MailScanner on freebsd

Marc Dufresne Marc.Dufresne at PARKS.ON.CA
Mon Nov 21 17:18:27 GMT 2005 

No sendmail -v root </dev/null still says connection refused. I just
checked my /etc/hosts.allow file which has:

ALL : localhost 127.0.0.1 [::1] : allow
sendmail : localhost : allow
sendmail : ALL : allow

What is [::1] ? I never seen that reference.


Marc Dufresne, Corporate IT Officer
St. Lawrence Parks Commission
13740 County Road 2
Morrisburg, ON  K0C 1X0

E-mail: Marc.Dufresne at parks.on.ca
Voice: 613-543-3704  Ext#2455
Fax: 613-543-2847
Corporate website: www.parks.on.ca

>>> brent.bolin at GMAIL.COM 11/21/2005 11:57 AM >>>
Don't go there yet!. Is sendmail working ?

sendmail -v root </dev/null



On 11/21/05, Marc Dufresne <Marc.Dufresne at parks.on.ca> wrote:
>
> I found this doc
> http://www.sng.ecs.soton.ac.uk/mailscanner/install/sendmail.shtml 
>
> Sendmail.cf <http://Sendmail.cf> incoming QueueDirectory is setup to
> /var/spool/mqueue.
> Are these the right permissions?
>
> Here is the output from ls -l /var/spool
>
> drwxr-xr-x 4 root daemon 512 Oct 18 09:31 MailScanner
> drwxrwx--- 2 smmsp smmsp 52736 Nov 21 11:40 clientmqueue
> drwxr-x--- 2 root wheel 512 Nov 21 11:40 mqueue
> drwxr-x--- 2 root wheel 512 Oct 24 15:16 mqueue.in
<http://mqueue.in>
>
> MailScanner.conf is setup as
>
> Incoming Queue Dir = /var/spool/mqueue
> Outgoing Queue Dir = /var/spool/mqueue
>
> # Set where to unpack incoming messages before scanning them
> Incoming Work Dir = /var/spool/MailScanner/incoming
>
> Here is output ls -l /var/spool/MailScanner
> drwxr-xr-x 12 root daemon 512 Nov 21 11:16 incoming
>
> # Set where to store infected and message attachments
> Quarantine Dir = /var/spool/MailScanner/quarantine
>
> Here is output ls -l /var/spool/MailScanner
> drwxr-xr-x 2 root daemon 512 Oct 18 09:31 quarantine
>
>
>
> Marc Dufresne, Corporate IT Officer
> St. Lawrence Parks Commission
> 13740 County Road 2
> Morrisburg, ON K0C 1X0
>
> E-mail: Marc.Dufresne at parks.on.ca 
> Voice: 613-543-3704 Ext#2455
> Fax: 613-543-2847
> Corporate website: www.parks.on.ca <http://www.parks.on.ca>
>
> >>> brent.bolin at GMAIL.COM 11/21/2005 11:26 AM >>>
> Don't care about private discussions. The list exiled me when I
called
> someone a "Dipswitch".
>
> Pretty harsh words ya think ?
>
> Do you show this?
>
> # ps auxwww|grep sendmail
> root 36220 0.0 0.3 3500 2640 ?? Ss 9:59AM 0:00.03 sendmail:
accepting
> connections (sendmail)
> root 36223 0.0 0.3 3500 2624 ?? Is 9:59AM 0:00.00 sendmail: Queue
> runner at 00:15:00
> for /var/spool/mqueue (sendmail)
> smmsp 36227 0.0 0.2 3368 2520 ?? Is 9:59AM 0:00.00 sendmail: Queue
> runner at 00:15:00
> for /var/spool/clientmqueue (sendmail)
> root 36419 0.0 0.1 1448 848 p0 S+ 10:16AM 0:00.00 grep sendmail
>
> Sounds to me like your sendmail submit isn't running.
>
> Also attaching a valid submit.cf <http://submit.cf>
<http://submit.cf>
> file
>
> Make sure your using both the sendmail.cf <http://sendmail.cf> <
> http://sendmail.cf> and
> submit
> files I'm sending you.
>
>
> On 11/21/05, Marc Dufresne <Marc.Dufresne at parks.on.ca> wrote:
> >
> > My apologies for the private discussions. Didn't realize I posted
to
> the
> > forum.
> >
> > Sendmail is running on port 25. Sendmail is acting as a Relay for
my
> > domain. I have no problem sending/receiving internet e-mail. The
two
> > problems I am having are:
> >
> > 1- MailScanner doesn't seem to be scanning inbound mail.
> >
> > 2- local mail sent to root and postmaster is not being delivered.
> The
> > /var/spool/clientmqueue is backing up with e-mails sent to root
