[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Scanner



Hi Brian.

The scanner is called MailMonitor. It does the actual capturing of the
e-mail, scans it and then passes it on to the MTA. I am using Exim-4.12,
which works perfectly. But I am testing MailMonitor only, so both Exim and
MailMonitor aren't running at the same time.

I activated debugging, and this is the log recorded after I fail a
connection attempt:

<log logname="communication" tid="10251" time="Wed Feb 19 15:00:43 2003" >
Connection refused to the client <![CDATA[host.my-domain.com]]>
[<![CDATA[ip-of-client]]>]<P/>

Unfortunately, this is all I get. Any ideas what this could be?

Regards,

Mark Tinka - CCNA
Network Engineer
Africa Online Uganda
5th Floor, Commercial Plaza
7 Kampala Rd,
Tel:   +256-41-258143
Fax:   +256-41-258144
E-mail: mtinka at africaonline.co.ug
Web:     www.africaonline.co.ug



-----Original Message-----
From: owner-afnog at afnog.org [mailto:owner-afnog at afnog.org]On Behalf Of
Brian Candler
Sent: Wednesday, February 19, 2003 2:15 PM
To: Mark Tinka
Cc: afnog at afnog.org
Subject: Re: Scanner


On Wed, Feb 19, 2003 at 01:12:06PM +0300, Mark Tinka wrote:
> I am trying to setup a virus scanner that listens on port 25, traps the
> e-mail, scans it and then passes it on to a pre-defined mail server for
> local delivery.
>
> I've installed the scanner, but when I try to telnet port 25 for a banner,
> the connection is closed after a connection has been extablished. It's
quite
> odd. It won't accept outgoing e-mail either.
>
> I have run strace against the telnet command, and need some help trying to
> understand the output. System is SuSE Linux with kernel 2.4.19.

Well, tracing the client side is not going to tell you much. It just shows
you that it connected:

> connect(3, {sin_family=AF_INET, sin_port=htons(25),
sin_addr=inet_addr("216.104.200.15")}}, 16) = 0

Successful connection (return code 0)

> write(1, "Connected to 216.104.200.15.\r\n", 30Connected to
216.104.200.15.) = 30
> write(1, "Escape character is \'^]\'.\r\n", 27Escape character is '^]'.) =
27

Reports the fact to the local terminal.

> select(4, [0 3], [], [3], {0, 0})       = 1 (in [3], left {0, 0})
> recv(3, "", 8192, 0)                    = 0

The far end disconnected (select reports an event on fd 3, but recv returns
a count of 0 bytes, which indicates an error condition)

So, you need to be looking at the server end to see what is being logged, to
find out why it is dropping the call. You didn't say what MTA or anti-virus
package you are using there!

Regards,

Brian.

-----
This is the afnog mailing list, managed by Majordomo 1.94.5

To send a message to this list, e-mail afnog at afnog.org
To send a request to majordomo, e-mail majordomo at afnog.org and put
your request in the body of the message (i.e use "help" for help)

This list is maintained by owner-afnog at afnog.org



-----
This is the afnog mailing list, managed by Majordomo 1.94.5

To send a message to this list, e-mail afnog at afnog.org
To send a request to majordomo, e-mail majordomo at afnog.org and put
your request in the body of the message (i.e use "help" for help)

This list is maintained by owner-afnog at afnog.org