MailScanner on freebsd
Lars Kristiansen
lars+lister.mailscanner at ADVENTURAS.NO
Mon Nov 21 17:16:36 GMT 2005
[ The following text is in the "iso-8859-1" character set. ]
[ Your display is set for the "US-ASCII" character set. ]
[ Some characters may be displayed incorrectly. ]
> I found this doc
> http://www.sng.ecs.soton.ac.uk/mailscanner/install/sendmail.shtml
>
> Sendmail.cf incoming QueueDirectory is setup to /var/spool/mqueue.
> Are these the right permissions?
>
> Here is the output from ls -l /var/spool
>
> drwxr-xr-x 4 root daemon 512 Oct 18 09:31 MailScanner
> drwxrwx--- 2 smmsp smmsp 52736 Nov 21 11:40 clientmqueue
> drwxr-x--- 2 root wheel 512 Nov 21 11:40 mqueue
> drwxr-x--- 2 root wheel 512 Oct 24 15:16 mqueue.in
>
> MailScanner.conf is setup as
>
> Incoming Queue Dir = /var/spool/mqueue
> Outgoing Queue Dir = /var/spool/mqueue
Is the above a typo? This is the default:
Incoming Queue Dir = /var/spool/mqueue.in
Outgoing Queue Dir = /var/spool/mqueue
>
> # Set where to unpack incoming messages before scanning them
> Incoming Work Dir = /var/spool/MailScanner/incoming
>
> Here is output ls -l /var/spool/MailScanner
> drwxr-xr-x 12 root daemon 512 Nov 21 11:16 incoming
>
> # Set where to store infected and message attachments
> Quarantine Dir = /var/spool/MailScanner/quarantine
>
> Here is output ls -l /var/spool/MailScanner
> drwxr-xr-x 2 root daemon 512 Oct 18 09:31 quarantine
>
>
>
> Marc Dufresne, Corporate IT Officer
> St. Lawrence Parks Commission
> 13740 County Road 2
> Morrisburg, ON K0C 1X0
>
> E-mail: Marc.Dufresne at parks.on.ca
> Voice: 613-543-3704 Ext#2455
> Fax: 613-543-2847
> Corporate website: www.parks.on.ca
>
>>>> brent.bolin at GMAIL.COM 11/21/2005 11:26 AM >>>
> Don't care about private discussions. The list exiled me when I called
> someone a "Dipswitch".
>
> Pretty harsh words ya think ?
>
> Do you show this?
>
> # ps auxwww|grep sendmail
> root 36220 0.0 0.3 3500 2640 ?? Ss 9:59AM 0:00.03 sendmail: accepting
> connections (sendmail)
> root 36223 0.0 0.3 3500 2624 ?? Is 9:59AM 0:00.00 sendmail: Queue
> runner at 00:15:00
> for /var/spool/mqueue (sendmail)
> smmsp 36227 0.0 0.2 3368 2520 ?? Is 9:59AM 0:00.00 sendmail: Queue
> runner at 00:15:00
> for /var/spool/clientmqueue (sendmail)
> root 36419 0.0 0.1 1448 848 p0 S+ 10:16AM 0:00.00 grep sendmail
>
> Sounds to me like your sendmail submit isn't running.
>
> Also attaching a valid submit.cf <http://submit.cf> file
>
> Make sure your using both the sendmail.cf <http://sendmail.cf> and
> submit
> files I'm sending you.
>
>
> On 11/21/05, Marc Dufresne <Marc.Dufresne at parks.on.ca> wrote:
>>
>> My apologies for the private discussions. Didn't realize I posted to
> the
>> forum.
>>
>> Sendmail is running on port 25. Sendmail is acting as a Relay for my
>> domain. I have no problem sending/receiving internet e-mail. The two
>> problems I am having are:
>>
>> 1- MailScanner doesn't seem to be scanning inbound mail.
>>
>> 2- local mail sent to root and postmaster is not being delivered.
> The
>> /var/spool/clientmqueue is backing up with e-mails sent to root and
>> postmaster.
>>
>> Here's what /var/spool/maillog is saying
>>
>> mail sm-msp-queue[1655]: i24AKJeL005105: to=postmaster,
>> delay=10:33:28,
>> xdelay=00:00:00, mailer=relay, pri=1023910,
> relay=[127.0.0.1<http://127.0.0.1>
>> ],
>> dsn=4.0.0, stat=Deferred: Connection refused by
> [127.0.0.1<http://127.0.0.1>
>> ]
>>
>> I issued the command sendmail -v root </dev/null. This is the error
> I'm
>> receiving.
