Messages not getting scanned

Mike Patchen mike.patchen at GMAIL.COM
Thu Oct 13 13:49:10 IST 2005


    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

On 10/12/05, Stijn Jonker <SJCJonker at sjc.nl> wrote:
> Mike,
>
> First off all please leave the list in, I'm not all knowing...
>
> On 12-Oct-2005 23:20, Mike Patchen wrote:
> > On 10/12/05, Stijn Jonker <SJCJonker at sjc.nl> wrote:
> >> Hello Mike & The list,
> >
> >> I'm not a 100% sure, if mail is still bypassing MailScanner it looks
> >> like something else is handling the email. To rule out other mailers,
> >> could you run:
> >> "lsof -i4tcp:25 -n -P"
> >>
> >> And provide the output? Next to this could you also provide the output of:
> >> "ps -eaf | grep -i -e sendmail \
> >>         -e mailscanner \
> >>         -e qmail \
> >>         -e exim \
> >>         -e master \
> >>         -e qmgr"
> >>
> >> Stijn
> >> --
> >> Met Vriendelijke groet/Yours Sincerely
> >> Stijn Jonker <SJCJonker at sjc.nl>
> >>
> >
> > Output of lsof:
> > [root at mail 20051012]# lsof -i4tcp:25 -n -P
> > COMMAND    PID USER   FD   TYPE    DEVICE SIZE NODE NAME
> > sendmail  7934 root    4u  IPv4 719480370       TCP *:25 (LISTEN)
> <<SNIP>>
> >
> > And the ps command:
> > [root at mail 20051012]# ps -eaf | grep -i -e sendmail -e mailscanner -e
> > qmail -e exim -e master -e qmgr
> <<OUTPUT REMOVED, Looked normal>>
>
> How do you determine it's bypassing mailscanner, are you 100% sure it's
> not bypassing it through a secondary mailserver, firewall hole or
> something else?
>
> Stijn
>
>
>
> --
> Met Vriendelijke groet/Yours Sincerely
> Stijn Jonker <SJCJonker at sjc.nl>
>

Stijn, and all,

Firstly, I apologize for not watching my reply address closer.  You
would think gmail would be smart enough to figure out how to respond
to a mailing list.

On to the question at hand.  I have determined the bypass by watching
the logs (looking for a needle in a haystack).  I will see the message
picked up by the sendmail deamon, dropped into the queue directory,
then delivered to the destination all within a second or two.  When I
watch scanned messages on the same server, there is a delay of at
least 5 seconds between the receipt of the message and delivery
(usually a little longer, but 5 seconds was the least I have noticed).

As far as some secondary mailserver, the only mta installed on this
machine is sendmail.  Not sure how a firewall hole would allow some
messages to be scanned, but not others.  And for anything else, that
is why I am asking.  What else can I look for?  What else might be
there that would be causing this?


Mike

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!



More information about the MailScanner mailing list