SV: Port 25

Anders Andersson, IT andersan at LTKALMAR.SE
Wed Jun 25 15:07:15 IST 2003 

> -----Ursprungligt meddelande-----
> Från: mikea [mailto:mikea at MIKEA.ATH.CX] 
> Skickat: den 25 juni 2003 15:41
> Till: MAILSCANNER at JISCMAIL.AC.UK
> Ämne: Re: Port 25
> 
> 
> On Wed, Jun 25, 2003 at 08:30:06AM -0500, Steve Douglas wrote:
> > I am running RedHat version 9 with f-prot, dcc, and razor.  
> I am using 
> > MailScanner version 4.21-9.
> >
> > When I started I use the command check_MailScanner and receive the 
> > following results in my mail log:
> > - MailScanner child caught a SIGH
> > - MailScanner child caught a SIGH
> > - MailScanner E-Mail Virus Scanner version 4.21-9 starting...
> > - Enabling SpamAssassin auto-whitelist functionality...
> > - Using locktype = flock
> >
> > I get the above for each instance of child process that is running 
> > (five MailScanner instances when I do a "ps -A"
> >
> > My firewall is completely off for the moment to remove any 
> potential 
> > barriers and scanning does not show port 25.  In addition, 
> when I send 
> > a test email nothing is forwarded.
> 
> Try doing `telnet <name-of-machine> 25`. If something answers 
> and puts up a banner, then there's a listener on 25, which 
> probably is your MTA. The banner will tell you what's there.
> 
> Mine gives this:
> 
>     $ telnet 127.0.0.1 25
>     220- ESMTP
>     220-
>     220-
>     220-It is a violation of applicable law to send spam
>     220-to this server, and such violations may be prosecuted.
>     220-
>     220 Be aware: Oklahoma has Long Arm clauses in its 
> computer crime statute.

What did you add to get that message or maybe its not sendmail?

> 
> but I'm paranoid and nasty, and longer banners tend to do 
> ugly things to badly-written ratware. I'm willing to do what 
> I can to break ratware.
> 
> If you don't get a connection, then probably sendmail (or 
> exim or postfix or other_MTA) is not running, and you need to 
> investigate that. Try the "ps" command; on FreeBSD it would 
> be something like
>       `ps awwwwux | grep -i mail`
> (without the "`") to catch all processes that have the 
> character string "mail" in any combination of upper/lower case.
> 
> If you get a connection but no banner, then *something* is 
> listening on port 25, but it may not be an MTA. That 
> *definitely* merits serious investigation, and the "netstat" 
> command can be a great help.
> 
> --
> Mike Andrews
> mikea at mikea.ath.cx
> Tired old sysadmin since 1964
>

More information about the MailScanner mailing list