and
> > postmaster.
> >
> > Here's what /var/spool/maillog is saying
> >
> > mail sm-msp-queue[1655]: i24AKJeL005105: to=postmaster,
> > delay=10:33:28,
> > xdelay=00:00:00, mailer=relay, pri=1023910,
> relay=[127.0.0.1 <http://127.0.0.1><http://127.0.0.1>
> > ],
> > dsn=4.0.0, stat=Deferred: Connection refused by
> [127.0.0.1 <http://127.0.0.1><http://127.0.0.1>
> > ]
> >
> > I issued the command sendmail -v root </dev/null. This is the
error
> I'm
> > receiving.
> >
> > root....connecting to [127.0.0.1 <http://127.0.0.1>
<http://127.0.0.1>]
> via relay
> > root....Deferred: Connection refused by [127.0.0.1
<http://127.0.0.1>
> <http://127.0.0.1>]
> >
> > I have modified my /etc/mail/access to reflect
> >
> > 127.0.0.1 <http://127.0.0.1> <http://127.0.0.1> RELAY
> > localhost.localdomain RELAY
> > localhost RELAY
> >
> > Issued a makemap hash /etc/mail/access.db < /etc/mail/access.
> Restarted
> > sendmail and still receive the Connection Refused error.
> >
> > Any ideas?
> >
> > I want to fix problem 2 first, eliminating the connection refused
> > errors. Then I want to move onto the MailScanner problem.
> >
> >
> > Marc Dufresne, Corporate IT Officer
> > St. Lawrence Parks Commission
> > 13740 County Road 2
> > Morrisburg, ON K0C 1X0
> >
> > E-mail: Marc.Dufresne at parks.on.ca 
> > Voice: 613-543-3704 Ext#2455
> > Fax: 613-543-2847
> > Corporate website: www.parks.on.ca <http://www.parks.on.ca> <
> http://www.parks.on.ca>
> >
> > >>> ugob at CAMO-ROUTE.COM 11/21/2005 9:17 AM >>>
> > Marc Dufresne wrote:
> > > Couldn't download any of your sample files. None of the links to
> > your
> > > files work.
> >
> > Looking a the links, I'm not surprised.
> >
> > The way you are quoting is making it very hard to follow. Please
> avoid
> >
> > having private discussions while using a public mailing list and
> don't
> >
> > top-post.
> >
> > >
> > > From the command line, if I issue sendmail -v root </dev/null
> > > I receive this error,
> > >
> > > root....connecting to [127.0.0.1 <http://127.0.0.1>
<http://127.0.0.1>]
> via relay
> > > root....Deferred: Connection refused by [127.0.0.1
<http://127.0.0.1>
> <http://127.0.0.1>]
> >
> > Is sendmail running?
> >
> > On what port/IP is it running on?
> >
> > >
> > > What files do I need to modify under /etc/mail?
> > >
> >
> > Are you familiar with Sendmail or other MTAs?
> >
> > Regards,
> >
> > Ugo
> >
> > >
> > > Marc Dufresne, Corporate IT Officer
> > > St. Lawrence Parks Commission
> > > 13740 County Road 2
> > > Morrisburg, ON K0C 1X0
> > >
> > > E-mail: Marc.Dufresne at parks.on.ca 
> > > Voice: 613-543-3704 Ext#2455
> > > Fax: 613-543-2847
> > > Corporate website: www.parks.on.ca <http://www.parks.on.ca> <
> http://www.parks.on.ca>
> > >
> > >>>> BB <brent.bolin at gmail.com> 11/20/2005 9:38 PM >>>
> > > Marc,
> > >
> > > I have attached working sendmail.mc <http://sendmail.mc> <
> http://sendmail.mc> <
> > http://sendmail.mc> and
> > > sendmail.cf <http://sendmail.cf> <http://sendmail.cf><
> http://sendmail.cf>files along
> with
> > /etc/rc.conf
> > startup.
> > > There are a number of things in the
> > > rc.conf that you don't need just use the sendmail portion for
> > examples.
> > > BTW
> > > /etc/defaults/rc.conf show examples and are used if /etc/rc.conf
> > does
> > > not
> > > exist. /etc/rc.conf will override /etc/defaults/rc.conf.
> > >
> > > The first thing is to get a working copy of sendmail running.
Make
> > > your
> > > edits to /etc/rc.conf with the examples sent.
> > >
> > > Copy sendmail.cf <http://sendmail.cf> <http://sendmail.cf> <
> http://sendmail.cf>
