Emails not getting scanned

Tony Arcus tony at ai.net.nz
Mon Dec 19 22:05:15 GMT 2011


Thanks for the obvious heads up.

MTA

This is my first centos 6 server, been doing centos 5 for years.

Sendmail is:
service sendmail stop
chkconfig sendmail off

Mailscanner is on

When I do a
/etc/init.d/MailScanner status
Checking MailScanner daemons:
          MailScanner:                                      [  OK  ]
          incoming sendmail:                                [  OK  ]
          outgoing sendmail:                                [  OK  ]

All looks good and as I would expect,
but when I do a
/etc/init.d/sendmail status
sendmail is stopped
sm-client (pid  19322) is running...

Generally on Centos 5 I would get
/etc/init.d/sendmail status
sendmail (pid 4662 4656 4650) is running...

Still nothing here that causes me to think things are wrong.
What I can confirm is that emails are entering the queue  
/var/spool/mqueue.in/, but immediately get processed (by something)  
directly to the user. MailScanner never gets to process them.

If I stop mailscanner the server no longer receives emails, I can not  
telnet in.
Start mailscanner and I can.
So I guess the sendmail subsystem, though only being called by the  
starting of Mailscanner is processing the emails and not handing them  
on to mailscanner.

Therefore question:
What do I need to check/change so sendmail does not sent the queued  
messages in mqueue.in directly to the users.



-- 
Tony Arcus
Systems and Network Engineer
Access Information Limited
PO Box 122
Carterton
Wairarapa

Phone : 06-379-6668
Phone : 04-831-1401
Email : tony at ai.net.nz
Cell  : 021-827-660

This email and any accompanying documentation may contain privileged and
confidential information.  If you are not the intended recipient, your use
of the information is strictly prohibited.


Quoting Martin Hepworth <maxsec at gmail.com>:

> Yeah I'd check the mta is setup correctly to hold the email in the first q
> and delivery from the second .
>
> Is this a new install or an existing one that suddenly stopped working?
>
> Martin
>
> On Monday, 19 December 2011, Tony Arcus <tony at ai.net.nz> wrote:
>> All emails are coming in to the server okay.
>> But very few seem to be scanned by MailScanner or logged in to Mailwatch
>>
>> MailScanner -v looks fine expect for
>> missing Mail::ClamAV
>>
>> but I have manually installed ClamAV and it seems fine.
>>
>> MailScanner --lint
>> Trying to setlogsock(unix)
>>
>> Reading configuration file /etc/MailScanner/MailScanner.conf
>> Reading configuration file /etc/MailScanner/conf.d/README
>> Read 869 hostnames from the phishing whitelist
>> Read 3760 hostnames from the phishing blacklists
>> Config: calling custom init function SQLBlacklist
>> Starting up SQL Blacklist
>> Read 0 blacklist entries
>> Config: calling custom init function MailWatchLogging
>> Started SQL Logging child
>> Config: calling custom init function SQLWhitelist
>> Starting up SQL Whitelist
>> Read 11 whitelist entries
>>
>> Checking version numbers...
>> Version number in MailScanner.conf (4.84.3) is correct.
>>
>> Your envelope_sender_header in spam.assassin.prefs.conf is correct.
>>
>> Checking for SpamAssassin errors (if you use it)...
>> Using SpamAssassin results cache
>> Connected to SpamAssassin cache database
>> SpamAssassin reported no errors.
>> Connected to Processing Attempts Database
>> Created Processing Attempts Database successfully
>> There are 0 messages in the Processing Attempts Database
>> Using locktype = posix
>> MailScanner.conf says "Virus Scanners = clamav"
>> Found these virus scanners installed: clamav
>>
> ===========================================================================
>> Filename Checks: Windows/DOS Executable (1 eicar.com)
>> Other Checks: Found 1 problems
>> Virus and Content Scanning: Starting
>> 1.message: Eicar-Test-Signature-1 FOUND
>>
>> ./1/eicar.com: Eicar-Test-Signature FOUND
>>
>> Virus Scanning: ClamAV found 2 infections
>> Infected message 1 came from 10.1.1.1
>> Virus Scanning: Found 2 viruses
>>
> ===========================================================================
>> Virus Scanner test reports:
>> ClamAV said "eicar.com contains Eicar-Test-Signature"
>>
>> If any of your virus scanners (clamav)
>> are not listed there, you should check that they are installed correctly
>> and that MailScanner is finding them correctly via its
> virus.scanners.conf.
>> Config: calling custom end function SQLBlacklist
>> Closing down by-domain spam blacklist
>> Config: calling custom end function MailWatchLogging
>> Config: calling custom end function SQLWhitelist
>> Closing down by-domain spam whitelist
>>
>>
>> The server is Centos 6.0
>>
>> Any ideas of what else I should check to see why incoming messages are
> being delivered just not scanned.
>>
>> Tony Arcus
>> Systems and Network Engineer
>> Access Information Limited
>> PO Box 122
>> Carterton
>> Wairarapa
>>
>> Phone : 06-379-6668
>> Phone : 04-831-1401
>> Email : tony at ai.net.nz
>> Cell  : 021-827-660
>>
>> This email and any accompanying documentation may contain privileged and
>> confidential information.  If you are not the intended recipient, your use
>> of the information is strictly prohibited.
>>
>>
>>
>>
>>
>> ----------------------------------------------------------------
>> This message was sent using IMP, the Internet Messaging Program.
>>
>>
>> --
>> This message has been scanned for viruses and
>> dangerous content by MailScanner, and is
>> believed to be clean.
>>
>> --
>> MailScanner mailing list
>> mailscanner at lists.mailscanner.info
>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>
>> Before posting, read http://wiki.mailscanner.info/posting
>>
>> Support MailScanner development - buy the book off the website!
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>
>



----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.



More information about the MailScanner mailing list