MailScanner on freebsd

BB brent.bolin at GMAIL.COM
Mon Nov 21 16:57:38 GMT 2005


    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Don't go there yet!.  Is sendmail working ?

sendmail -v root </dev/null



On 11/21/05, Marc Dufresne <Marc.Dufresne at parks.on.ca> wrote:
      I found this doc
      http://www.sng.ecs.soton.ac.uk/mailscanner/install/sendmail.shtml

      Sendmail.cf incoming QueueDirectory is setup to
      /var/spool/mqueue.
      Are these the right permissions?

      Here is the output from ls -l /var/spool

      drwxr-xr-x  4 root   daemon    512 Oct 18 09:31 MailScanner
      drwxrwx---  2 smmsp  smmsp   52736 Nov 21 11:40 clientmqueue
      drwxr-x---  2 root   wheel     512 Nov 21 11:40 mqueue
      drwxr-x---  2 root   wheel     512 Oct 24 15:16 mqueue.in

      MailScanner.conf is setup as

      Incoming Queue Dir = /var/spool/mqueue
      Outgoing Queue Dir = /var/spool/mqueue

      # Set where to unpack incoming messages before scanning them
      Incoming Work Dir = /var/spool/MailScanner/incoming

      Here is output  ls -l /var/spool/MailScanner
      drwxr-xr-x  12 root  daemon  512 Nov 21 11:16 incoming

      # Set where to store infected and message attachments
      Quarantine Dir = /var/spool/MailScanner/quarantine

      Here is output  ls -l /var/spool/MailScanner
      drwxr-xr-x   2 root  daemon  512 Oct 18 09:31 quarantine



      Marc Dufresne, Corporate IT Officer
      St. Lawrence Parks Commission
      13740 County Road 2
      Morrisburg, ON  K0C 1X0

      E-mail: Marc.Dufresne at parks.on.ca
      Voice: 613-543-3704  Ext#2455
      Fax: 613-543-2847
      Corporate website: www.parks.on.ca

      >>> brent.bolin at GMAIL.COM 11/21/2005 11:26 AM >>>
      Don't care about private discussions. The list exiled me when
      I called
      someone a "Dipswitch".

      Pretty harsh words ya think ?

      Do you show this?

      # ps auxwww|grep sendmail
      root 36220 0.0 0.3 3500 2640 ?? Ss 9:59AM 0:00.03 sendmail:
      accepting
      connections (sendmail)
      root 36223 0.0 0.3 3500 2624 ?? Is 9:59AM 0:00.00 sendmail:
      Queue
      runner at 00:15:00
      for /var/spool/mqueue (sendmail)
      smmsp 36227 0.0 0.2 3368 2520 ?? Is 9:59AM 0:00.00 sendmail:
      Queue
      runner at 00:15:00
      for /var/spool/clientmqueue (sendmail)
      root 36419 0.0 0.1 1448 848 p0 S+ 10:16AM 0:00.00 grep
      sendmail

      Sounds to me like your sendmail submit isn't running.

      Also attaching a valid submit.cf <http://submit.cf> file

      Make sure your using both the sendmail.cf <
      http://sendmail.cf> and
      submit
      files I'm sending you.