>>
>> root....connecting to [127.0.0.1 <http://127.0.0.1>] via relay
>> root....Deferred: Connection refused by [127.0.0.1
> <http://127.0.0.1>]
>>
>> I have modified my /etc/mail/access to reflect
>>
>> 127.0.0.1 <http://127.0.0.1> RELAY
>> localhost.localdomain RELAY
>> localhost RELAY
>>
>> Issued a makemap hash /etc/mail/access.db < /etc/mail/access.
> Restarted
>> sendmail and still receive the Connection Refused error.
>>
>> Any ideas?
>>
>> I want to fix problem 2 first, eliminating the connection refused
>> errors. Then I want to move onto the MailScanner problem.
>>
>>
>> Marc Dufresne, Corporate IT Officer
>> St. Lawrence Parks Commission
>> 13740 County Road 2
>> Morrisburg, ON K0C 1X0
>>
>> E-mail: Marc.Dufresne at parks.on.ca
>> Voice: 613-543-3704 Ext#2455
>> Fax: 613-543-2847
>> Corporate website: www.parks.on.ca <http://www.parks.on.ca>
>>
>> >>> ugob at CAMO-ROUTE.COM 11/21/2005 9:17 AM >>>
>> Marc Dufresne wrote:
>> > Couldn't download any of your sample files. None of the links to
>> your
>> > files work.
>>
>> Looking a the links, I'm not surprised.
>>
>> The way you are quoting is making it very hard to follow. Please
> avoid
>>
>> having private discussions while using a public mailing list and
> don't
>>
>> top-post.
>>
>> >
>> > From the command line, if I issue sendmail -v root </dev/null
>> > I receive this error,
>> >
>> > root....connecting to [127.0.0.1 <http://127.0.0.1>] via relay
>> > root....Deferred: Connection refused by [127.0.0.1
> <http://127.0.0.1>]
>>
>> Is sendmail running?
>>
>> On what port/IP is it running on?
>>
>> >
>> > What files do I need to modify under /etc/mail?
>> >
>>
>> Are you familiar with Sendmail or other MTAs?
>>
>> Regards,
>>
>> Ugo
>>
>> >
>> > Marc Dufresne, Corporate IT Officer
>> > St. Lawrence Parks Commission
>> > 13740 County Road 2
>> > Morrisburg, ON K0C 1X0
>> >
>> > E-mail: Marc.Dufresne at parks.on.ca
>> > Voice: 613-543-3704 Ext#2455
>> > Fax: 613-543-2847
>> > Corporate website: www.parks.on.ca <http://www.parks.on.ca>
>> >
>> >>>> BB <brent.bolin at gmail.com> 11/20/2005 9:38 PM >>>
>> > Marc,
>> >
>> > I have attached working sendmail.mc <http://sendmail.mc> <
>> http://sendmail.mc> and
>> > sendmail.cf <http://sendmail.cf><http://sendmail.cf>files along
> with
>> /etc/rc.conf
>> startup.
>> > There are a number of things in the
>> > rc.conf that you don't need just use the sendmail portion for
>> examples.
>> > BTW
>> > /etc/defaults/rc.conf show examples and are used if /etc/rc.conf
>> does
>> > not
>> > exist. /etc/rc.conf will override /etc/defaults/rc.conf.
>> >
>> > The first thing is to get a working copy of sendmail running. Make
>> > your
>> > edits to /etc/rc.conf with the examples sent.
>> >
>> > Copy sendmail.cf <http://sendmail.cf> <http://sendmail.cf>
> /etc/mail
>> >
>> > Verify no sendmail processes are running and if they are kill the
>> pid
>> > of
>> > them. Verify again they are gone.
>> >
>> > Run "sh /etc/rc.sendmail start" . No quotes. This should start
>> > sendmail.
>> > Send your self a test message from the MTA level -
>> >
>> > sendmail -v root </dev/null Enter(the enter key)
>> >
>> > This should send a test mesage to root with no subject and
>> undisclosed
>> > recipients. Thats fine all we want to know is if sendmail is
>> running.
>> > Its
>> > also a good test to check the header files.
>> >
>> > If its working thats great, move on to MailScanner. I've included
> a
>> > working
>> > copy of a mailscanner.conf file. There are some things configured
>> that
>> > you
>> > might not be using, but all the directores are in place and are
> set
>> to
>> > defaults.
>> >
>> > Virus scanners set to none if not using (I'm using three)
>> > Spamassassin set to no if not using (I'm using 3.1.0_3)
>> > Uncomment the whitlist and blacklist file rules, I'm using
>> > SQLblacklist/whitelists
>> >
>> > I've included another file called directories.needed. Just run, it
>> > will
>> > create them if they don't exist
>> >
>> > This should be enough to get you going. Remember you need to get
>> > sendmail
>> > running first. I didn't or never have used the Makefile included
>> with
>> > the
>> > distribution. I use the m4 macro on the configuration file *.mc or
>> just
>> > use
>> > webmin. Its in the ports or can be downloaded from
>> > webmin.com <http://webmin.com><http://webmin.com>
>> > .
