MailScanner on freebsd
BB
brent.bolin at GMAIL.COM
Mon Nov 21 16:57:38 GMT 2005
[ The following text is in the "ISO-8859-1" character set. ]
[ Your display is set for the "US-ASCII" character set. ]
[ Some characters may be displayed incorrectly. ]
Don't go there yet!. Is sendmail working ?
sendmail -v root </dev/null
On 11/21/05, Marc Dufresne <Marc.Dufresne at parks.on.ca> wrote:
I found this doc
http://www.sng.ecs.soton.ac.uk/mailscanner/install/sendmail.shtml
Sendmail.cf incoming QueueDirectory is setup to
/var/spool/mqueue.
Are these the right permissions?
Here is the output from ls -l /var/spool
drwxr-xr-x 4 root daemon 512 Oct 18 09:31 MailScanner
drwxrwx--- 2 smmsp smmsp 52736 Nov 21 11:40 clientmqueue
drwxr-x--- 2 root wheel 512 Nov 21 11:40 mqueue
drwxr-x--- 2 root wheel 512 Oct 24 15:16 mqueue.in
MailScanner.conf is setup as
Incoming Queue Dir = /var/spool/mqueue
Outgoing Queue Dir = /var/spool/mqueue
# Set where to unpack incoming messages before scanning them
Incoming Work Dir = /var/spool/MailScanner/incoming
Here is output ls -l /var/spool/MailScanner
drwxr-xr-x 12 root daemon 512 Nov 21 11:16 incoming
# Set where to store infected and message attachments
Quarantine Dir = /var/spool/MailScanner/quarantine
Here is output ls -l /var/spool/MailScanner
drwxr-xr-x 2 root daemon 512 Oct 18 09:31 quarantine
Marc Dufresne, Corporate IT Officer
St. Lawrence Parks Commission
13740 County Road 2
Morrisburg, ON K0C 1X0
E-mail: Marc.Dufresne at parks.on.ca
Voice: 613-543-3704 Ext#2455
Fax: 613-543-2847
Corporate website: www.parks.on.ca
>>> brent.bolin at GMAIL.COM 11/21/2005 11:26 AM >>>
Don't care about private discussions. The list exiled me when
I called
someone a "Dipswitch".
Pretty harsh words ya think ?
Do you show this?
# ps auxwww|grep sendmail
root 36220 0.0 0.3 3500 2640 ?? Ss 9:59AM 0:00.03 sendmail:
accepting
connections (sendmail)
root 36223 0.0 0.3 3500 2624 ?? Is 9:59AM 0:00.00 sendmail:
Queue
runner at 00:15:00
for /var/spool/mqueue (sendmail)
smmsp 36227 0.0 0.2 3368 2520 ?? Is 9:59AM 0:00.00 sendmail:
Queue
runner at 00:15:00
for /var/spool/clientmqueue (sendmail)
root 36419 0.0 0.1 1448 848 p0 S+ 10:16AM 0:00.00 grep
sendmail
Sounds to me like your sendmail submit isn't running.
Also attaching a valid submit.cf <http://submit.cf> file
Make sure your using both the sendmail.cf <
http://sendmail.cf> and
submit
files I'm sending you.
On 11/21/05, Marc Dufresne <Marc.Dufresne at parks.on.ca> wrote:
>
> My apologies for the private discussions. Didn't realize I
posted to
the
> forum.
>
> Sendmail is running on port 25. Sendmail is acting as a
Relay for my
> domain. I have no problem sending/receiving internet
e-mail. The two
> problems I am having are:
>
> 1- MailScanner doesn't seem to be scanning inbound mail.
>
> 2- local mail sent to root and postmaster is not being
delivered.
The
> /var/spool/clientmqueue is backing up with e-mails sent to
root and
> postmaster.
>
> Here's what /var/spool/maillog is saying
>
> mail sm-msp-queue[1655]: i24AKJeL005105: to=postmaster,
> delay=10:33:28,
> xdelay=00:00:00, mailer=relay, pri=1023910,
relay=[numericlinkwarning 127.0.0.1<numericlinkwarning
http://127.0.0.1>
> ],
> dsn=4.0.0, stat=Deferred: Connection refused by
[numericlinkwarning 127.0.0.1< numericlinkwarning
http://127.0.0.1>
> ]
>
> I issued the command sendmail -v root </dev/null. This is
the error
I'm
> receiving.
>
> root....connecting to [numericlinkwarning 127.0.0.1
<numericlinkwarning http://127.0.0.1>] via relay
> root....Deferred: Connection refused by [numericlinkwarning
127.0.0.1
<numericlinkwarning http://127.0.0.1 >]
>
> I have modified my /etc/mail/access to reflect
>
> numericlinkwarning 127.0.0.1 <numericlinkwarning
http://127.0.0.1> RELAY
> localhost.localdomain RELAY
> localhost RELAY
>
> Issued a makemap hash /etc/mail/access.db <
/etc/mail/access.