      On 11/21/05, Marc Dufresne <Marc.Dufresne at parks.on.ca> wrote:
      >
      > My apologies for the private discussions. Didn't realize I
      posted to
      the
      > forum.
      >
      > Sendmail is running on port 25. Sendmail is acting as a
      Relay for my
      > domain. I have no problem sending/receiving internet
      e-mail. The two
      > problems I am having are:
      >
      > 1- MailScanner doesn't seem to be scanning inbound mail.
      >
      > 2- local mail sent to root and postmaster is not being
      delivered.
      The
      > /var/spool/clientmqueue is backing up with e-mails sent to
      root and
      > postmaster.
      >
      > Here's what /var/spool/maillog is saying
      >
      > mail sm-msp-queue[1655]: i24AKJeL005105: to=postmaster,
      > delay=10:33:28,
      > xdelay=00:00:00, mailer=relay, pri=1023910,
      relay=[numericlinkwarning 127.0.0.1<numericlinkwarning
      http://127.0.0.1>
      > ],
      > dsn=4.0.0, stat=Deferred: Connection refused by
      [numericlinkwarning 127.0.0.1< numericlinkwarning
      http://127.0.0.1>
      > ]
      >
      > I issued the command sendmail -v root </dev/null. This is
      the error
      I'm
      > receiving.
      >
      > root....connecting to [numericlinkwarning 127.0.0.1
      <numericlinkwarning http://127.0.0.1>] via relay
      > root....Deferred: Connection refused by [numericlinkwarning
      127.0.0.1
      <numericlinkwarning http://127.0.0.1 >]
      >
      > I have modified my /etc/mail/access to reflect
      >
      > numericlinkwarning 127.0.0.1 <numericlinkwarning
      http://127.0.0.1> RELAY
      > localhost.localdomain RELAY
      > localhost RELAY
      >
      > Issued a makemap hash /etc/mail/access.db <
      /etc/mail/access.
      Restarted
      > sendmail and still receive the Connection Refused error.
      >
      > Any ideas?
      >
      > I want to fix problem 2 first, eliminating the connection
      refused
      > errors. Then I want to move onto the MailScanner problem.
      >
      >
      > Marc Dufresne, Corporate IT Officer
      > St. Lawrence Parks Commission
      > 13740 County Road 2
      > Morrisburg, ON K0C 1X0
      >
      > E-mail: Marc.Dufresne at parks.on.ca
      > Voice: 613-543-3704 Ext#2455
      > Fax: 613-543-2847
      > Corporate website: www.parks.on.ca <http://www.parks.on.ca>
      >
      > >>> ugob at CAMO-ROUTE.COM 11/21/2005 9:17 AM >>>
      > Marc Dufresne wrote:
      > > Couldn't download any of your sample files. None of the
      links to
      > your
      > > files work.
      >
      > Looking a the links, I'm not surprised.
      >
      > The way you are quoting is making it very hard to follow.
      Please
      avoid
      >
      > having private discussions while using a public mailing
      list and
      don't
      >
      > top-post.
      >
      > >
      > > From the command line, if I issue sendmail -v root
      </dev/null
      > > I receive this error,
      > >
      > > root....connecting to [numericlinkwarning 127.0.0.1
      <numericlinkwarning http://127.0.0.1>] via relay
      > > root....Deferred: Connection refused by
      [numericlinkwarning 127.0.0.1
      <numericlinkwarning http://127.0.0.1>]
      >
      > Is sendmail running?
      >
      > On what port/IP is it running on?
      >
      > >
      > > What files do I need to modify under /etc/mail?
      > >
      >
      > Are you familiar with Sendmail or other MTAs?
      >
      > Regards,
      >
      > Ugo
      >
      > >
      > > Marc Dufresne, Corporate IT Officer
      > > St. Lawrence Parks Commission
      > > 13740 County Road 2
      > > Morrisburg, ON K0C 1X0
      > >
      > > E-mail: Marc.Dufresne at parks.on.ca
      > > Voice: 613-543-3704 Ext#2455
      > > Fax: 613-543-2847
      > > Corporate website: www.parks.on.ca
      <http://www.parks.on.ca>
      > >
      > >>>> BB <brent.bolin at gmail.com> 11/20/2005 9:38 PM >>>
      > > Marc,
      > >
      > > I have attached working sendmail.mc <http://sendmail.mc>
      <
      > http://sendmail.mc > and
      > > sendmail.cf <http://sendmail.cf><http://sendmail.cf>files
      along
      with
      > /etc/rc.conf
      > startup.
      > > There are a number of things in the
      > > rc.conf that you don't need just use the sendmail portion
      for
      > examples.
      > > BTW
      > > /etc/defaults/rc.conf show examples and are used if
      /etc/rc.conf
      > does
