automatic queue run on hanging virus scanner update
Michael Weiser
michael at DINSNAIL.NET
Wed Oct 8 11:04:11 IST 2003
On Wed, 8 Oct 2003, Antony Stone wrote:
> > While the update was hanging about messages were accumulated in the
> > incoming queue *but* processed every 21 minutes past the full hour,
> > apparently bypassing at least spam checking.
> Only MailScanner should be able to take messages out of its input queue (and
> perhaps transfer them to the output queue for delivery).
As far as I'm aware and configured it, that's exactly how it is.
> You say you have checked cron jobs, and there's nothing running at 21 minutes
> past the hour - do you have a sendmail process with flags -bd -q1h perhaps,
> which got started at 21 minutes past some hour?
Mhmm, ps xaw | grep sendmail says:
12109 ? S 0:00 sendmail: Queue runner at 00:15:00 for /var/spool/mqueue
15793 ? S 0:04 sendmail: accepting connections
15802 ? S 0:00 sendmail: Queue runner at 01:00:00 for /var/spool/clientmqueue
This should be alright, shouldn't it?
> Your system logs for the time when these messages were apparently delivered
> without Spam checking (or, presumably, virus checking) should tell you what
> process ID was respondible for delivering them, and the headers of the
> delivered emails themselves should tell you whether they really were
> processed by MailScanner or not.
I checked the logs and it is a new instance of sendmail on each queue run
21 minutes past the full hour. So someone or -what started a sendmail
process running the queue. I have mailscanner-mrtg running every 10
minutes which includes 20 min past the full hour but then I don't see why
it should only flush the queue every hour and not on the 5 other calls.
> I suggest you do not ignore this as something which only happened because the
> anti-virus system update got stuck - that was just a good opportunity to
> notice the problem, but it suggests to me that something might be capable of
> bypassing your virus & spam checks at least once each hour - not a good idea.
Yep, I'd want to avoid that obviously.
> Hope you find something in the logs or headers (or the process list).
Thanks for your help.
--
man liest sich, Michael
I like Kaba!
More information about the MailScanner
mailing list