mailscanner and sendmail dilemma

kfliong kfliong at WOFS.COM
Mon Oct 6 09:03:54 IST 2003 

I tried what you did but I did not find any faults. Not to mention my
headache when I look at the maillog.

Really need more input here...any idea is appreciated.


At 10:32 AM 10/3/2003 +0200, you wrote:
>Content-Transfer-Encoding: 7bit
>
>On Fri, 3 Oct 2003 09:55:37 +0800, you wrote:
>
> >Here is some of the info i get tailling maillog :
> >
> ># tail -f /var/log/maillog
>
>It is a whole lot of information.
>
> >Oct  3 09:44:24 ensim sendmail[8141]: h93DiOk08141:
> >from=<to3kzyf at compuserve.com>, size=2837, class=0, nrcpts=1,
> >msgid=<9i50$2-t49tx658irq2$v at xy0h.0u>, proto=ESMTP, daemon=MTA,
> >relay=ensim.wofsproperties.com [216.12.213.201]
> >Oct  3 09:44:24 ensim sendmail[8141]: h93DiOk08141:
> >to=<autodelete at mydomain2.com>, delay=00:00:00, mailer=virthostmail,
> >pri=32837, stat=queued
>
>These seem alright.
>
> >Oct  3 09:44:24 ensim sendmail[8137]: h93DiOe08136:
> >to=autodelete at mydomain2.com, delay=00:00:00, xdelay=00:00:00, mailer=esmtp,
> >pri=31697, relay=mail.mydomain2.com. [216.12.213.201], dsn=2.0.0, stat=Sent
> >(h93DiOk08141 Message accepted for delivery)
>
>But I expect MailScanner logs before this one.
>
>
> >Oct  3 09:44:26 ensim MailScanner[8147]: MailScanner E-Mail Virus Scanner
> >version 4.23-11 starting...
> >Oct  3 09:44:26 ensim MailScanner[8147]: Config: calling custom init
> >function MailWatchLogging
> >Oct  3 09:44:26 ensim MailScanner[8147]: Initialising database connection
> >Oct  3 09:44:26 ensim MailScanner[8147]: Finished initialising database
> >connection
> >Oct  3 09:44:27 ensim MailScanner[8147]: Using locktype = flock
> >Oct  3 09:44:27 ensim MailScanner[8147]: New Batch: Scanning 4 messages,
> >11578 bytes
>
>You started MailScanner at this moment?
>
> >Oct  3 09:44:27 ensim sendmail[8118]: h93DiMk08118:
> >from=<qaVRp4725k7i at aonehotwebdeals.com>, size=1610, class=0, nrcpts=1,
> >msgid=<8r2$00zbr4dl$2$9q0v8-dh-h$ig83 at 1dz.qypvn>, proto=SMTP, daemon=MTA,
> >relay=dhcp16478068.woh.rr.com [24.164.78.68]
> >Oct  3 09:44:27 ensim sendmail[8118]: h93DiMk08118:
> >to=<webmastgr at mydomain4.com>, delay=00:00:03, mailer=virthostmail,
> >pri=31610, stat=queued
>
>This looks good also.
>
> >Oct  3 09:44:28 ensim MailScanner[8147]: Spam Checks: Found 1 spam messages
>
>I need a little more. MailSCanner should log what he did with the
>message. I get
>|Oct  3 10:26:04 netlx014 MailScanner[18615]: Spam Actions: message
>h938Q0001399 actions are deliver
>
>By looking at the queue-ID (h938Q0001399) you can check whether the
>message that had "stat=queued" in it was processed. You won't get a
>"Spam Actions" line every queued message (I hope).
>
> >Hmm...how does sendmail know to send all mails to mqueue.in? Could it be
> >possibly that is was confused and send it directly to recipients instead?
>
>You tell the sendmail listening on port 25 to queue in mqueue.in.
>
> >FYI, when I stop MailScanner service, sendmail is still running. Then I
> >have to stop sendmail also. But when I start, I only start MailScanner
> >which will automatically starts sendmail.
>
>If you stop MailScanner there could be a few remenant sendmail processes
>waiting on a close. You should check (ps axf) what sendmails are
>running. You should have one "sendmail: accepting connections" with a
>lot of children. You should have a queue-running sendmail (in my case "
>/usr/sbin/sendmail -q30m") with a number of children. And you could have
>a sendmail listening on the client port.
>
>The sendmail accepting connections should not also do queue runs. It
>would do them from mqueue.in whereas the special queue running sendmail
>does it from mqueueu.
>
>--
>Peter Peters, senior netwerkbeheerder
>Dienst Informatietechnologie, Bibliotheek en Educatie (ITBE)
>Universiteit Twente,  Postbus 217,  7500 AE  Enschede
>telefoon: 053 - 489 2301, fax: 053 - 489 2383, http://www.utwente.nl/civ

More information about the MailScanner mailing list