> /etc/mail
> > >
> > > Verify no sendmail processes are running and if they are kill
the
> > pid
> > > of
> > > them. Verify again they are gone.
> > >
> > > Run "sh /etc/rc.sendmail start" . No quotes. This should start
> > > sendmail.
> > > Send your self a test message from the MTA level -
> > >
> > > sendmail -v root </dev/null Enter(the enter key)
> > >
> > > This should send a test mesage to root with no subject and
> > undisclosed
> > > recipients. Thats fine all we want to know is if sendmail is
> > running.
> > > Its
> > > also a good test to check the header files.
> > >
> > > If its working thats great, move on to MailScanner. I've
included
> a
> > > working
> > > copy of a mailscanner.conf file. There are some things
configured
> > that
> > > you
> > > might not be using, but all the directores are in place and are
> set
> > to
> > > defaults.
> > >
> > > Virus scanners set to none if not using (I'm using three)
> > > Spamassassin set to no if not using (I'm using 3.1.0_3)
> > > Uncomment the whitlist and blacklist file rules, I'm using
> > > SQLblacklist/whitelists
> > >
> > > I've included another file called directories.needed. Just run,
it
> > > will
> > > create them if they don't exist
> > >
> > > This should be enough to get you going. Remember you need to get
> > > sendmail
> > > running first. I didn't or never have used the Makefile included
> > with
> > > the
> > > distribution. I use the m4 macro on the configuration file *.mc
or
> > just
> > > use
> > > webmin. Its in the ports or can be downloaded from
> > > webmin.com <http://webmin.com>
<http://webmin.com><http://webmin.com>
> > > .
> > >
> > > It does not make sense to me why sendmail is running if it is
> marked
> > > to
> > > "NONE". If that dosen't do it mark the first instance with NONE
> and
> > all
> > > the
> > > others with NO
> > >
> > > BTW: There is also a nice webmin modual for MailScanner. Once
> setup
> > > things
> > > don't change much other then whitelists/blacklists. The latest
> > version
> > > of
> > > mailwatch can do this hence
> > >
> > > Is Definitely Not Spam = &SQLWhitelist
> > > Is Definitely Spam = &SQLBlacklist
> > >
> > >
> > > Hang on for the ride...
> > >
> > >
> > >
> > > On 11/20/05, Marc Dufresne <Marc.Dufresne at parks.on.ca > wrote:
> > >> I am going to explain my understanding of the MailScanner
setup.
> > > Please
> > >> reveiw and let me know if I'm understanding this correctly?
> > >>
> > >> When MailScanner.conf is configured, the following parameters
> > should
> > > be
> > >> set if I'm using sendmail on FreeBSD 5.4:
> > >>
> > >> #MTA used for the Gateway
> > >> MTA=sendmail
> > >>
> > >> #Set how to invoke MTA when sending messages MailScanner has
> > created
> > >> (e.g. to sender/recipient saying "found a virus in your
> message").
> > > This
> > >> can also be the filename of a ruleset.
> > >> sendmail=/usr/sbin/sendmail
> > >>
> > >> #Incoming mail queue directory for Sendmail
> > >> Incoming Queue Directory=/var/spool/mqueue
> > >>
> > >> #Outgoing mail queue directory for Sendmail
> > >> Outgoing Queue Directory=/var/spool/mqueue
> > >>
> > >> #Incoming Queue Directory for MailScanner
> > >> /var/spool/MailScanner/incoming
> > >>
> > >> #Quarantine Directory for MailScanner
> > >> /var/spool/MailScanner/quaratine
> > >>
> > >> System Startup should be as follows:
> > >>
> > >> 1) #Disable sendmail from loading at system startup
> > >> modify /etc/rc.conf to disable sendmail load
> > >>
> > >>
> > >
> >
> >
>
>
http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/mail-changingmta.html

