mailscanner and sendmail dilemma

kfliong kfliong at WOFS.COM
Fri Oct 3 02:55:37 IST 2003 

Here is some of the info i get tailling maillog :

# tail -f /var/log/maillog

Oct  3 09:44:24 ensim sendmail[8131]: h93DiFk08096:
to=<bookreview at mydomain1.com>, delay=00:00:08, xdelay=00:00:00,
mailer=virthostmail, pri=122262, relay=mydomain1.com, dsn=2.0.0, stat=Sent
(h93DiOe08136 Message accepted for delivery)
Oct  3 09:44:24 ensim virthostmail[8138]: Chrooting to /home/virtual/site8/fst
Oct  3 09:44:24 ensim sendmail[8141]: h93DiOk08141:
from=<to3kzyf at compuserve.com>, size=2837, class=0, nrcpts=1,
msgid=<9i50$2-t49tx658irq2$v at xy0h.0u>, proto=ESMTP, daemon=MTA,
relay=ensim.wofsproperties.com [216.12.213.201]
Oct  3 09:44:24 ensim sendmail[8141]: h93DiOk08141:
to=<autodelete at mydomain2.com>, delay=00:00:00, mailer=virthostmail,
pri=32837, stat=queued
Oct  3 09:44:24 ensim sendmail[8137]: h93DiOe08136:
to=autodelete at mydomain2.com, delay=00:00:00, xdelay=00:00:00, mailer=esmtp,
pri=31697, relay=mail.mydomain2.com. [216.12.213.201], dsn=2.0.0, stat=Sent
(h93DiOk08141 Message accepted for delivery)
Oct  3 09:44:24 ensim sendmail[8142]: h93DiO408142:
from=<krueger_rc at oracle.com>, size=3162, class=0, nrcpts=1,
msgid=<f8b301c38962$27ac02c4$bf1aadbd at ztwksnd>, proto=ESMTP,
relay=root at localhost
Oct  3 09:44:24 ensim sendmail[8131]: h93DiGk08097:
to=<ghouls at mydomain1.com>, delay=00:00:07, xdelay=00:00:00,
mailer=virthostmail, pri=122803, relay=mydomain1.com, dsn=2.0.0, stat=Sent
(h93DiO408142 Message accepted for delivery)
Oct  3 09:44:24 ensim sendmail[8145]: h93DiOk08145:
from=<krueger_rc at oracle.com>
, size=3346, class=0, nrcpts=1,
msgid=<f8b301c38962$27ac02c4$bf1aadbd at ztwksnd>, proto=ESMTP, daemon=MTA,
relay=ensim.wofsproperties.com [216.12.213.201]
Oct  3 09:44:24 ensim sendmail[8145]: h93DiOk08145:
to=<autodelete at mydomain2.com>, delay=00:00:00, mailer=virthostmail,
pri=33346, stat=queued
Oct  3 09:44:24 ensim sendmail[8143]: h93DiO408142:
to=autodelete at mydomain2.com, delay=00:00:00, xdelay=00:00:00, mailer=esmtp,
pri=32339, relay=mail.mydomain2.com. [216.12.213.201], dsn=2.0.0, stat=Sent
(h93DiOk08145 Message accepted for delivery)
Oct  3 09:44:25 ensim sendmail[8117]: h93DiLk08117:
from=<ltnetwork at paypal.com>, size=2065, class=0, nrcpts=1,
msgid=<59705970owqhwzrunCzriv1frp at DELL>, proto=SMTP, daemon=MTA,
relay=adsl-66-120-230-99.dsl.lsan03.pacbell.net [66.120.230.99]
Oct  3 09:44:25 ensim sendmail[8117]: h93DiLk08117:
