mailscanner and sendmail dilemma

Peter Peters P.G.M.Peters at utwente.nl
Fri Oct 3 09:32:33 IST 2003 

On Fri, 3 Oct 2003 09:55:37 +0800, you wrote:

>Here is some of the info i get tailling maillog :
>
># tail -f /var/log/maillog

It is a whole lot of information.

>Oct  3 09:44:24 ensim sendmail[8141]: h93DiOk08141:
>from=<to3kzyf at compuserve.com>, size=2837, class=0, nrcpts=1,
>msgid=<9i50$2-t49tx658irq2$v at xy0h.0u>, proto=ESMTP, daemon=MTA,
>relay=ensim.wofsproperties.com [216.12.213.201]
>Oct  3 09:44:24 ensim sendmail[8141]: h93DiOk08141:
>to=<autodelete at mydomain2.com>, delay=00:00:00, mailer=virthostmail,
>pri=32837, stat=queued

These seem alright.

>Oct  3 09:44:24 ensim sendmail[8137]: h93DiOe08136:
>to=autodelete at mydomain2.com, delay=00:00:00, xdelay=00:00:00, mailer=esmtp,
>pri=31697, relay=mail.mydomain2.com. [216.12.213.201], dsn=2.0.0, stat=Sent
>(h93DiOk08141 Message accepted for delivery)

But I expect MailScanner logs before this one.


>Oct  3 09:44:26 ensim MailScanner[8147]: MailScanner E-Mail Virus Scanner
>version 4.23-11 starting...
>Oct  3 09:44:26 ensim MailScanner[8147]: Config: calling custom init
>function MailWatchLogging
>Oct  3 09:44:26 ensim MailScanner[8147]: Initialising database connection
>Oct  3 09:44:26 ensim MailScanner[8147]: Finished initialising database
>connection
>Oct  3 09:44:27 ensim MailScanner[8147]: Using locktype = flock
>Oct  3 09:44:27 ensim MailScanner[8147]: New Batch: Scanning 4 messages,
>11578 bytes

You started MailScanner at this moment?

>Oct  3 09:44:27 ensim sendmail[8118]: h93DiMk08118:
>from=<qaVRp4725k7i at aonehotwebdeals.com>, size=1610, class=0, nrcpts=1,
>msgid=<8r2$00zbr4dl$2$9q0v8-dh-h$ig83 at 1dz.qypvn>, proto=SMTP, daemon=MTA,
>relay=dhcp16478068.woh.rr.com [24.164.78.68]
>Oct  3 09:44:27 ensim sendmail[8118]: h93DiMk08118:
>to=<webmastgr at mydomain4.com>, delay=00:00:03, mailer=virthostmail,
>pri=31610, stat=queued

This looks good also.

>Oct  3 09:44:28 ensim MailScanner[8147]: Spam Checks: Found 1 spam messages

I need a little more. MailSCanner should log what he did with the
message. I get
|Oct  3 10:26:04 netlx014 MailScanner[18615]: Spam Actions: message h938Q0001399 actions are deliver

By looking at the queue-ID (h938Q0001399) you can check whether the
message that had "stat=queued" in it was processed. You won't get a
"Spam Actions" line every queued message (I hope).

>Hmm...how does sendmail know to send all mails to mqueue.in? Could it be
>possibly that is was confused and send it directly to recipients instead?

You tell the sendmail listening on port 25 to queue in mqueue.in.

>FYI, when I stop MailScanner service, sendmail is still running. Then I
>have to stop sendmail also. But when I start, I only start MailScanner
>which will automatically starts sendmail.

If you stop MailScanner there could be a few remenant sendmail processes
waiting on a close. You should check (ps axf) what sendmails are
running. You should have one "sendmail: accepting connections" with a
lot of children. You should have a queue-running sendmail (in my case "
/usr/sbin/sendmail -q30m") with a number of children. And you could have
a sendmail listening on the client port.

The sendmail accepting connections should not also do queue runs. It
would do them from mqueue.in whereas the special queue running sendmail
does it from mqueueu.

--
Peter Peters, senior netwerkbeheerder
Dienst Informatietechnologie, Bibliotheek en Educatie (ITBE)
Universiteit Twente,  Postbus 217,  7500 AE  Enschede
telefoon: 053 - 489 2301, fax: 053 - 489 2383, http://www.utwente.nl/civ

More information about the MailScanner mailing list