>> >
>> > It does not make sense to me why sendmail is running if it is
> marked
>> > to
>> > "NONE". If that dosen't do it mark the first instance with NONE
> and
>> all
>> > the
>> > others with NO
>> >
>> > BTW: There is also a nice webmin modual for MailScanner. Once
> setup
>> > things
>> > don't change much other then whitelists/blacklists. The latest
>> version
>> > of
>> > mailwatch can do this hence
>> >
>> > Is Definitely Not Spam = &SQLWhitelist
>> > Is Definitely Spam = &SQLBlacklist
>> >
>> >
>> > Hang on for the ride...
>> >
>> >
>> >
>> > On 11/20/05, Marc Dufresne <Marc.Dufresne at parks.on.ca > wrote:
>> >> I am going to explain my understanding of the MailScanner setup.
>> > Please
>> >> reveiw and let me know if I'm understanding this correctly?
>> >>
>> >> When MailScanner.conf is configured, the following parameters
>> should
>> > be
>> >> set if I'm using sendmail on FreeBSD 5.4:
>> >>
>> >> #MTA used for the Gateway
>> >> MTA=sendmail
>> >>
>> >> #Set how to invoke MTA when sending messages MailScanner has
>> created
>> >> (e.g. to sender/recipient saying "found a virus in your
> message").
>> > This
>> >> can also be the filename of a ruleset.
>> >> sendmail=/usr/sbin/sendmail
>> >>
>> >> #Incoming mail queue directory for Sendmail
>> >> Incoming Queue Directory=/var/spool/mqueue
>> >>
>> >> #Outgoing mail queue directory for Sendmail
>> >> Outgoing Queue Directory=/var/spool/mqueue
>> >>
>> >> #Incoming Queue Directory for MailScanner
>> >> /var/spool/MailScanner/incoming
>> >>
>> >> #Quarantine Directory for MailScanner
>> >> /var/spool/MailScanner/quaratine
>> >>
>> >> System Startup should be as follows:
>> >>
>> >> 1) #Disable sendmail from loading at system startup
>> >> modify /etc/rc.conf to disable sendmail load
>> >>
>> >>
>> >
>>
>>
> http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/mail-changingmta.html
>
>>
>> >
>> >>
>> >> Section 23.4.2.3 <http://23.4.2.3> <http://23.4.2.3> FreeBSD
> 5.0-STABLEand Later
>> >>
>> >> /etc/rc.conf
>> >>
>> >> sendmail_enable="NO"
>> >> sendmail_submit_enable="NO"
>> >> sendmail_outbound_enable="NO"
>> >> sendmail_msp_queue_enable="NO"
>> >>
>> >> 2) #Load MailScanner at system startup.
>> >> #Make sure mailscanner.sh file is located under
> /usr/local/etc/rc.d
>> >> in order to load MailScannner process at startup. Mailscanner.sh
>> > should
>> >> invoke sendmail and mailscanner process to start
>> scanning/delivering
>> >> mail.
>> >>
>> >> /usr/local/etc/rc.d/mailscanner.sh
>> >> _________________________________
>> >>
>> >> First Problem
>> >>
>> >> I cannot disable sendmail on bootup on FreeBSD 5.4!!!! I tried
>> >> everything. Sendmail still loads at startup???????
>> >>
>> >> Second Problem
>> >>
>> >> Once system is completly loaded and sitting at the login prompt,
> I
>> >> receive an error
>> >> NOQUEUE:SYSERROR(root):opendaemon socket:daeomon IPv4:cannot bind
>> >> address already in use
>> >>
>> >> I login, and run ps -ax (This is what I see)
>> >>
>> >> 375 ?? Ss 0:00.07 sendmail: accepting connections (sendmail)
>> >> 379 ?? Is 0:00.00 sendmail: Queue runner at 00:30:00 for
>> >> /var/spool/client
>> >>
>> >> 426 ?? Is 0:00.01 sendmail: Queue runner at 00:15:00 for
>> >> /var/spool/mqueue
>> >> 430 ?? Is 0:00.01 sendmail: Queue runner at 00:15:00 for
>> >> /var/spool/client
>> >>
>> >> 613 ?? Ss 0:00.02 /usr/bin/perl -I/usr/local/lib/MailScanner
>> >> /usr/local 614 ?? S 0:02.33 /usr/bin/perl
>> >> -I/usr/local/lib/MailScanner /usr/local
>> >> 627 ?? S 0:02.19 /usr/bin/perl -I/usr/local/lib/MailScanner
>> >> /usr/local
>> >> 630 ?? S 0:02.15 /usr/bin/perl -I/usr/local/lib/MailScanner
>> >> /usr/local
>> >> 635 ?? S 0:02.17 /usr/bin/perl -I/usr/local/lib/MailScanner
>> >> /usr/local
>> >> 636 ?? S 0:00.11 /usr/bin/perl -I/usr/local/lib/MailScanner
>> >> /usr/local
>> >>
>> >> Third Problem
>> >>
>> >> I run tail -f /var/log/maillog
>> >>
>> >> I will send test e-mails from the outside and watch sendmail
>> receive
>> >> and process incoming mail. Everyone receives e-mails from the
>> > outside,
>> >> but mailscanner does not scan any messages.
