My firewall is completely off for the moment to remove any potential
> > barriers and scanning does not show port 25. In addition, when I send a
> > test email nothing is forwarded.
>
> Try doing `telnet <name-of-machine> 25`. If something answers and
> puts up a banner, then there's a listener on 25, which probably is
> your MTA. The banner will tell you what's there.
>
> Mine gives this:
>
> $ telnet 127.0.0.1 25
> 220- ESMTP
> 220-
> 220-
> 220-It is a violation of applicable law to send spam
> 220-to this server, and such violations may be prosecuted.
> 220-
> 220 Be aware: Oklahoma has Long Arm clauses in its computer crime
> statute.
>
> but I'm paranoid and nasty, and longer banners tend to do ugly things to
> badly-written ratware. I'm willing to do what I can to break ratware.
>
> If you don't get a connection, then probably sendmail (or exim or
> postfix or other_MTA) is not running, and you need to investigate that.
> Try the "ps" command; on FreeBSD it would be something like
> `ps awwwwux | grep -i mail`
> (without the "`") to catch all processes that have the character
> string "mail" in any combination of upper/lower case.
>
> If you get a connection but no banner, then *something* is listening
> on port 25, but it may not be an MTA. That *definitely* merits serious
> investigation, and the "netstat" command can be a great help.
>
> --
> Mike Andrews
> mikea at mikea.ath.cx
> Tired old sysadmin since 1964
More information about the MailScanner
mailing list