MailScanner + Sendmail = stuck mail?

Denis Beauchemin Denis.Beauchemin at USherbrooke.ca
Thu Apr 10 18:38:07 IST 2008 

Rich West a écrit :
> Mike Kercher wrote:
>   
>>  
>>
>> -----Original Message-----
>> From: mailscanner-bounces at lists.mailscanner.info
>> [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Rich
>> West
>> Sent: Thursday, April 10, 2008 10:18 AM
>> To: MailScanner discussion
>> Subject: Re: MailScanner + Sendmail = stuck mail?
>>
>> Julian Field wrote:
>>   
>>     
>>> Rich West wrote:
>>>     
>>>       
>>>> Mike Kercher wrote:
>>>>  
>>>>       
>>>>         
>>>>>  
>>>>>
>>>>> -----Original Message-----
>>>>> From: mailscanner-bounces at lists.mailscanner.info
>>>>> [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of 
>>>>> Rich West
>>>>> Sent: Wednesday, April 09, 2008 12:44 PM
>>>>> To: mailscanner at lists.mailscanner.info
>>>>> Subject: MailScanner + Sendmail = "user unknown"
>>>>>
>>>>> I've inherited a MailScanner setup that is pretty questionable (from
>>>>>         
>>>>>           
>>   
>>     
>>>>> a security standpoint), and I'm rebuilding the box from scratch.  
>>>>> I've gotten everything installed (CentOS, clamav, SA, MailScanner, 
>>>>> Sendmail) to have the system act as a relay to an exchange backend.
>>>>>
>>>>> Oddly, it does not seem to be picking up the messages that are being
>>>>>         
>>>>>           
>>   
>>     
>>>>> left in /var/spool/mqueue.in.  I see the messages being deposited 
>>>>> there, but they don't seem to be acted upon.  Is there, perhaps, 
>>>>> setting that I might have missed/glossed over that is obvious?
>>>>>     
>>>>>         
>>>>>           
>>> Don't need to touch your sendmail config at all when installing 
>>> MailScanner.
>>>     
>>>       
>> Ahh.. ok.. that's what I was looking for.
>>
>> Reverting the sendmail configuration back to a null client, it happily
>> sends email back to the exchange server farm.  From there, if I stop
>> sendmail and start up MailScanner (with it starting up sendmail), email
>> passes right through to the exchange server as if MailScanner never
>> touched it.
>>
>> Watching the MailScanner --debug output, all I see is:
>> /usr/sbin/MailScanner --debug
>> In Debugging mode, not forking...
>> Trying to setlogsock(unix)
>> SpamAssassin temp dir =
>> /var/spool/MailScanner/incoming/SpamAssassin-Temp
>> Building a message batch to scan...
>>
>> And /var/log/maillog shows:
>> root     24494     1  0 09:53 ?        00:00:00 sendmail: accepting
>> connections
>> smmsp    24500     1  0 09:53 ?        00:00:00 sendmail: Queue
>> runner at 00:15:00 for /var/spool/clientmqueue
>> root     24507     1  0 09:53 ?        00:00:00 sendmail: Queue
>> runner at 00:15:00 for /var/spool/mqueue
>> smmsp    25062 25058  0 11:01 ?        00:00:00 /usr/sbin/sendmail
>> -FCronDaemon -i -odi -oem -oi -t
>>
>> Interesting since my inbound queue is set to /var/spool/mqueue.in and
>> outbound queue is set to /var/spool/mqueue...
>>
>> -Rich
>> --
>>
>> This is the output of ps, not the maillog.  We need to see the maillog
>> to see what may or may not be happening.
>>
>> Mike
>>   
>>     
>
> Ooops.. it's here:
> pr 10 11:26:30 mail-gw-new MailScanner[25608]: MailScanner E-Mail Virus
> Scanner version 4.68.8 starting...
> Apr 10 11:26:30 mail-gw-new MailScanner[25608]: Read 817 hostnames from
> the phishing whitelist
> Apr 10 11:26:31 mail-gw-new MailScanner[25608]: Read 6241 hostnames from
> the phishing blacklist
> Apr 10 11:26:31 mail-gw-new MailScanner[25608]: Config: calling custom
> init function SQLBlacklist
> Apr 10 11:26:31 mail-gw-new MailScanner[25608]: Starting up SQL Blacklist
> Apr 10 11:26:31 mail-gw-new MailScanner[25608]: Read 0 blacklist entries
> Apr 10 11:26:31 mail-gw-new MailScanner[25608]: Config: calling custom
