ETRN support in MailScanner required

Leif Neland mailscanner-user at NELAND.DK
Sun Aug 15 09:37:59 IST 2004 

----- Original Message -----
From: "Michael Mansour" <micoots at YAHOO.COM>
To: <MAILSCANNER at JISCMAIL.AC.UK>
Sent: Sunday, August 15, 2004 7:58 AM
Subject: ETRN support in MailScanner required


> Hi,
>
> I'm using Fedora Core 1 and 2, sendmail and
> mailscanner.
>
> My primary mailserver is on Fedora Core 1.
> My backup mailserver is on Fedora Core 2.
> Both run sendmail and MailScanner.
>
> For my backup mailserver, I use mailertable and dsmtp
> configured in that with the primary server making ETRN
> connections to the backup every hour (I'm using the
> sendmail etrn.pl script from the contrib directory to
> perform this step).

using ETRN is bad, because it forces sendmail to process the messages in
mqueue.in which hold unscanned messages.

Do you need ETRN?
Why doesn't your backup mailserver send the messages without it,
i.e. why use the dsmtp mailer, why not just the standard esmtp?
Then the backup mailserver tries regularly to deliver.

You can use cron to every hour do sendmail -qRyour.dom

If you MUST use some ETRN-alike functionality, you can use this method:
I have one client left on ISDN which need ETRN, I simulate it by having a
script called from inetd

In inetd.conf:
at-rtmp         stream  tcp     nowait root  /usr/local/sbin/etrnjohn
etrnjohn
(at-rtmp is just some random service from /etc/services I don't use)

/usr/local/sbin/etrnjohn:
#!/bin/sh
echo Hello
/usr/sbin/sendmail -qRjohns.dom
sleep 5

Then the client just does a telnet my.mailserver.dom at-rtmp when it wants
its mail.


> I've read the list archives on this and it was
> mentioned in there that enabling ETRN in MailScanner
> means that clients could receive unscanned virus and
> spam emails, bypassing MailScanner altogether.
>
> Is this true?
>
> Does this matter in my situation anyway since the
> primary mailserver also runs MailScanner and would
> scan the messages when it picks them up anyway?
>
I have a setup where my email clients connects to the main mailserver which
also runs mailscanner.

But my incoming MX is on another server, which runs mailscanner too,
and also sends scanned mail to clients which have their own mailserver,
sends mail to the main mailserver on another port, which is not scanned on
the mailserver.
I'm running an extra sendmail on the main mailserver which listens to that
port and delivers directly to mqueue, not mqueue.in.

That takes the load of the main mailserver, so email clients can get/send
more quickly.


> I've commented out the above "noetrn" line so I can
> continue to have my backup mail server facility
> working. Is this the best way to go about it?

NO!

Leif

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

More information about the MailScanner mailing list