Emails not getting scanned

Martin Hepworth maxsec at gmail.com
Thu Dec 22 08:18:19 GMT 2011


I'd look very carefully at the sendmail setup
(http://www.mailscanner.info/sendmail.html)

and make sure that mail doesnot flow with MS turned off.

-- 
Martin Hepworth
Oxford, UK


On 21 December 2011 23:29, Tony Arcus <tony at ai.net.nz> wrote:

> On Mon, Dec 19, 2011 at 11:31 PM, Martin Hepworth <maxsec at gmail.com>
>>> wrote:
>>>
>>>> FYI in centos 6 the default mta could be postfix if it's like red hat !
>>>> So
>>>> you may need to disable postfix if u want to get this going..
>>>>
>>>
>>> Good point
>>>
>>> Tony - if you telnet to the server on port 25, do you get the sendmail
>>> or postfix banner?
>>>
>>>
>>> Chris
>>> --
>>> MailScanner mailing list
>>> mailscanner at lists.mailscanner.**info<mailscanner at lists.mailscanner.info>
>>> http://lists.mailscanner.info/**mailman/listinfo/mailscanner<http://lists.mailscanner.info/mailman/listinfo/mailscanner>
>>>
>>> Before posting, read http://wiki.mailscanner.info/**posting<http://wiki.mailscanner.info/posting>
>>>
>>> Support MailScanner development - buy the book off the website!
>>>
>>> --
>>> This message has been scanned for viruses and
>>> dangerous content by MailScanner, and is
>>> believed to be clean.
>>>
>>>
>> Thanks Martin and Chris for that tip, I had already discovered that and
>> uninstalled postfix. No luck
>>
>> It got me thinking... what else could be delivering the mail from
>> /var/spool/mqueue.in? Other than sendmail?
>>
>>  Thanks to a lot of people with suggestions.
>
> This is what I believe is happening.
> Being Centos 6
>
> Postfix was installed but not running.
> Postfix has been uninstalled and the server restarted
> Telnet in and you get:
>
>> Trying 202.xxx.xxx.124...
>> Connected to mail.xxxxx.co.nz (202.xxx.xxx.124).
>> Escape character is '^]'.
>> 220 mail.xxxxxx.co.nz ESMTP Sendmail 8.14.4/8.14.4; Thu, 22 Dec 2011 >
>> 11:20:06 +1300
>>
>
> looking at chkconfig, this appears clean and unless some one wants
> something specific from it I wont report my findings.
>
> SO
>
> It would appear that emails come in on the sendmail MTA
> They get put in the /var/spool/mqueue.in directory
> THEN sendmail straight away picks them back up and delivers them before.
> MailScanner can ever get a change to process them.
>
> My reason for thinking this:
>
> I sent a number of emails from a different server.
> Here is sendmail getting the email as we would expect, and as emails are
> also received on other sendmail/MailScanner servers that are operating
> correctly.
>
> root     16583  0.0  0.3  10848  3952 ?        D    11:34   0:00 sendmail:
> pBLMYFqF016583 ip-202-174-161-37.wizbiz.net.**nz<http://ip-202-174-161-37.wizbiz.net.nz>
> [202.174.161.37]: DATA
>
>
> INSTANTLY though I also see this
> root     16585  0.0  0.3  10668  3200 ?        S    11:34   0:00 sendmail:
> ./pBLMYFqD016583 from queue
>
> sendmail picks the email back up and delivers it, MailScanner never get a
> change to poll the this message.
>
> How do I stop sendmail from doing this?
>
> PS
> When I look at ps aux|grep send on a server operating okay I get
> root     31837  0.0  0.0  67468  1520 ?        Ss   Dec20   0:00 sendmail:
> accepting connections                                $
> smmsp    31841  0.0  0.0  57724   904 ?        Ss   Dec20   0:00 sendmail:
> Queue runner at 00:15:00 for
> /var/spool/clientmqueue
> root     31845  0.0  0.0  57852   896 ?        Ss   Dec20   0:00 sendmail:
> Queue runner at 00:15:00 for /var/spool/mqueue
>
> And on the bad server I get the same thing:
> root     17410  0.0  0.1  10768  1824 ?        Ss   11:48   0:00 sendmail:
> accepting connections                                $
> smmsp    17414  0.0  0.1   9784  1528 ?        Ss   11:48   0:00 sendmail:
> Queue runner at 00:15:00 for
> /var/spool/clientmqueue
> root     17418  0.0  0.1   9788  1616 ?        Ss   11:48   0:00 sendmail:
> Queue runner at 00:15:00 for /var/spool/mqueue
>
>
> thanks again
>
>
>
>
> ------------------------------**------------------------------**----
> This message was sent using IMP, the Internet Messaging Program.
>
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.**info <mailscanner at lists.mailscanner.info>
> http://lists.mailscanner.info/**mailman/listinfo/mailscanner<http://lists.mailscanner.info/mailman/listinfo/mailscanner>
>
> Before posting, read http://wiki.mailscanner.info/**posting<http://wiki.mailscanner.info/posting>
>
> Support MailScanner development - buy the book off the website!
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20111222/513065fd/attachment.html


More information about the MailScanner mailing list