to=<ltnetwork at mydomain3.com>, delay=00:00:02, mailer=virthostmail,
pri=32065, stat=queued
Oct  3 09:44:25 ensim sendmail[8112]: h93DiJk08112:
from=<ljjqqxsuzj at hotmail.com>, size=1231, class=0, nrcpts=5,
msgid=<ey-0249-2ud$$9xv-6v-f5s6 at 541mg9h5j2vbae>, proto=SMTP, daemon=MTA,
relay=[218.76.156.194]
Oct  3 09:44:25 ensim sendmail[8112]: h93DiJk08112:
to=<simage at mydomain2.com>, delay=00:00:06, mailer=virthostmail, pri=151231,
stat=queued
Oct  3 09:44:25 ensim sendmail[8112]: h93DiJk08112:
to=<snaps at mydomain2.com>, delay=00:00:06, mailer=virthostmail, pri=151231,
stat=queued
Oct  3 09:44:25 ensim sendmail[8112]: h93DiJk08112:
to=<sonk at mydomain2.com>, delay=00:00:06, mailer=virthostmail, pri=151231,
stat=queued
Oct  3 09:44:25 ensim sendmail[8112]: h93DiJk08112:
to=<sugiyama at mydomain2.com>, delay=00:00:06, mailer=virthostmail,
pri=151231, stat=queued
Oct  3 09:44:25 ensim sendmail[8112]: h93DiJk08112:
to=<umab at mydomain2.com>, delay=00:00:06, mailer=virthostmail, pri=151231,
stat=queued
Oct  3 09:44:26 ensim MailScanner[8147]: MailScanner E-Mail Virus Scanner
version 4.23-11 starting...
Oct  3 09:44:26 ensim MailScanner[8147]: Config: calling custom init
function MailWatchLogging
Oct  3 09:44:26 ensim MailScanner[8147]: Initialising database connection
Oct  3 09:44:26 ensim MailScanner[8147]: Finished initialising database
connection
Oct  3 09:44:27 ensim MailScanner[8147]: Using locktype = flock
Oct  3 09:44:27 ensim MailScanner[8147]: New Batch: Scanning 4 messages,
11578 bytes
Oct  3 09:44:27 ensim sendmail[8118]: h93DiMk08118:
from=<qaVRp4725k7i at aonehotwebdeals.com>, size=1610, class=0, nrcpts=1,
msgid=<8r2$00zbr4dl$2$9q0v8-dh-h$ig83 at 1dz.qypvn>, proto=SMTP, daemon=MTA,
relay=dhcp16478068.woh.rr.com [24.164.78.68]
Oct  3 09:44:27 ensim sendmail[8118]: h93DiMk08118:
to=<webmastgr at mydomain4.com>, delay=00:00:03, mailer=virthostmail,
pri=31610, stat=queued
Oct  3 09:44:28 ensim sendmail[8155]: h93DiRk08155:
from=<sales at mydomain3.com>, size=715, class=0, nrcpts=1,
msgid=<15493910352750_2569 at 202.157.132.113>, proto=SMTP, daemon=MTA,
relay=ns1.stronium.com [202.157.132.113]
Oct  3 09:44:28 ensim sendmail[8155]: h93DiRk08155:
to=<sales at mydomain3.com>, delay=00:00:01, mailer=virthostmail, pri=30715,
stat=queued
Oct  3 09:44:28 ensim sendmail[8151]: NOQUEUE:
dsl-200-95-72-229.prodigy.net.mx
[200.95.72.229] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Oct  3 09:44:28 ensim MailScanner[8147]: Spam Checks: Found 1 spam messages


