Sendmail still running behind mailscanner?

Peter Peters P.G.M.Peters at utwente.nl
Wed Apr 7 09:25:43 IST 2004 

On Wed, 7 Apr 2004 14:34:06 +0800, you wrote:

> >----- Original Message Header -----
> >Received: by mail44-haw (MessageSwitch) id 1081306792170200_10902; Wed,  7
> >Apr 2004 02:59:52 +0000 (UCT)
> >Received: from corp.cirrus.com (unknown [219.95.14.34])
> >      by mail44-haw.bigfish.com (Postfix) with ESMTP id 311622DA46B
> >      for <dcom-support at corp.cirrus.com>; Wed,  7 Apr 2004 02:59:43 +0000 (UCT)
> >From: enquiries at wofs.com
> >To: dcom-support at corp.cirrus.com
> >Subject: Re: Your document
> >Date: Wed, 7 Apr 2004 10:59:56 +0800
> >MIME-Version: 1.0
> >Content-Type: multipart/mixed;
> >      boundary="----=_NextPart_000_0016----=_NextPart_000_0016"
> >X-Priority: 3
> >X-MSMail-Priority: Normal
> >Message-Id: <20040407025943.311622DA46B at mail44-haw.bigfish.com>

No MS header so MS hasn't seen this message. I presume
mail44-haw.bigfish.com is your system.

>But I have checked for mails that comes from this sender and all I get are
>mails that are tagged as spam and already filtered out. So, the user
>shouldn't be receiving any of these mails. But he is still getting those
>mails. Even as I type this mail. Therefore I can conclude that the mails
>actually didn't go through mailscanner.

Probably you have a seperate sendmail running. Did you make sure you
disabled the default sendmail configuration (ckconfig sendmail off)?

>I tried looking at the maillogs but I don't know what exactly to look for.

Under normal circumstances you should see three lines with the same
queueID as in:
|Apr  7 00:16:37 netlx014 sendmail-in[20561]: i36MGbQ20561: from=<sender at utwente.nl>, (...)
|Apr  7 00:16:37 netlx014 sendmail-in[20561]: i36MGbQ20561: to=<recipient at somewhere.else>, (...) stat=queued
|Apr  7 00:16:39 netlx014 sendmail[20580]: i36MGbQ20561: to=<recipient at somewhere.else>, (...) stat=Sent

Whatch for the "stat=" parts. And there should be only "from=" parts
with sendmail-in and not sendmail. Perhaps besides "from=" with
machine-local addresses like <> and root.
|grep from= /var/log/mail | grep -v sendmail-in | less

--
Peter Peters, senior netwerkbeheerder
Dienst Informatietechnologie, Bibliotheek en Educatie (ITBE)
Universiteit Twente,  Postbus 217,  7500 AE  Enschede
telefoon: 053 - 489 2301, fax: 053 - 489 2383, http://www.utwente.nl/civ

More information about the MailScanner mailing list