Emails not getting scanned

Tony Arcus tony at ai.net.nz
Thu Dec 22 23:19:09 GMT 2011 


> I'd look very carefully at the sendmail setup
> (http://www.mailscanner.info/sendmail.html)
>
> and make sure that mail doesnot flow with MS turned off.
>
> --
> Martin Hepworth
> Oxford, UK
>
>
> On 21 December 2011 23:29, Tony Arcus <tony at ai.net.nz> wrote:
>
>> On Mon, Dec 19, 2011 at 11:31 PM, Martin Hepworth <maxsec at gmail.com>
>>>> wrote:
>>>>
>>>>> FYI in centos 6 the default mta could be postfix if it's like red hat !
>>>>> So
>>>>> you may need to disable postfix if u want to get this going..
>>>>>
>>>>
>>>> Good point
>>>>
>>>> Tony - if you telnet to the server on port 25, do you get the sendmail
>>>> or postfix banner?
>>>>
>>>>
>>>> Chris
>>>> --
>>>> MailScanner mailing list
>>>> mailscanner at lists.mailscanner.**info<mailscanner at lists.mailscanner.info>
>>>> http://lists.mailscanner.info/**mailman/listinfo/mailscanner<http://lists.mailscanner.info/mailman/listinfo/mailscanner>
>>>>
>>>> Before posting, read  
>>>> http://wiki.mailscanner.info/**posting<http://wiki.mailscanner.info/posting>
>>>>
>>>> Support MailScanner development - buy the book off the website!
>>>>
>>>> --
>>>> This message has been scanned for viruses and
>>>> dangerous content by MailScanner, and is
>>>> believed to be clean.
>>>>
>>>>
>>> Thanks Martin and Chris for that tip, I had already discovered that and
>>> uninstalled postfix. No luck
>>>
>>> It got me thinking... what else could be delivering the mail from
>>> /var/spool/mqueue.in? Other than sendmail?
>>>
>>>  Thanks to a lot of people with suggestions.
>>
>> This is what I believe is happening.
>> Being Centos 6
>>
>> Postfix was installed but not running.
>> Postfix has been uninstalled and the server restarted
>> Telnet in and you get:
>>
>>> Trying 202.xxx.xxx.124...
>>> Connected to mail.xxxxx.co.nz (202.xxx.xxx.124).
>>> Escape character is '^]'.
>>> 220 mail.xxxxxx.co.nz ESMTP Sendmail 8.14.4/8.14.4; Thu, 22 Dec 2011 >
>>> 11:20:06 +1300
>>>
>>
>> looking at chkconfig, this appears clean and unless some one wants
>> something specific from it I wont report my findings.
>>
>> SO
>>
>> It would appear that emails come in on the sendmail MTA
>> They get put in the /var/spool/mqueue.in directory
>> THEN sendmail straight away picks them back up and delivers them before.
>> MailScanner can ever get a change to process them.
>>
>> My reason for thinking this:
>>
>> I sent a number of emails from a different server.
>> Here is sendmail getting the email as we would expect, and as emails are
>> also received on other sendmail/MailScanner servers that are operating
>> correctly.
>>
>> root     16583  0.0  0.3  10848  3952 ?        D    11:34   0:00 sendmail:
>> pBLMYFqF016583  
>> ip-202-174-161-37.wizbiz.net.**nz<http://ip-202-174-161-37.wizbiz.net.nz>
>> [202.174.161.37]: DATA
>>
>>
>> INSTANTLY though I also see this
>> root     16585  0.0  0.3  10668  3200 ?        S    11:34   0:00 sendmail:
>> ./pBLMYFqD016583 from queue
>>
>> sendmail picks the email back up and delivers it, MailScanner never get a
>> change to poll the this message.
>>
>> How do I stop sendmail from doing this?
>>

I agree with you Martin, and am looking closely at sendmail.
With MailScanner turned off no emails flow.

I have even checked to make sure there is no other stray process that  
is running when MailScanner is running that might be activating a  
sendmail process to deliver emails.

Turn MailScanner on emails are accepted but delivered right away.
The process
root     30934  0.0  0.1  10032  2012 ?        Ss   11:32   0:00  
sendmail: accepting connections
Is accepting the connection to receive an email.
A process is started to receive this email
Something like:
sendmail: pBMLiEI2027891 ip-202-xxx-xxx-37.wizbiz.net.nz [202.xxx.xxx.37]:
Then a third process is started to deliver this message.

It is this last step that I DO NOT what happening.

Configurations between this system and other systems seem the same,  
except this is a different version of send mail, 8.14.4-8.el6 as  
apposite to 8.12.8-8.1el5_7

Checked the process for accepting emails
/usr/sbin/sendmail -bd -OPrivacyOptions=noetrn  
-ODeliveryMode=queueonly -OQueueDirectory=/var/spool/mqueue.in  
-OPidFile=/var/run/sendmail.in.pid

It should only put the emails in the queue not also deliver them.

Even changing sendmail.cf to O DeliveryMode=queueonly does not help.


----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

More information about the MailScanner mailing list