Sendmail hijacking Mailscanner

Glenn Steen glenn.steen at
Mon Jan 15 16:32:35 CET 2007

On 15/01/07, Matt Kettler <mkettler at> wrote:
> Gordon Colyn wrote:
> > ITNT Banner CampaignHi all,
> >
> > I have a problem where somehow sendmail gets started on my Linux server
> > running MailScanner and therefore spam mail gets through as it by-passes the
> > mailscanner process.  I have crawled through all the logs and have no idea
> > what starts the sendmail process and it is also completely random...very
> > frustrating.  Does anyone know of a script or a way that I can test to see
> > if sendmail is running then stop the process automatically?
> >
> > I am running Mandriva 2006, with sendmail 8.13.4.
> Well, actually, you NEED sendmail running with MailScanner.. Assuming you're
> using it as your MTA for MailScanner. In fact, you need two Sendmails running.
> However, the ones that should be running should be a queue-only and queue-runner.
> Realistically, you could write a script to find and kill sendmail, but you'd
> also have to make it not kill the ones that MS needs, which might be a bit tricky.
> That said, have you made sure the normal "sendmail" startup script is disabled
> in your runlevel? Mandriva might have a tool that runs around and checks the
> status of all your daemons and restarts them.
> ls /etc/rc3.d/ |grep sendmail
> ls /etc/rc5.d/ |grep sendmail
> Both should return files starting with K instead of S.
Basically the same/similar toolset that any RH-like system would have...
chkconfig --list sendmail
chkconfig sendmail off
service sendmail stop
... etc.

The only "service" that should be starting sendmail should be
MailScanner ('tis so on my Mdv -06 boxes).
I suppose they could've done something incredibly stupid in the msec
package ("security level checker/rectifyer"... As with any such, a
real PITA:-), but I doubt it. Would only be a factor if Gordon is
running at an "elevated" security level.

-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se

More information about the MailScanner mailing list