      > > not
      > > exist. /etc/rc.conf will override /etc/defaults/rc.conf.
      > >
      > > The first thing is to get a working copy of sendmail
      running. Make
      > > your
      > > edits to /etc/rc.conf with the examples sent.
      > >
      > > Copy sendmail.cf <http://sendmail.cf>
      <http://sendmail.cf>
      /etc/mail
      > >
      > > Verify no sendmail processes are running and if they are
      kill the
      > pid
      > > of
      > > them. Verify again they are gone.
      > >
      > > Run "sh /etc/rc.sendmail start" . No quotes. This should
      start
      > > sendmail.
      > > Send your self a test message from the MTA level -
      > >
      > > sendmail -v root </dev/null Enter(the enter key)
      > >
      > > This should send a test mesage to root with no subject
      and
      > undisclosed
      > > recipients. Thats fine all we want to know is if sendmail
      is
      > running.
      > > Its
      > > also a good test to check the header files.
      > >
      > > If its working thats great, move on to MailScanner. I've
      included
      a
      > > working
      > > copy of a mailscanner.conf file. There are some things
      configured
      > that
      > > you
      > > might not be using, but all the directores are in place
      and are
      set
      > to
      > > defaults.
      > >
      > > Virus scanners set to none if not using (I'm using three)
      > > Spamassassin set to no if not using (I'm using 3.1.0_3)
      > > Uncomment the whitlist and blacklist file rules, I'm
      using
      > > SQLblacklist/whitelists
      > >
      > > I've included another file called directories.needed.
      Just run, it
      > > will
      > > create them if they don't exist
      > >
      > > This should be enough to get you going. Remember you need
      to get
      > > sendmail
      > > running first. I didn't or never have used the Makefile
      included
      > with
      > > the
      > > distribution. I use the m4 macro on the configuration
      file *.mc or
      > just
      > > use
      > > webmin. Its in the ports or can be downloaded from
      > > webmin.com <http://webmin.com>< http://webmin.com>
      > > .
      > >
      > > It does not make sense to me why sendmail is running if
      it is
      marked
      > > to
      > > "NONE". If that dosen't do it mark the first instance
      with NONE
      and
      > all
      > > the
      > > others with NO
      > >
      > > BTW: There is also a nice webmin modual for MailScanner.
      Once
      setup
      > > things
      > > don't change much other then whitelists/blacklists. The
      latest
      > version
      > > of
      > > mailwatch can do this hence
      > >
      > > Is Definitely Not Spam = &SQLWhitelist
      > > Is Definitely Spam = &SQLBlacklist
      > >
      > >
      > > Hang on for the ride...
      > >
      > >
      > >
      > > On 11/20/05, Marc Dufresne <Marc.Dufresne at parks.on.ca >
      wrote:
      > >> I am going to explain my understanding of the
      MailScanner setup.
      > > Please
      > >> reveiw and let me know if I'm understanding this
      correctly?
      > >>
      > >> When MailScanner.conf is configured, the following
      parameters
      > should
      > > be
      > >> set if I'm using sendmail on FreeBSD 5.4:
      > >>
      > >> #MTA used for the Gateway
      > >> MTA=sendmail
      > >>
      > >> #Set how to invoke MTA when sending messages MailScanner
      has
      > created
      > >> (e.g. to sender/recipient saying "found a virus in your
      message").
      > > This
      > >> can also be the filename of a ruleset.
      > >> sendmail=/usr/sbin/sendmail
      > >>
      > >> #Incoming mail queue directory for Sendmail
      > >> Incoming Queue Directory=/var/spool/mqueue
      > >>
      > >> #Outgoing mail queue directory for Sendmail
      > >> Outgoing Queue Directory=/var/spool/mqueue
      > >>
      > >> #Incoming Queue Directory for MailScanner
      > >> /var/spool/MailScanner/incoming
      > >>
      > >> #Quarantine Directory for MailScanner
      > >> /var/spool/MailScanner/quaratine
      > >>
      > >> System Startup should be as follows:
      > >>
      > >> 1) #Disable sendmail from loading at system startup
      > >> modify /etc/rc.conf to disable sendmail load
      > >>
      > >>
      > >
      >
      >
      http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/mail-changingmta.html

