Sendmail hijacking Mailscanner
Andy Norris
andy at tireswing.net
Mon Jan 15 17:08:00 CET 2007
We have the same problem. Only we're running Ensim. We've
back-burnered this for too long, and we need to find out what's
starting all these rogue instances of sendmail, so I will be watching
this thread.
At 09:32 AM 2007-01-15, you wrote:
>On 15/01/07, Matt Kettler <mkettler at evi-inc.com> wrote:
>>Gordon Colyn wrote:
>> > ITNT Banner CampaignHi all,
>> >
>> > I have a problem where somehow sendmail gets started on my Linux server
>> > running MailScanner and therefore spam mail gets through as it
>> by-passes the
>> > mailscanner process. I have crawled through all the logs and have no idea
>> > what starts the sendmail process and it is also completely random...very
>> > frustrating. Does anyone know of a script or a way that I can test to see
>> > if sendmail is running then stop the process automatically?
>> >
>> > I am running Mandriva 2006, with sendmail 8.13.4.
>>
>>Well, actually, you NEED sendmail running with MailScanner.. Assuming you're
>>using it as your MTA for MailScanner. In fact, you need two
>>Sendmails running.
>>However, the ones that should be running should be a queue-only and
>>queue-runner.
>>
>>Realistically, you could write a script to find and kill sendmail, but you'd
>>also have to make it not kill the ones that MS needs, which might
>>be a bit tricky.
>>
>>That said, have you made sure the normal "sendmail" startup script
>>is disabled
>>in your runlevel? Mandriva might have a tool that runs around and checks the
>>status of all your daemons and restarts them.
>>
>>ls /etc/rc3.d/ |grep sendmail
>>ls /etc/rc5.d/ |grep sendmail
>>
>>Both should return files starting with K instead of S.
>>
>Basically the same/similar toolset that any RH-like system would have...
>chkconfig --list sendmail
>chkconfig sendmail off
>service sendmail stop
>... etc.
>
>The only "service" that should be starting sendmail should be
>MailScanner ('tis so on my Mdv -06 boxes).
>I suppose they could've done something incredibly stupid in the msec
>package ("security level checker/rectifyer"... As with any such, a
>real PITA:-), but I doubt it. Would only be a factor if Gordon is
>running at an "elevated" security level.
>
>Cheers
>--
>-- Glenn
>email: glenn < dot > steen < at > gmail < dot > com
>work: glenn < dot > steen < at > ap1 < dot > se
>--
>MailScanner mailing list
>mailscanner at lists.mailscanner.info
>http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
>Before posting, read http://wiki.mailscanner.info/posting
>
>Support MailScanner development - buy the book off the website!
More information about the MailScanner
mailing list