> init function MailWatchLogging
> Apr 10 11:26:31 mail-gw-new MailScanner[25608]: Config: calling custom
> init function SQLWhitelist
> Apr 10 11:26:31 mail-gw-new MailScanner[25608]: Starting up SQL Whitelist
> Apr 10 11:26:31 mail-gw-new MailScanner[25608]: Read 0 whitelist entries
> Apr 10 11:26:31 mail-gw-new MailScanner[25608]: SpamAssassin temporary
> working directory is /var/spool/MailScanner/incoming/SpamAssassin-Temp
> Apr 10 11:26:32 mail-gw-new MailScanner[25600]: Using locktype = posix
> Apr 10 11:26:33 mail-gw-new MailScanner[25608]: Using SpamAssassin
> results cache
> Apr 10 11:26:33 mail-gw-new MailScanner[25608]: Connected to
> SpamAssassin cache database
> Apr 10 11:26:33 mail-gw-new MailScanner[25608]: Enabling SpamAssassin
> auto-whitelist functionality...
> Apr 10 11:26:35 mail-gw-new MailScanner[25611]: MailScanner E-Mail Virus
> Scanner version 4.68.8 starting...
> Apr 10 11:26:35 mail-gw-new MailScanner[25611]: Read 817 hostnames from
> the phishing whitelist
> Apr 10 11:26:36 mail-gw-new MailScanner[25611]: Read 6241 hostnames from
> the phishing blacklist
> Apr 10 11:26:36 mail-gw-new MailScanner[25611]: Config: calling custom
> init function SQLBlacklist
> Apr 10 11:26:36 mail-gw-new MailScanner[25611]: Starting up SQL Blacklist
> Apr 10 11:26:36 mail-gw-new MailScanner[25611]: Read 0 blacklist entries
> Apr 10 11:26:36 mail-gw-new MailScanner[25611]: Config: calling custom
> init function MailWatchLogging
> Apr 10 11:26:36 mail-gw-new MailScanner[25611]: Config: calling custom
> init function SQLWhitelist
> Apr 10 11:26:36 mail-gw-new MailScanner[25611]: Starting up SQL Whitelist
> Apr 10 11:26:36 mail-gw-new MailScanner[25611]: Read 0 whitelist entries
> Apr 10 11:26:36 mail-gw-new MailScanner[25611]: SpamAssassin temporary
> working directory is /var/spool/MailScanner/incoming/SpamAssassin-Temp
> Apr 10 11:26:37 mail-gw-new MailScanner[25608]: Using locktype = posix
> Apr 10 11:26:38 mail-gw-new MailScanner[25611]: Using SpamAssassin
> results cache
> Apr 10 11:26:38 mail-gw-new MailScanner[25611]: Connected to
> SpamAssassin cache database
> Apr 10 11:26:39 mail-gw-new MailScanner[25611]: Enabling SpamAssassin
> auto-whitelist functionality...
> Apr 10 11:26:43 mail-gw-new MailScanner[25611]: Using locktype = posix
> Apr 10 11:56:53 mail-gw-new sendmail[25677]: m3AFurMN025677: from=root,
> size=41, class=0, nrcpts=1,
> msgid=<200804101556.m3AFurMN025677 at mail-gw-new.mydomain.com>,
> relay=root at localhost
> Apr 10 11:56:53 mail-gw-new sendmail[25680]: m3AFurnW025680:
> from=<root at mail-gw-new.mydomain.com>, size=343, class=0, nrcpts=1,
> msgid=<200804101556.m3AFurMN025677 at mail-gw-new.mydomain.com>,
> proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
> Apr 10 11:56:54 mail-gw-new sendmail[25680]: m3AFurnW025680:
> to=<rwest at mydomain.com>, delay=00:00:01, xdelay=00:00:01, mailer=relay,
> pri=30343, relay=chadcex004.chahq.local. [192.168.8.34], dsn=2.0.0,
> stat=Sent ( <200804101556.m3AFurMN025677 at mail-gw-new.mydomain.com>
> Queued mail for delivery)
> Apr 10 11:56:54 mail-gw-new sendmail[25677]: m3AFurMN025677:
> to=rwest at mydomain.com, ctladdr=root (0/0), delay=00:00:01,
> xdelay=00:00:01, mailer=relay, pri=30041, relay=[127.0.0.1] [127.0.0.1],
> dsn=2.0.0, stat=Sent (m3AFurnW025680 Message accepted for delivery)
>
>
>
>   
Rich,

There's nothing in there that shows MS' involvement in the processing of 
that email.

Are you sure you stopped sendmail (service sendmail stop; ps -ef | grep 
sendmail) and then started it through MS (service MailScanner restart)?

Denis

-- 
   _
  °v°   Denis Beauchemin, analyste
 /(_)\  Université de Sherbrooke, S.T.I.
  ^ ^   T: 819.821.8000x62252 F: 819.821.8045

More information about the MailScanner mailing list