Emails not getting scanned
Martin Hepworth
maxsec at gmail.com
Thu Dec 22 08:18:19 GMT 2011
I'd look very carefully at the sendmail setup
(http://www.mailscanner.info/sendmail.html)
and make sure that mail doesnot flow with MS turned off.
--
Martin Hepworth
Oxford, UK
On 21 December 2011 23:29, Tony Arcus <tony at ai.net.nz> wrote:
> On Mon, Dec 19, 2011 at 11:31 PM, Martin Hepworth <maxsec at gmail.com>
>>> wrote:
>>>
>>>> FYI in centos 6 the default mta could be postfix if it's like red hat !
>>>> So
>>>> you may need to disable postfix if u want to get this going..
>>>>
>>>
>>> Good point
>>>
>>> Tony - if you telnet to the server on port 25, do you get the sendmail
>>> or postfix banner?
>>>
>>>
>>> Chris
>>> --
>>> MailScanner mailing list
>>> mailscanner at lists.mailscanner.**info<mailscanner at lists.mailscanner.info>
>>> http://lists.mailscanner.info/**mailman/listinfo/mailscanner<http://lists.mailscanner.info/mailman/listinfo/mailscanner>
>>>
>>> Before posting, read http://wiki.mailscanner.info/**posting<http://wiki.mailscanner.info/posting>
>>>
>>> Support MailScanner development - buy the book off the website!
>>>
>>> --
>>> This message has been scanned for viruses and
>>> dangerous content by MailScanner, and is
>>> believed to be clean.
>>>
>>>
>> Thanks Martin and Chris for that tip, I had already discovered that and
>> uninstalled postfix. No luck
>>
>> It got me thinking... what else could be delivering the mail from
>> /var/spool/mqueue.in? Other than sendmail?
>>
>> Thanks to a lot of people with suggestions.
>
> This is what I believe is happening.
> Being Centos 6
>
> Postfix was installed but not running.
> Postfix has been uninstalled and the server restarted
> Telnet in and you get:
>
>> Trying 202.xxx.xxx.124...
>> Connected to mail.xxxxx.co.nz (202.xxx.xxx.124).
>> Escape character is '^]'.
>> 220 mail.xxxxxx.co.nz ESMTP Sendmail 8.14.4/8.14.4; Thu, 22 Dec 2011 >
>> 11:20:06 +1300
>>
>
> looking at chkconfig, this appears clean and unless some one wants
> something specific from it I wont report my findings.
>
> SO
>
> It would appear that emails come in on the sendmail MTA
> They get put in the /var/spool/mqueue.in directory
> THEN sendmail straight away picks them back up and delivers them before.
> MailScanner can ever get a change to process them.
>
> My reason for thinking this:
>
> I sent a number of emails from a different server.
> Here is sendmail getting the email as we would expect, and as emails are
> also received on other sendmail/MailScanner servers that are operating
> correctly.
>
> root 16583 0.0 0.3 10848 3952 ? D 11:34 0:00 sendmail:
> pBLMYFqF016583 ip-202-174-161-37.wizbiz.net.**nz<http://ip-202-174-161-37.wizbiz.net.nz>
> [202.174.161.37]: DATA
>
>
> INSTANTLY though I also see this
> root 16585 0.0 0.3 10668 3200 ? S 11:34 0:00 sendmail:
> ./pBLMYFqD016583 from queue
>
> sendmail picks the email back up and delivers it, MailScanner never get a
> change to poll the this message.
>
> How do I stop sendmail from doing this?
>
> PS
> When I look at ps aux|grep send on a server operating okay I get
> root 31837 0.0 0.0 67468 1520 ? Ss Dec20 0:00 sendmail:
> accepting connections $
> smmsp 31841 0.0 0.0 57724 904 ? Ss Dec20 0:00 sendmail:
> Queue runner at 00:15:00 for
> /var/spool/clientmqueue
> root 31845 0.0 0.0 57852 896 ? Ss Dec20 0:00 sendmail:
> Queue runner at 00:15:00 for /var/spool/mqueue
>
> And on the bad server I get the same thing:
> root 17410 0.0 0.1 10768 1824 ? Ss 11:48 0:00 sendmail:
> accepting connections $
> smmsp 17414 0.0 0.1 9784 1528 ? Ss 11:48 0:00 sendmail:
> Queue runner at 00:15:00 for
> /var/spool/clientmqueue
> root 17418 0.0 0.1 9788 1616 ? Ss 11:48 0:00 sendmail:
> Queue runner at 00:15:00 for /var/spool/mqueue
>
>
> thanks again
>
>
>
>
> ------------------------------**------------------------------**----
> This message was sent using IMP, the Internet Messaging Program.
>
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.**info <mailscanner at lists.mailscanner.info>
> http://lists.mailscanner.info/**mailman/listinfo/mailscanner<http://lists.mailscanner.info/mailman/listinfo/mailscanner>
>
> Before posting, read http://wiki.mailscanner.info/**posting<http://wiki.mailscanner.info/posting>
>
> Support MailScanner development - buy the book off the website!
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20111222/513065fd/attachment.html
More information about the MailScanner
mailing list