mailscanner and sendmail dilemma

Wed Oct 1 11:54:44 IST 2003

Hello,

Can you post the output of the following commands (as root):

chkconfig --list sendmail
chkconfig --list MailScanner

Then, try running the following:

service MailScanner stop
service sendmail stop

wait for a minute then check the output of 'ps ax' to make sure no sendmail
or MailScanner processes remain (kill then with 'kill -HUP <pid>' if they
do), then restart MailScanner:

service MailScanner start

then post the relevant lines from /var/log/maillog showing the MailScanner
startup and the processing of a test message through mailscanner.

Then maybe it'll be obvious to me or someone else as to what is up with your
set-up.

Kind regards,
Steve.

-----Original Message-----
From: kfliong [mailto:kfliong at WOFS.COM]
Sent: 01 October 2003 10:02
To: MAILSCANNER at JISCMAIL.AC.UK
Subject: mailscanner and sendmail dilemma

Hi all,

I know this doesn't seems to be the correct channel to ask for help but I
am out of options. The message below I posted to  rackshack (my webserver
host) forum but no one replied after 3 days. I am now posting it here
hoping that the experts here will be able to shed some light into solving
my problem.

It's quite long so please bear with me. Thanks in advance.

--------------

I am having a problem with sendmail and mailscanner. My problem is that
some of my mails go through sendmail and some through mailscanner. Those
that go through sendmail do not get filter. So, I am still getting lots of
spams and virus.

Here is my story :

I have redhat 7.2 with ensim 3.1.10.

I previously configured procmail to fight spams and virus. Then I found out
about mailscanner. Then I installed mailscanner (not sure if I removed
procmail correctly as too long ago). I followed the guide in the forum
how-to to install mailscanner (MS)+f-prot+spamassassin (SA).

After installing this, it works great. I stop getting spams and virus. Not
long after that, something dreadful happened. What happened, I can only
describe from my memory which is kinda blurry on which event happens first.
I'll try to list them in the correct order.

I then installed a software called mailwatch. It was at version 0.1 beta.
Installing this software require me to edit the CustomConfig.pm file. Not
sure if this will affect mailscanner in anyway. Still running fine. One
day, my server crashed. Not sure what happened. The whole email system got
affected. Nobody can login to email to check mails. Not even login to ssh.
Only admin and root can login. But websites seems to be still working. I
tried and tried and then not even admin login works. It took a few days for
rackshack tech to bring it back up. I am not sure what they did as they
wouldn't tell me even after I keep pestering them. But I think they did
somesort of restore as all the root, admin, ensim password was reset.

So, I re-installed mailscanner. This time using mailscanner+clamav+SA howto
(which is btw a great howto). I am not sure if I removed the previous
mailscanner combo correctly. Then mails stating to act weird. A lot of
users are getting mails <<<no message>>> in the mails. After searching
around and tailling the maillog and some help, i think this problem is due
to mailscanner and sendmail both fighting to handle the mail and eventually
the message got deleted and being send to the recipient. After trying to
re-install mailscanner, i still have this problem. Eventually, after a few
weeks, this problem went away. I don't know what I did (too many to
remember) but it did go away. But I still have problem of some mails being
handled between sendmail and MS.

Then I upgraded MS, clamav and SA hoping that it will solve this problem.
No good. Still have. I even upgraded to mailwatch to 0.3 (if it's anything
to do with it). Still having some mails being handled by MS and sendmail.
Mailwatch seems to be working fine aside from the virus report not working.

Anyone have solution to this? I really need some expertise here. Should I
remove MS+clamav+SA totally and re-install? How to clean them completely? I
am waiting for ensim to create the security patch for sendmail which have
the buffer overflow bug. But I guess this does not have anything to do with
my problem.

What about sendmail.cf file? Is there something I should look inside?
CustomConfig.pm? should I delete mailwatch which I am not sure is affecting
this. BTW, mailwatch is a program that monitors the emails and then create
a database to show the stats of emails through a webgui.

Thanks for reading my long problem. But if I don't solve this, it will
become longer. Also please bear in mind that in the period of having this
problem unresolved, I also did some upgrade on other part of the system
such as mysql, php, mysqladmin and so on.

Any suggestion is highly appreciated. Thanks in advance.

--
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the sender and delete the message from your mailbox.

This footnote also confirms that this email message has been swept by
MailScanner (www.mailscanner.info) for the presence of computer viruses.