>> >>
>> >> I will issue a mailq to view /var/spool/mqueue directory.
> Directory
>> > is
>> >> always empty.
>> >>
>> >> I'm completely stumped here as to why Sendmail refuses to disable
>> at
>> >> startup and MailScanner refuses to scan e-mail messages!!!!!
>> >>
>> >> Any ideas????
>> >>
>> >>
>> >> Marc Dufresne, Corporate IT Officer
>> >> St. Lawrence Parks Commission
>> >> 13740 County Road 2
>> >> Morrisburg, ON K0C 1X0
>> >>
>> >> E-mail: Marc.Dufresne at parks.on.ca
>> >> Voice: 613-543-3704 Ext#2455
>> >> Fax: 613-543-2847
>> >> Corporate website: www.parks.on.ca <http://www.parks.on.ca> <
>> http://www.parks.on.ca>
>> >>
>> >>>>> BB <brent.bolin at gmail.com> 11/19/2005 12:38 AM >>>
>> >> Don't know if they ever got the list fixed for my replies, so I'm
>> > doing
>> >> it
>> >> direct and through the list.
>> >>
>> >> Change /etc/rc.conf or /etc/defaults/rc.conf
>> >> sendmail_enable=NONE
>> >>
>> >> Verify mailscanner is starting up with
>> > /usr/local/etc/rc.d/mailscanner
>> >> .sh
>> >>
>> >> Think you need to manually create some of the directores. Verify
>> >> MailScanner.conf for directories.
>> >>
>> >> tail -f /var/log/maillog will show you the details
>> >>
>> >> The only reason to rebuild sendmail.cf <http://sendmail.cf> <
>> http://sendmail.cf>
>> > <http://sendmail.cf/
>> >>> is to
>> >> remove
>> >> IPv6 stuff. I would use m4 macro for that. Webmin would be a good
>> >> choice to
>> >> use.
>> >>
>> >> # SMTP daemon options
>> >>
>> >> O DaemonPortOptions=Name=IPv4, Family=inet
>> >> O DaemonPortOptions=Name=IPv6, Family=inet6, Modifiers=O
>> >> O DaemonPortOptions=Port=587, Name=MSA, M=E
>> >>
>> >>
>> >> --
>> >> ACK and you shall receive
>> >>
>> >>
>> >>
>> >
>> >
>> > --
>> > ACK and you shall receive
>> >
>> > ------------------------ MailScanner list ------------------------
>> > To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
>> > 'leave mailscanner' in the body of the email.
>> > Before posting, read the Wiki (http://wiki.mailscanner.info/) and
>> > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>> >
>> > Support MailScanner development - buy the book off the website!
>> >
>> >
>> >
>>
> ------------------------------------------------------------------------
>> >
>> > BEGIN:VCARD
>> > VERSION:2.1
>> > X-GWTYPE:USER
>> > FN:Marc Dufresne
>> > TEL;WORK:613-543-3704
>> > ORG:;Information Technology
>> > TEL;PREF;FAX:613-543-2847
>> > EMAIL;WORK;PREF;NGW:Marc.Dufresne at parks.on.ca
>> > N:Dufresne;Marc
>> > TITLE:Corporate IT Officer
>> > END:VCARD
>> >
>>
>>
>> --
>> Ugo
>>
>> -> Please don't send a copy of your reply by e-mail. I read the
> list.
>> -> Please avoid top-posting, long signatures and HTML, and cut the
>> irrelevant parts in your replies.
>>
>> ------------------------ MailScanner list ------------------------
>> To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
>> 'leave mailscanner' in the body of the email.
>> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>>
>> Support MailScanner development - buy the book off the website!
>>
>> ------------------------ MailScanner list ------------------------
>> To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
>> 'leave mailscanner' in the body of the email.
>> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>>
>> Support MailScanner development - buy the book off the website!
>>
>>
>>
>
>
> --
> ACK and you shall receive
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website!
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website!
>
------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
Support MailScanner development - buy the book off the website!
More information about the MailScanner
mailing list