Emails not getting scanned

Tony Arcus tony at ai.net.nz
Wed Dec 21 23:29:16 GMT 2011 

>> On Mon, Dec 19, 2011 at 11:31 PM, Martin Hepworth <maxsec at gmail.com> wrote:
>>> FYI in centos 6 the default mta could be postfix if it's like red hat ! So
>>> you may need to disable postfix if u want to get this going..
>>
>> Good point
>>
>> Tony - if you telnet to the server on port 25, do you get the sendmail
>> or postfix banner?
>>
>>
>> Chris
>> --
>> MailScanner mailing list
>> mailscanner at lists.mailscanner.info
>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>
>> Before posting, read http://wiki.mailscanner.info/posting
>>
>> Support MailScanner development - buy the book off the website!
>>
>> --
>> This message has been scanned for viruses and
>> dangerous content by MailScanner, and is
>> believed to be clean.
>>
>
> Thanks Martin and Chris for that tip, I had already discovered that  
> and uninstalled postfix. No luck
>
> It got me thinking... what else could be delivering the mail from  
> /var/spool/mqueue.in? Other than sendmail?
>
Thanks to a lot of people with suggestions.

This is what I believe is happening.
Being Centos 6

Postfix was installed but not running.
Postfix has been uninstalled and the server restarted
Telnet in and you get:
> Trying 202.xxx.xxx.124...
> Connected to mail.xxxxx.co.nz (202.xxx.xxx.124).
> Escape character is '^]'.
> 220 mail.xxxxxx.co.nz ESMTP Sendmail 8.14.4/8.14.4; Thu, 22 Dec 2011  
> > 11:20:06 +1300

looking at chkconfig, this appears clean and unless some one wants  
something specific from it I wont report my findings.

SO

It would appear that emails come in on the sendmail MTA
They get put in the /var/spool/mqueue.in directory
THEN sendmail straight away picks them back up and delivers them  
before. MailScanner can ever get a change to process them.

My reason for thinking this:

I sent a number of emails from a different server.
Here is sendmail getting the email as we would expect, and as emails  
are also received on other sendmail/MailScanner servers that are  
operating correctly.

root     16583  0.0  0.3  10848  3952 ?        D    11:34   0:00  
sendmail: pBLMYFqF016583 ip-202-174-161-37.wizbiz.net.nz
[202.174.161.37]: DATA


INSTANTLY though I also see this
root     16585  0.0  0.3  10668  3200 ?        S    11:34   0:00  
sendmail: ./pBLMYFqD016583 from queue

sendmail picks the email back up and delivers it, MailScanner never  
get a change to poll the this message.

How do I stop sendmail from doing this?

PS
When I look at ps aux|grep send on a server operating okay I get
root     31837  0.0  0.0  67468  1520 ?        Ss   Dec20   0:00  
sendmail: accepting connections                                $
smmsp    31841  0.0  0.0  57724   904 ?        Ss   Dec20   0:00  
sendmail: Queue runner at 00:15:00 for
/var/spool/clientmqueue
root     31845  0.0  0.0  57852   896 ?        Ss   Dec20   0:00  
sendmail: Queue runner at 00:15:00 for /var/spool/mqueue

And on the bad server I get the same thing:
root     17410  0.0  0.1  10768  1824 ?        Ss   11:48   0:00  
sendmail: accepting connections                                $
smmsp    17414  0.0  0.1   9784  1528 ?        Ss   11:48   0:00  
sendmail: Queue runner at 00:15:00 for
/var/spool/clientmqueue
root     17418  0.0  0.1   9788  1616 ?        Ss   11:48   0:00  
sendmail: Queue runner at 00:15:00 for /var/spool/mqueue


thanks again



----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

More information about the MailScanner mailing list