>
> >
> > >
> > >>
> > >> Section 23.4.2.3 <http://23.4.2.3> <http://23.4.2.3>
<http://23.4.2.3>
> FreeBSD
> 5.0-STABLEand Later
> > >>
> > >> /etc/rc.conf
> > >>
> > >> sendmail_enable="NO"
> > >> sendmail_submit_enable="NO"
> > >> sendmail_outbound_enable="NO"
> > >> sendmail_msp_queue_enable="NO"
> > >>
> > >> 2) #Load MailScanner at system startup.
> > >> #Make sure mailscanner.sh file is located under
> /usr/local/etc/rc.d
> > >> in order to load MailScannner process at startup.
Mailscanner.sh
> > > should
> > >> invoke sendmail and mailscanner process to start
> > scanning/delivering
> > >> mail.
> > >>
> > >> /usr/local/etc/rc.d/mailscanner.sh
> > >> _________________________________
> > >>
> > >> First Problem
> > >>
> > >> I cannot disable sendmail on bootup on FreeBSD 5.4!!!! I tried
> > >> everything. Sendmail still loads at startup???????
> > >>
> > >> Second Problem
> > >>
> > >> Once system is completly loaded and sitting at the login
prompt,
> I
> > >> receive an error
> > >> NOQUEUE:SYSERROR(root):opendaemon socket:daeomon IPv4:cannot
bind
> > >> address already in use
> > >>
> > >> I login, and run ps -ax (This is what I see)
> > >>
> > >> 375 ?? Ss 0:00.07 sendmail: accepting connections (sendmail)
> > >> 379 ?? Is 0:00.00 sendmail: Queue runner at 00:30:00 for
> > >> /var/spool/client
> > >>
> > >> 426 ?? Is 0:00.01 sendmail: Queue runner at 00:15:00 for
> > >> /var/spool/mqueue
> > >> 430 ?? Is 0:00.01 sendmail: Queue runner at 00:15:00 for
> > >> /var/spool/client
> > >>
> > >> 613 ?? Ss 0:00.02 /usr/bin/perl -I/usr/local/lib/MailScanner
> > >> /usr/local 614 ?? S 0:02.33 /usr/bin/perl
> > >> -I/usr/local/lib/MailScanner /usr/local
> > >> 627 ?? S 0:02.19 /usr/bin/perl -I/usr/local/lib/MailScanner
> > >> /usr/local
> > >> 630 ?? S 0:02.15 /usr/bin/perl -I/usr/local/lib/MailScanner
> > >> /usr/local
> > >> 635 ?? S 0:02.17 /usr/bin/perl -I/usr/local/lib/MailScanner
> > >> /usr/local
> > >> 636 ?? S 0:00.11 /usr/bin/perl -I/usr/local/lib/MailScanner
> > >> /usr/local
> > >>
> > >> Third Problem
> > >>
> > >> I run tail -f /var/log/maillog
> > >>
> > >> I will send test e-mails from the outside and watch sendmail
> > receive
> > >> and process incoming mail. Everyone receives e-mails from the
> > > outside,
> > >> but mailscanner does not scan any messages.
> > >>
> > >> I will issue a mailq to view /var/spool/mqueue directory.
> Directory
> > > is
> > >> always empty.
> > >>
> > >> I'm completely stumped here as to why Sendmail refuses to
disable
> > at
> > >> startup and MailScanner refuses to scan e-mail messages!!!!!
> > >>
> > >> Any ideas????
> > >>
> > >>
> > >> Marc Dufresne, Corporate IT Officer
> > >> St. Lawrence Parks Commission
> > >> 13740 County Road 2
> > >> Morrisburg, ON K0C 1X0
> > >>
> > >> E-mail: Marc.Dufresne at parks.on.ca 
> > >> Voice: 613-543-3704 Ext#2455
> > >> Fax: 613-543-2847
> > >> Corporate website: www.parks.on.ca <http://www.parks.on.ca> <
> http://www.parks.on.ca> <
> > http://www.parks.on.ca>
> > >>
> > >>>>> BB <brent.bolin at gmail.com> 11/19/2005 12:38 AM >>>
> > >> Don't know if they ever got the list fixed for my replies, so