      >
      > >
      > >>
      > >> Section numericlinkwarning 23.4.2.3 <numericlinkwarning
      http://23.4.2.3> <numericlinkwarning http://23.4.2.3> FreeBSD
      5.0-STABLEand Later
      > >>
      > >> /etc/rc.conf
      > >>
      > >> sendmail_enable="NO"
      > >> sendmail_submit_enable="NO"
      > >> sendmail_outbound_enable="NO"
      > >> sendmail_msp_queue_enable="NO"
      > >>
      > >> 2) #Load MailScanner at system startup.
      > >> #Make sure mailscanner.sh file is located under
      /usr/local/etc/rc.d
      > >> in order to load MailScannner process at startup.
      Mailscanner.sh
      > > should
      > >> invoke sendmail and mailscanner process to start
      > scanning/delivering
      > >> mail.
      > >>
      > >> /usr/local/etc/rc.d/mailscanner.sh
      > >> _________________________________
      > >>
      > >> First Problem
      > >>
      > >> I cannot disable sendmail on bootup on FreeBSD 5.4!!!! I
      tried
      > >> everything. Sendmail still loads at startup???????
      > >>
      > >> Second Problem
      > >>
      > >> Once system is completly loaded and sitting at the login
      prompt,
      I
      > >> receive an error
      > >> NOQUEUE:SYSERROR(root):opendaemon socket:daeomon
      IPv4:cannot bind
      > >> address already in use
      > >>
      > >> I login, and run ps -ax (This is what I see)
      > >>
      > >> 375 ?? Ss 0:00.07 sendmail: accepting connections
      (sendmail)
      > >> 379 ?? Is 0:00.00 sendmail: Queue runner at 00:30:00 for
      > >> /var/spool/client
      > >>
      > >> 426 ?? Is 0:00.01 sendmail: Queue runner at 00:15:00 for
      > >> /var/spool/mqueue
      > >> 430 ?? Is 0:00.01 sendmail: Queue runner at 00:15:00 for
      > >> /var/spool/client
      > >>
      > >> 613 ?? Ss 0:00.02 /usr/bin/perl
      -I/usr/local/lib/MailScanner
      > >> /usr/local 614 ?? S 0:02.33 /usr/bin/perl
      > >> -I/usr/local/lib/MailScanner /usr/local
      > >> 627 ?? S 0: 02.19 /usr/bin/perl
      -I/usr/local/lib/MailScanner
      > >> /usr/local
      > >> 630 ?? S 0:02.15 /usr/bin/perl
      -I/usr/local/lib/MailScanner
      > >> /usr/local
      > >> 635 ?? S 0:02.17 /usr/bin/perl
      -I/usr/local/lib/MailScanner
      > >> /usr/local
      > >> 636 ?? S 0:00.11 /usr/bin/perl
      -I/usr/local/lib/MailScanner
      > >> /usr/local
      > >>
      > >> Third Problem
      > >>
      > >> I run tail -f /var/log/maillog
      > >>
      > >> I will send test e-mails from the outside and watch
      sendmail
      > receive
      > >> and process incoming mail. Everyone receives e-mails
      from the
      > > outside,
      > >> but mailscanner does not scan any messages.
      > >>
      > >> I will issue a mailq to view /var/spool/mqueue
      directory.
      Directory
      > > is
      > >> always empty.
      > >>
      > >> I'm completely stumped here as to why Sendmail refuses
      to disable
      > at
      > >> startup and MailScanner refuses to scan e-mail
      messages!!!!!
      > >>
      > >> Any ideas????
      > >>
      > >>
      > >> Marc Dufresne, Corporate IT Officer
      > >> St. Lawrence Parks Commission
      > >> 13740 County Road 2
      > >> Morrisburg, ON K0C 1X0
      > >>
      > >> E-mail: Marc.Dufresne at parks.on.ca
      > >> Voice: 613-543-3704 Ext#2455
      > >> Fax: 613-543-2847
      > >> Corporate website: www.parks.on.ca
      <http://www.parks.on.ca > <
      > http://www.parks.on.ca>
      > >>
      > >>>>> BB <brent.bolin at gmail.com> 11/19/2005 12:38 AM >>>
      > >> Don't know if they ever got the list fixed for my
      replies, so I'm
      > > doing
      > >> it
      > >> direct and through the list.
      > >>
      > >> Change /etc/rc.conf or /etc/defaults/rc.conf
      > >> sendmail_enable=NONE
      > >>
      > >> Verify mailscanner is starting up with
      > > /usr/local/etc/rc.d/mailscanner
      > >> .sh
      > >>
      > >> Think you need to manually create some of the
      directores. Verify
      > >> MailScanner.conf for directories.
