MailScanner + Sendmail = stuck mail?

Thu Apr 10 17:09:18 IST 2008

Mike Kercher wrote:
>  
>
> -----Original Message-----
> From: mailscanner-bounces at lists.mailscanner.info
> [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Rich
> West
> Sent: Thursday, April 10, 2008 10:18 AM
> To: MailScanner discussion
> Subject: Re: MailScanner + Sendmail = stuck mail?
>
> Julian Field wrote:
>   
>> Rich West wrote:
>>     
>>> Mike Kercher wrote:
>>>  
>>>       
>>>>  
>>>>
>>>> -----Original Message-----
>>>> From: mailscanner-bounces at lists.mailscanner.info
>>>> [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of 
>>>> Rich West
>>>> Sent: Wednesday, April 09, 2008 12:44 PM
>>>> To: mailscanner at lists.mailscanner.info
>>>> Subject: MailScanner + Sendmail = "user unknown"
>>>>
>>>> I've inherited a MailScanner setup that is pretty questionable (from
>>>>         
>
>   
>>>> a security standpoint), and I'm rebuilding the box from scratch.  
>>>> I've gotten everything installed (CentOS, clamav, SA, MailScanner, 
>>>> Sendmail) to have the system act as a relay to an exchange backend.
>>>>
>>>> Oddly, it does not seem to be picking up the messages that are being
>>>>         
>
>   
>>>> left in /var/spool/mqueue.in.  I see the messages being deposited 
>>>> there, but they don't seem to be acted upon.  Is there, perhaps, 
>>>> setting that I might have missed/glossed over that is obvious?
>>>>     
>>>>         
>> Don't need to touch your sendmail config at all when installing 
>> MailScanner.
>>     
>
>
> Ahh.. ok.. that's what I was looking for.
>
> Reverting the sendmail configuration back to a null client, it happily
> sends email back to the exchange server farm.  From there, if I stop
> sendmail and start up MailScanner (with it starting up sendmail), email
> passes right through to the exchange server as if MailScanner never
> touched it.
>
> Watching the MailScanner --debug output, all I see is:
> /usr/sbin/MailScanner --debug
> In Debugging mode, not forking...
> Trying to setlogsock(unix)
> SpamAssassin temp dir =
> /var/spool/MailScanner/incoming/SpamAssassin-Temp
> Building a message batch to scan...
>
> And /var/log/maillog shows:
> root     24494     1  0 09:53 ?        00:00:00 sendmail: accepting
> connections
> smmsp    24500     1  0 09:53 ?        00:00:00 sendmail: Queue
> runner at 00:15:00 for /var/spool/clientmqueue
> root     24507     1  0 09:53 ?        00:00:00 sendmail: Queue
> runner at 00:15:00 for /var/spool/mqueue
> smmsp    25062 25058  0 11:01 ?        00:00:00 /usr/sbin/sendmail
> -FCronDaemon -i -odi -oem -oi -t
>
> Interesting since my inbound queue is set to /var/spool/mqueue.in and
> outbound queue is set to /var/spool/mqueue...
>
> -Rich
> --
>
> This is the output of ps, not the maillog.  We need to see the maillog
> to see what may or may not be happening.
>
> Mike
>   