I'm
> > > doing
> > >> it
> > >> direct and through the list.
> > >>
> > >> Change /etc/rc.conf or /etc/defaults/rc.conf
> > >> sendmail_enable=NONE
> > >>
> > >> Verify mailscanner is starting up with
> > > /usr/local/etc/rc.d/mailscanner
> > >> .sh
> > >>
> > >> Think you need to manually create some of the directores.
Verify
> > >> MailScanner.conf for directories.
> > >>
> > >> tail -f /var/log/maillog will show you the details
> > >>
> > >> The only reason to rebuild sendmail.cf <http://sendmail.cf> <
> http://sendmail.cf> <
> > http://sendmail.cf>
> > > <http://sendmail.cf/ 
> > >>> is to
> > >> remove
> > >> IPv6 stuff. I would use m4 macro for that. Webmin would be a
good
> > >> choice to
> > >> use.
> > >>
> > >> # SMTP daemon options
> > >>
> > >> O DaemonPortOptions=Name=IPv4, Family=inet
> > >> O DaemonPortOptions=Name=IPv6, Family=inet6, Modifiers=O
> > >> O DaemonPortOptions=Port=587, Name=MSA, M=E
> > >>
> > >>
> > >> --
> > >> ACK and you shall receive
> > >>
> > >>
> > >>
> > >
> > >
> > > --
> > > ACK and you shall receive
> > >
> > > ------------------------ MailScanner list
------------------------
> > > To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
> > > 'leave mailscanner' in the body of the email.
> > > Before posting, read the Wiki (http://wiki.mailscanner.info/)
and
> > > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> > >
> > > Support MailScanner development - buy the book off the website!
> > >
> > >
> > >
> >
>
------------------------------------------------------------------------
> > >
> > > BEGIN:VCARD
> > > VERSION:2.1
> > > X-GWTYPE:USER
> > > FN:Marc Dufresne
> > > TEL;WORK:613-543-3704
> > > ORG:;Information Technology
> > > TEL;PREF;FAX:613-543-2847
> > > EMAIL;WORK;PREF;NGW:Marc.Dufresne at parks.on.ca 
> > > N:Dufresne;Marc
> > > TITLE:Corporate IT Officer
> > > END:VCARD
> > >
> >
> >
> > --
> > Ugo
> >
> > -> Please don't send a copy of your reply by e-mail. I read the
> list.
> > -> Please avoid top-posting, long signatures and HTML, and cut the
> > irrelevant parts in your replies.
> >
> > ------------------------ MailScanner list ------------------------
> > To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
> > 'leave mailscanner' in the body of the email.
> > Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> >
> > Support MailScanner development - buy the book off the website!
> >
> > ------------------------ MailScanner list ------------------------
> > To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
> > 'leave mailscanner' in the body of the email.
> > Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> >
> > Support MailScanner development - buy the book off the website!
> >
> >
> >
>
>
> --
> ACK and you shall receive
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website!
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website!
>
>
>


--
ACK and you shall receive

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

    [ Part 2, Text/PLAIN (Name: "Marc Dufresne.vcf")  20 lines. ]
    [ Unable to print this part. ]

More information about the MailScanner mailing list