Restarted
> sendmail and still receive the Connection Refused error.
>
> Any ideas?
>
> I want to fix problem 2 first, eliminating the connection
refused
> errors. Then I want to move onto the MailScanner problem.
>
>
> Marc Dufresne, Corporate IT Officer
> St. Lawrence Parks Commission
> 13740 County Road 2
> Morrisburg, ON K0C 1X0
>
> E-mail: Marc.Dufresne at parks.on.ca
> Voice: 613-543-3704 Ext#2455
> Fax: 613-543-2847
> Corporate website: www.parks.on.ca <http://www.parks.on.ca>
>
> >>> ugob at CAMO-ROUTE.COM 11/21/2005 9:17 AM >>>
> Marc Dufresne wrote:
> > Couldn't download any of your sample files. None of the
links to
> your
> > files work.
>
> Looking a the links, I'm not surprised.
>
> The way you are quoting is making it very hard to follow.
Please
avoid
>
> having private discussions while using a public mailing
list and
don't
>
> top-post.
>
> >
> > From the command line, if I issue sendmail -v root
</dev/null
> > I receive this error,
> >
> > root....connecting to [numericlinkwarning 127.0.0.1
<numericlinkwarning http://127.0.0.1>] via relay
> > root....Deferred: Connection refused by
[numericlinkwarning 127.0.0.1
<numericlinkwarning http://127.0.0.1>]
>
> Is sendmail running?
>
> On what port/IP is it running on?
>
> >
> > What files do I need to modify under /etc/mail?
> >
>
> Are you familiar with Sendmail or other MTAs?
>
> Regards,
>
> Ugo
>
> >
> > Marc Dufresne, Corporate IT Officer
> > St. Lawrence Parks Commission
> > 13740 County Road 2
> > Morrisburg, ON K0C 1X0
> >
> > E-mail: Marc.Dufresne at parks.on.ca
> > Voice: 613-543-3704 Ext#2455
> > Fax: 613-543-2847
> > Corporate website: www.parks.on.ca
<http://www.parks.on.ca>
> >
> >>>> BB <brent.bolin at gmail.com> 11/20/2005 9:38 PM >>>
> > Marc,
> >
> > I have attached working sendmail.mc <http://sendmail.mc>
<
> http://sendmail.mc > and
> > sendmail.cf <http://sendmail.cf><http://sendmail.cf>files
along
with
> /etc/rc.conf
> startup.
> > There are a number of things in the
> > rc.conf that you don't need just use the sendmail portion
for
> examples.
> > BTW
> > /etc/defaults/rc.conf show examples and are used if
/etc/rc.conf
> does
> > not
> > exist. /etc/rc.conf will override /etc/defaults/rc.conf.
> >
> > The first thing is to get a working copy of sendmail
running. Make
> > your
> > edits to /etc/rc.conf with the examples sent.
> >
> > Copy sendmail.cf <http://sendmail.cf>
<http://sendmail.cf>
/etc/mail
> >
> > Verify no sendmail processes are running and if they are
kill the
> pid
> > of
> > them. Verify again they are gone.
> >
> > Run "sh /etc/rc.sendmail start" . No quotes. This should
start
> > sendmail.
> > Send your self a test message from the MTA level -
> >
> > sendmail -v root </dev/null Enter(the enter key)
> >
> > This should send a test mesage to root with no subject
and
> undisclosed
> > recipients. Thats fine all we want to know is if sendmail
is
> running.
> > Its
> > also a good test to check the header files.
> >
> > If its working thats great, move on to MailScanner. I've
included
a
> > working
> > copy of a mailscanner.conf file. There are some things
configured
> that
> > you
> > might not be using, but all the directores are in place
and are
set
> to
> > defaults.
> >
> > Virus scanners set to none if not using (I'm using three)
> > Spamassassin set to no if not using (I'm using 3.1.0_3)
> > Uncomment the whitlist and blacklist file rules, I'm
using
> > SQLblacklist/whitelists
> >
> > I've included another file called directories.needed.
Just run, it
> > will
> > create them if they don't exist
> >
> > This should be enough to get you going. Remember you need
to get
> > sendmail
> > running first. I didn't or never have used the Makefile
included
> with
> > the
> > distribution. I use the m4 macro on the configuration
file *.mc or
> just
> > use
> > webmin. Its in the ports or can be downloaded from
> > webmin.com <http://webmin.com>< http://webmin.com>
> > .