Ooops.. it's here:
pr 10 11:26:30 mail-gw-new MailScanner[25608]: MailScanner E-Mail Virus
Scanner version 4.68.8 starting...
Apr 10 11:26:30 mail-gw-new MailScanner[25608]: Read 817 hostnames from
the phishing whitelist
Apr 10 11:26:31 mail-gw-new MailScanner[25608]: Read 6241 hostnames from
the phishing blacklist
Apr 10 11:26:31 mail-gw-new MailScanner[25608]: Config: calling custom
init function SQLBlacklist
Apr 10 11:26:31 mail-gw-new MailScanner[25608]: Starting up SQL Blacklist
Apr 10 11:26:31 mail-gw-new MailScanner[25608]: Read 0 blacklist entries
Apr 10 11:26:31 mail-gw-new MailScanner[25608]: Config: calling custom
init function MailWatchLogging
Apr 10 11:26:31 mail-gw-new MailScanner[25608]: Config: calling custom
init function SQLWhitelist
Apr 10 11:26:31 mail-gw-new MailScanner[25608]: Starting up SQL Whitelist
Apr 10 11:26:31 mail-gw-new MailScanner[25608]: Read 0 whitelist entries
Apr 10 11:26:31 mail-gw-new MailScanner[25608]: SpamAssassin temporary
working directory is /var/spool/MailScanner/incoming/SpamAssassin-Temp
Apr 10 11:26:32 mail-gw-new MailScanner[25600]: Using locktype = posix
Apr 10 11:26:33 mail-gw-new MailScanner[25608]: Using SpamAssassin
results cache
Apr 10 11:26:33 mail-gw-new MailScanner[25608]: Connected to
SpamAssassin cache database
Apr 10 11:26:33 mail-gw-new MailScanner[25608]: Enabling SpamAssassin
auto-whitelist functionality...
Apr 10 11:26:35 mail-gw-new MailScanner[25611]: MailScanner E-Mail Virus
Scanner version 4.68.8 starting...
Apr 10 11:26:35 mail-gw-new MailScanner[25611]: Read 817 hostnames from
the phishing whitelist
Apr 10 11:26:36 mail-gw-new MailScanner[25611]: Read 6241 hostnames from
the phishing blacklist
Apr 10 11:26:36 mail-gw-new MailScanner[25611]: Config: calling custom
init function SQLBlacklist
Apr 10 11:26:36 mail-gw-new MailScanner[25611]: Starting up SQL Blacklist
Apr 10 11:26:36 mail-gw-new MailScanner[25611]: Read 0 blacklist entries
Apr 10 11:26:36 mail-gw-new MailScanner[25611]: Config: calling custom
init function MailWatchLogging
Apr 10 11:26:36 mail-gw-new MailScanner[25611]: Config: calling custom
init function SQLWhitelist
Apr 10 11:26:36 mail-gw-new MailScanner[25611]: Starting up SQL Whitelist
Apr 10 11:26:36 mail-gw-new MailScanner[25611]: Read 0 whitelist entries
Apr 10 11:26:36 mail-gw-new MailScanner[25611]: SpamAssassin temporary
working directory is /var/spool/MailScanner/incoming/SpamAssassin-Temp
Apr 10 11:26:37 mail-gw-new MailScanner[25608]: Using locktype = posix
Apr 10 11:26:38 mail-gw-new MailScanner[25611]: Using SpamAssassin
results cache
Apr 10 11:26:38 mail-gw-new MailScanner[25611]: Connected to
SpamAssassin cache database
Apr 10 11:26:39 mail-gw-new MailScanner[25611]: Enabling SpamAssassin
auto-whitelist functionality...
Apr 10 11:26:43 mail-gw-new MailScanner[25611]: Using locktype = posix
Apr 10 11:56:53 mail-gw-new sendmail[25677]: m3AFurMN025677: from=root,
size=41, class=0, nrcpts=1,
msgid=<200804101556.m3AFurMN025677 at mail-gw-new.mydomain.com>,
relay=root at localhost
Apr 10 11:56:53 mail-gw-new sendmail[25680]: m3AFurnW025680:
from=<root at mail-gw-new.mydomain.com>, size=343, class=0, nrcpts=1,
msgid=<200804101556.m3AFurMN025677 at mail-gw-new.mydomain.com>,
proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr 10 11:56:54 mail-gw-new sendmail[25680]: m3AFurnW025680:
to=<rwest at mydomain.com>, delay=00:00:01, xdelay=00:00:01, mailer=relay,
pri=30343, relay=chadcex004.chahq.local. [192.168.8.34], dsn=2.0.0,
stat=Sent ( <200804101556.m3AFurMN025677 at mail-gw-new.mydomain.com>
Queued mail for delivery)
Apr 10 11:56:54 mail-gw-new sendmail[25677]: m3AFurMN025677:
to=rwest at mydomain.com, ctladdr=root (0/0), delay=00:00:01,
xdelay=00:00:01, mailer=relay, pri=30041, relay=[127.0.0.1] [127.0.0.1],
dsn=2.0.0, stat=Sent (m3AFurnW025680 Message accepted for delivery)