--------------------
Does this help?

Hmm...how does sendmail know to send all mails to mqueue.in? Could it be
possibly that is was confused and send it directly to recipients instead?

FYI, when I stop MailScanner service, sendmail is still running. Then I
have to stop sendmail also. But when I start, I only start MailScanner
which will automatically starts sendmail.

Thanks again.

Thanks in advance.
At 09:58 AM 10/2/2003 +0100, you wrote:

>Hello,
>
> >>> But could you tell me how to see the processing of a test message
>through mailscanner?
>
>$ tail -f /var/log/maillog
>
>Will show sendmail receiving the message to mqueue.in, MailScanner detecting
>the message and scanning it, and sendmail delivering it to the recipient.
>
>Hope this helps.
>
>Kind regards,
>Steve.
>
>-----Original Message-----
>From: kfliong [mailto:kfliong at WOFS.COM]
>Sent: 02 October 2003 08:37
>To: MAILSCANNER at JISCMAIL.AC.UK
>Subject: Re: mailscanner and sendmail dilemma
>
> >
> >chkconfig --list sendmail
>
>sendmail        0:off   1:off   2:off   3:off   4:off   5:off   6:off
>
> >chkconfig --list MailScanner
>
>MailScanner     0:off   1:off   2:on    3:on    4:on    5:on    6:off
>
>
>
> >Then, try running the following:
> >
> >service MailScanner stop
> >service sendmail stop
> >
> >wait for a minute then check the output of 'ps ax' to make sure no sendmail
> >or MailScanner processes remain (kill then with 'kill -HUP <pid>' if they
> >do), then restart MailScanner:
> >
> >service MailScanner start
> >
> >then post the relevant lines from /var/log/maillog showing the MailScanner
> >startup and the processing of a test message through mailscanner.
> >
> >Then maybe it'll be obvious to me or someone else as to what is up with
>your
> >set-up.
> >
> >Kind regards,
> >Steve.
>
>ok, I stopped everything and restarted (which I have already done tons).
>But could you tell me how to see the processing of a test message through
>mailscanner?
>
>Thanks in advance.
>
>
>
> >-----Original Message-----
> >From: kfliong [mailto:kfliong at WOFS.COM]
> >Sent: 01 October 2003 10:02
> >To: MAILSCANNER at JISCMAIL.AC.UK
> >Subject: mailscanner and sendmail dilemma
> >
> >Hi all,
> >
> >I know this doesn't seems to be the correct channel to ask for help but I
> >am out of options. The message below I posted to  rackshack (my webserver
> >host) forum but no one replied after 3 days. I am now posting it here
> >hoping that the experts here will be able to shed some light into solving
> >my problem.
> >
> >It's quite long so please bear with me. Thanks in advance.
> >
> >--------------
> >
> >I am having a problem with sendmail and mailscanner. My problem is that
> >some of my mails go through sendmail and some through mailscanner. Those
> >that go through sendmail do not get filter. So, I am still getting lots of
> >spams and virus.
> >
> >Here is my story :
> >
> >I have redhat 7.2 with ensim 3.1.10.
> >
> >I previously configured procmail to fight spams and virus. Then I found out
> >about mailscanner. Then I installed mailscanner (not sure if I removed
> >procmail correctly as too long ago). I followed the guide in the forum
> >how-to to install mailscanner (MS)+f-prot+spamassassin (SA).
> >
> >After installing this, it works great. I stop getting spams and virus. Not
> >long after that, something dreadful happened. What happened, I can only
> >describe from my memory which is kinda blurry on which event happens first.
> >I'll try to list them in the correct order.
> >
> >I then installed a software called mailwatch. It was at version 0.1 beta.
> >Installing this software require me to edit the CustomConfig.pm file. Not
> >sure if this will affect mailscanner in anyway. Still running fine. One
> >day, my server crashed. Not sure what happened. The whole email system got
> >affected. Nobody can login to email to check mails. Not even login to ssh.
> >Only admin and root can login. But websites seems to be still working. I
> >tried and tried and then not even admin login works. It took a few days for
> >rackshack tech to bring it back up. I am not sure what they did as they
> >wouldn't tell me even after I keep pestering them. But I think they did
> >somesort of restore as all the root, admin, ensim password was reset.
> >
> >So, I re-installed mailscanner. This time using mailscanner+clamav+SA howto
> >(which is btw a great howto). I am not sure if I removed the previous
> >mailscanner combo correctly. Then mails stating to act weird. A lot of
> >users are getting mails <<<no message>>> in the mails. After searching
> >around and tailling the maillog and some help, i think this problem is due
> >to mailscanner and sendmail both fighting to handle the mail and eventually
> >the message got deleted and being send to the recipient. After trying to
> >re-install mailscanner, i still have this problem. Eventually, after a few
> >weeks, this problem went away. I don't know what I did (too many to
> >remember) but it did go away. But I still have problem of some mails being
> >handled between sendmail and MS.
> >
> >Then I upgraded MS, clamav and SA hoping that it will solve this problem.
> >No good. Still have. I even upgraded to mailwatch to 0.3 (if it's anything
> >to do with it). Still having some mails being handled by MS and sendmail.
> >Mailwatch seems to be working fine aside from the virus report not working.
> >
> >Anyone have solution to this? I really need some expertise here. Should I
> >remove MS+clamav+SA totally and re-install? How to clean them completely? I
> >am waiting for ensim to create the security patch for sendmail which have
> >the buffer overflow bug. But I guess this does not have anything to do with
> >my problem.
> >
> >What about sendmail.cf file? Is there something I should look inside?
> >CustomConfig.pm? should I delete mailwatch which I am not sure is affecting
> >this. BTW, mailwatch is a program that monitors the emails and then create
> >a database to show the stats of emails through a webgui.
> >
> >Thanks for reading my long problem. But if I don't solve this, it will
> >become longer. Also please bear in mind that in the period of having this
> >problem unresolved, I also did some upgrade on other part of the system
> >such as mysql, php, mysqladmin and so on.
> >
> >Any suggestion is highly appreciated. Thanks in advance.
> >
> >--
> >This email and any files transmitted with it are confidential and
> >intended solely for the use of the individual or entity to whom they
> >are addressed. If you have received this email in error please notify
> >the sender and delete the message from your mailbox.
> >
> >This footnote also confirms that this email message has been swept by
> >MailScanner (www.mailscanner.info) for the presence of computer viruses.
>
>--
>This email and any files transmitted with it are confidential and
>intended solely for the use of the individual or entity to whom they
>are addressed. If you have received this email in error please notify
>the sender and delete the message from your mailbox.
>
>This footnote also confirms that this email message has been swept by
>MailScanner (www.mailscanner.info) for the presence of computer viruses.

More information about the MailScanner mailing list