> >
> > It does not make sense to me why sendmail is running if
it is
marked
> > to
> > "NONE". If that dosen't do it mark the first instance
with NONE
and
> all
> > the
> > others with NO
> >
> > BTW: There is also a nice webmin modual for MailScanner.
Once
setup
> > things
> > don't change much other then whitelists/blacklists. The
latest
> version
> > of
> > mailwatch can do this hence
> >
> > Is Definitely Not Spam = &SQLWhitelist
> > Is Definitely Spam = &SQLBlacklist
> >
> >
> > Hang on for the ride...
> >
> >
> >
> > On 11/20/05, Marc Dufresne <Marc.Dufresne at parks.on.ca >
wrote:
> >> I am going to explain my understanding of the
MailScanner setup.
> > Please
> >> reveiw and let me know if I'm understanding this
correctly?
> >>
> >> When MailScanner.conf is configured, the following
parameters
> should
> > be
> >> set if I'm using sendmail on FreeBSD 5.4:
> >>
> >> #MTA used for the Gateway
> >> MTA=sendmail
> >>
> >> #Set how to invoke MTA when sending messages MailScanner
has
> created
> >> (e.g. to sender/recipient saying "found a virus in your
message").
> > This
> >> can also be the filename of a ruleset.
> >> sendmail=/usr/sbin/sendmail
> >>
> >> #Incoming mail queue directory for Sendmail
> >> Incoming Queue Directory=/var/spool/mqueue
> >>
> >> #Outgoing mail queue directory for Sendmail
> >> Outgoing Queue Directory=/var/spool/mqueue
> >>
> >> #Incoming Queue Directory for MailScanner
> >> /var/spool/MailScanner/incoming
> >>
> >> #Quarantine Directory for MailScanner
> >> /var/spool/MailScanner/quaratine
> >>
> >> System Startup should be as follows:
> >>
> >> 1) #Disable sendmail from loading at system startup
> >> modify /etc/rc.conf to disable sendmail load
> >>
> >>
> >
>
>
http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/mail-changingmta.html
>
> >
> >>
> >> Section numericlinkwarning 23.4.2.3 <numericlinkwarning
http://23.4.2.3> <numericlinkwarning http://23.4.2.3> FreeBSD
5.0-STABLEand Later
> >>
> >> /etc/rc.conf
> >>
> >> sendmail_enable="NO"
> >> sendmail_submit_enable="NO"
> >> sendmail_outbound_enable="NO"
> >> sendmail_msp_queue_enable="NO"
> >>
> >> 2) #Load MailScanner at system startup.
> >> #Make sure mailscanner.sh file is located under
/usr/local/etc/rc.d
> >> in order to load MailScannner process at startup.
Mailscanner.sh
> > should
> >> invoke sendmail and mailscanner process to start
> scanning/delivering
> >> mail.
> >>
> >> /usr/local/etc/rc.d/mailscanner.sh
> >> _________________________________
> >>
> >> First Problem
> >>
> >> I cannot disable sendmail on bootup on FreeBSD 5.4!!!! I
tried
> >> everything. Sendmail still loads at startup???????
> >>
> >> Second Problem
> >>
> >> Once system is completly loaded and sitting at the login
prompt,
I
> >> receive an error
> >> NOQUEUE:SYSERROR(root):opendaemon socket:daeomon
IPv4:cannot bind
> >> address already in use
> >>
> >> I login, and run ps -ax (This is what I see)
> >>
> >> 375 ?? Ss 0:00.07 sendmail: accepting connections
(sendmail)
> >> 379 ?? Is 0:00.00 sendmail: Queue runner at 00:30:00 for
> >> /var/spool/client
> >>
> >> 426 ?? Is 0:00.01 sendmail: Queue runner at 00:15:00 for
> >> /var/spool/mqueue
> >> 430 ?? Is 0:00.01 sendmail: Queue runner at 00:15:00 for
> >> /var/spool/client
> >>
> >> 613 ?? Ss 0:00.02 /usr/bin/perl
-I/usr/local/lib/MailScanner
> >> /usr/local 614 ?? S 0:02.33 /usr/bin/perl
> >> -I/usr/local/lib/MailScanner /usr/local
> >> 627 ?? S 0: 02.19 /usr/bin/perl
-I/usr/local/lib/MailScanner
> >> /usr/local
> >> 630 ?? S 0:02.15 /usr/bin/perl
-I/usr/local/lib/MailScanner
> >> /usr/local
> >> 635 ?? S 0:02.17 /usr/bin/perl
-I/usr/local/lib/MailScanner
> >> /usr/local
> >> 636 ?? S 0:00.11 /usr/bin/perl
-I/usr/local/lib/MailScanner
> >> /usr/local
> >>
> >> Third Problem
> >>
> >> I run tail -f /var/log/maillog
> >>
> >> I will send test e-mails from the outside and watch
sendmail
> receive
> >> and process incoming mail. Everyone receives e-mails
from the
> > outside,
> >> but mailscanner does not scan any messages.