      > >>
      > >> tail -f /var/log/maillog will show you the details
      > >>
      > >> The only reason to rebuild sendmail.cf
      <http://sendmail.cf> <
      > http://sendmail.cf>
      > > <http://sendmail.cf/
      > >>> is to
      > >> remove
      > >> IPv6 stuff. I would use m4 macro for that. Webmin would
      be a good
      > >> choice to
      > >> use.
      > >>
      > >> # SMTP daemon options
      > >>
      > >> O DaemonPortOptions=Name=IPv4, Family=inet
      > >> O DaemonPortOptions=Name=IPv6, Family=inet6, Modifiers=O
      > >> O DaemonPortOptions=Port=587, Name=MSA, M=E
      > >>
      > >>
      > >> --
      > >> ACK and you shall receive
      > >>
      > >>
      > >>
      > >
      > >
      > > --
      > > ACK and you shall receive
      > >
      > > ------------------------ MailScanner list
      ------------------------
      > > To unsubscribe, email jiscmail at jiscmail.ac.uk with the
      words:
      > > 'leave mailscanner' in the body of the email.
      > > Before posting, read the Wiki (
      http://wiki.mailscanner.info/) and
      > > the archives
      (http://www.jiscmail.ac.uk/lists/mailscanner.html).
      > >
      > > Support MailScanner development - buy the book off the
      website!
      > >
      > >
      > >
      >
      ------------------------------------------------------------------------
      > >
      > > BEGIN:VCARD
      > > VERSION:2.1
      > > X-GWTYPE:USER
      > > FN:Marc Dufresne
      > > TEL;WORK:613-543-3704
      > > ORG:;Information Technology
      > > TEL;PREF;FAX:613-543-2847
      > > EMAIL;WORK;PREF;NGW:Marc.Dufresne at parks.on.ca
      > > N:Dufresne;Marc
      > > TITLE:Corporate IT Officer
      > > END:VCARD
      > >
      >
      >
      > --
      > Ugo
      >
      > -> Please don't send a copy of your reply by e-mail. I read
      the
      list.
      > -> Please avoid top-posting, long signatures and HTML, and
      cut the
      > irrelevant parts in your replies.
      >
      > ------------------------ MailScanner list
      ------------------------
      > To unsubscribe, email jiscmail at jiscmail.ac.uk with the
      words:
      > 'leave mailscanner' in the body of the email.
      > Before posting, read the Wiki
      (http://wiki.mailscanner.info/) and
      > the archives
      (http://www.jiscmail.ac.uk/lists/mailscanner.html ).
      >
      > Support MailScanner development - buy the book off the
      website!
      >
      > ------------------------ MailScanner list
      ------------------------
      > To unsubscribe, email jiscmail at jiscmail.ac.uk with the
      words:
      > 'leave mailscanner' in the body of the email.
      > Before posting, read the Wiki
      (http://wiki.mailscanner.info/) and
      > the archives (
      http://www.jiscmail.ac.uk/lists/mailscanner.html).
      >
      > Support MailScanner development - buy the book off the
      website!
      >
      >
      >


      --
      ACK and you shall receive

      ------------------------ MailScanner list
      ------------------------
      To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
      'leave mailscanner' in the body of the email.
      Before posting, read the Wiki (http://wiki.mailscanner.info/)
      and
      the archives (
      http://www.jiscmail.ac.uk/lists/mailscanner.html).

      Support MailScanner development - buy the book off the
      website!

      ------------------------ MailScanner list
      ------------------------
      To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
      'leave mailscanner' in the body of the email.
      Before posting, read the Wiki (http://wiki.mailscanner.info/
      ) and
      the archives
      (http://www.jiscmail.ac.uk/lists/mailscanner.html).

      Support MailScanner development - buy the book off the
      website!





--
ACK and you shall receive
------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/)
and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!




More information about the MailScanner mailing list