At 15:20 30/03/2004, you wrote:
Hi All, Since last december I'm running MailScanner and SpamAssassin on a good ol' RaQ 4 XTR. I installed it according this manual : http://www.qitc.net/support/mailscanner/ It has been working just fine, f-prot killed all virusses and SA stopped those viagra spammings. But recently I noticed more and more spam seemed to come through SA so I started to check things out. Then I discovered that MailScanner/SA/F-prot didn't check the mail at all anymore! :( Since january 23rd the "X-Mailer scanned by [mycompany]" line isn't added to the mailheaders anymore. Also when I check stats from the mailscanner MRTG I see onyl MTA spam blocks. That must mean the scanner doesn't do anything anymore! I tried sending myself virri and they also just came through! I don't know why it suddenly stopped working. Have you got any idea where I should start looking for the cause? Some things that did happen: - Installed all RaQ updates from Sun's Cobalt RaQ 4 patches page. - Rebooted the machine once because of IP change (other block) - Installed MRTG Could you show me show directions where to look and what to check? I reconfigged the Mailscanner already, but it still doesn't seem to work :/
I suspect this is probably related to the Sun Cobalt patches and in particular a Sendmail update. When you installed MailScanner did you make a change to /etc/mail/sendmail.cf along the lines of....[below is saved text I made for someone when their MailScanner stopped working after a Sendmail update]...
Cobalt servers are a bit weird in that they are configured with sub-directories within /var/spool/mqueue (q1 q
2 q3 q4). MaiScanner can't work with that so the following had to be done. From - http://www.qitc.net/support/mailscanner/#MailScanner We have to change a couple of things first pico -w /etc/mail/sendmail.cf Search for "QueueDirectory" and change the line to O QueueDirectory=/var/spool/mqueue Move any remaining queue files into the updated queue directory cd /var/spool mv /var/spool/mqueue/q*/* /var/spool/mqueue mv /var/spool/mqueue.in/ /home/spool/ ln -s ../../home/spool/mqueue.in /var/spool/mqueue.in Delete the old queue subdirectories rmdir /var/spool/mqueue/q*So the Sendmail patch from Cobalt put the qX directories back. To fix it was just a case of going through the
above again.You can check this is the case by checking /var/log/maillog along the lines.....[again from a server I fixed]....
From /var/log/maillogJan 21 04:07:29 www MailScanner[12750]: MailScanner E-Mail Virus Scanner version 4.24-5 starting... Jan 21 04:07:30 www MailScanner[12750]: Queue directory /var/spool/mqueue cannot contain sub-directories, curr
ently contains dir q1Otherwise I would check that MailScanner is actually running (again check maillog or ps wfaux | grep -i mailscanner). You mentioned a reboot so did you also remove the /etc/rc.d/init.d/sendmail as per the web site instructions and replace with the MailScanner script?
Dan