> >>
> >> I will issue a mailq to view /var/spool/mqueue
directory.
Directory
> > is
> >> always empty.
> >>
> >> I'm completely stumped here as to why Sendmail refuses
to disable
> at
> >> startup and MailScanner refuses to scan e-mail
messages!!!!!
> >>
> >> Any ideas????
> >>
> >>
> >> Marc Dufresne, Corporate IT Officer
> >> St. Lawrence Parks Commission
> >> 13740 County Road 2
> >> Morrisburg, ON K0C 1X0
> >>
> >> E-mail: Marc.Dufresne at parks.on.ca
> >> Voice: 613-543-3704 Ext#2455
> >> Fax: 613-543-2847
> >> Corporate website: www.parks.on.ca
<http://www.parks.on.ca > <
> http://www.parks.on.ca>
> >>
> >>>>> BB <brent.bolin at gmail.com> 11/19/2005 12:38 AM >>>
> >> Don't know if they ever got the list fixed for my
replies, so I'm
> > doing
> >> it
> >> direct and through the list.
> >>
> >> Change /etc/rc.conf or /etc/defaults/rc.conf
> >> sendmail_enable=NONE
> >>
> >> Verify mailscanner is starting up with
> > /usr/local/etc/rc.d/mailscanner
> >> .sh
> >>
> >> Think you need to manually create some of the
directores. Verify
> >> MailScanner.conf for directories.
> >>
> >> tail -f /var/log/maillog will show you the details
> >>
> >> The only reason to rebuild sendmail.cf
<http://sendmail.cf> <
> http://sendmail.cf>
> > <http://sendmail.cf/
> >>> is to
> >> remove
> >> IPv6 stuff. I would use m4 macro for that. Webmin would
be a good
> >> choice to
> >> use.
> >>
> >> # SMTP daemon options
> >>
> >> O DaemonPortOptions=Name=IPv4, Family=inet
> >> O DaemonPortOptions=Name=IPv6, Family=inet6, Modifiers=O
> >> O DaemonPortOptions=Port=587, Name=MSA, M=E
> >>
> >>
> >> --
> >> ACK and you shall receive
> >>
> >>
> >>
> >
> >
> > --
> > ACK and you shall receive
> >
> > ------------------------ MailScanner list
------------------------
> > To unsubscribe, email jiscmail at jiscmail.ac.uk with the
words:
> > 'leave mailscanner' in the body of the email.
> > Before posting, read the Wiki (
http://wiki.mailscanner.info/) and
> > the archives
(http://www.jiscmail.ac.uk/lists/mailscanner.html).
> >
> > Support MailScanner development - buy the book off the
website!
> >
> >
> >
>
------------------------------------------------------------------------
> >
> > BEGIN:VCARD
> > VERSION:2.1
> > X-GWTYPE:USER
> > FN:Marc Dufresne
> > TEL;WORK:613-543-3704
> > ORG:;Information Technology
> > TEL;PREF;FAX:613-543-2847
> > EMAIL;WORK;PREF;NGW:Marc.Dufresne at parks.on.ca
> > N:Dufresne;Marc
> > TITLE:Corporate IT Officer
> > END:VCARD
> >
>
>
> --
> Ugo
>
> -> Please don't send a copy of your reply by e-mail. I read
the
list.
> -> Please avoid top-posting, long signatures and HTML, and
cut the
> irrelevant parts in your replies.
>
> ------------------------ MailScanner list
------------------------
> To unsubscribe, email jiscmail at jiscmail.ac.uk with the
words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki
(http://wiki.mailscanner.info/) and
> the archives
(http://www.jiscmail.ac.uk/lists/mailscanner.html ).
>
> Support MailScanner development - buy the book off the
website!
>
> ------------------------ MailScanner list
------------------------
> To unsubscribe, email jiscmail at jiscmail.ac.uk with the
words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki
(http://wiki.mailscanner.info/) and
> the archives (
http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the
website!
>
>
>
--
ACK and you shall receive
------------------------ MailScanner list
------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/)
and
the archives (
http://www.jiscmail.ac.uk/lists/mailscanner.html).
Support MailScanner development - buy the book off the
website!
------------------------ MailScanner list
------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/
) and
the archives
(http://www.jiscmail.ac.uk/lists/mailscanner.html).
Support MailScanner development - buy the book off the
website!
--
ACK and you shall receive
------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/)
and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
Support MailScanner development - buy the book off the website!
More information about the MailScanner
mailing list