[SOLVED] Xamime running on Linux box

So I've inherited a very old linux system running older software and fedora v 14. I have a program running on the server called xamime. It's used to scan email and attachments, and it's somehow tied in with sendmail, but I can't find any documentation on the web on how to remove it from sendmail and the system since I don't need it any longer and since it's no longer a valid product. Anyone have any ideal of xamime? I tried removing the directory and all the files, but I then get errors with cron looking for the /usr/local/xamime/tmp folder. Also when I remove it sendmail will not restart.

Thanks,

Quote:

Originally Posted by mikeg1203 So I've inherited a very old linux system running older software and fedora v 14. I have a program running on the server called xamime. It's used to scan email and attachments, and it's somehow tied in with sendmail, but I can't find any documentation on the web on how to remove it from sendmail and the system since I don't need it any longer and since it's no longer a valid product. Anyone have any ideal of xamime? I tried removing the directory and all the files, but I then get errors with cron looking for the /usr/local/xamime/tmp folder. Also when I remove it sendmail will not restart.

If you are running a Fedora 14 server in a production, work environment...stop where you are. Don't bother investigating anything, and reload the server from scratch with a CURRENT OS. You are running an INCREDIBLY old server, with very outdated security, and you are only inviting problems. Your server *WILL* die, and you will then have to reload it. Putting a fresh copy of CentOS (which is far better for servers than a rapid-development distro like Fedora) will take you less time than it will to thread through ancient software, only to wind up insecure and *STILL* having to rebuild things with current software at some point in the future.

This was mentioned in your two other email-related threads: https://www.linuxquestions.org/quest...ly-4175658681/

I understand that point, and we are looking into newer updated systems to run the things that needs to be ran. The issue is that the software that's running is also very old and will only run on this platform. This is the reason I'm looking for patches right now. I can only work with what I have and the budget I have, network infrastructure first then I'll put newer equipment on it.

Quote:

Originally Posted by mikeg1203 I understand that point, and we are looking into newer updated systems to run the things that needs to be ran. The issue is that the software that's running is also very old and will only run on this platform. This is the reason I'm looking for patches right now. I can only work with what I have and the budget I have, network infrastructure first then I'll put newer equipment on it.

As said before, there ARE NO PATCHES for Fedora 14, and there haven't been in eight years. The software you're referencing doesn't even EXIST any longer; that's all there is to it. Asking for patches/updates will do you no good, since they don't exist.

If you're the administrator, you should know how to remove a cron job, or at least edit one to remove a reference to something that doesn't exist any longer. As far as sendmail goes, there is a sendmail.cf file which (most probably) contains references to that software. Remove them, and sendmail will start. Your other option is to keep this old junk in place (for no good reason), until it dies or you replace it.

There are an abundance of spam and email security programs out there, from spamassassin, clamav, and a host of others, all current and up to date. All working with the current sendmail system. And if your server is old, but 64bit, the current CentOS will run on it as well...if you're nervous, buy new hard drives for the system, pull the old ones, and do a fresh install.

All you've told us about is sendmail, but you can probably replace whatever old software you're 'forced' to use with newer versions, but we don't know what you've got to deal with, or what else runs on this server. Whatever it is, that server *WILL DIE* and you will be absolutely FORCED to upgrade....and it is far more painful to do it unexpectedly rather than having planned outages and testing time.

No crap. Yes I know the server WILL DIE everything WILL DIE eventually. It's not a matter of if but when. I'm not a linux guru nor do I plan to be one, but all I asked was a simple question if anyone knew anything about xamime and how it ties in with sendmail. And for your smart a responses I have checked all the sendmail.mc/cf and submit.mc/cf for reference to this program and it's not there. So if you don't know anything about xamime then just don't reply, it's not that hard.

Quote:

Originally Posted by mikeg1203 No crap. Yes I know the server WILL DIE everything WILL DIE eventually. It's not a matter of if but when. I'm not a linux guru nor do I plan to be one, but all I asked was a simple question if anyone knew anything about xamime and how it ties in with sendmail.

No, I doubt you're going to find ANYONE who can tell you about a more-than-decade-old, dead piece of software.

Quote:

And for your smart a responses I have checked all the sendmail.mc/cf and submit.mc/cf for reference to this program and it's not there. So if you don't know anything about xamime then just don't reply, it's not that hard.

And if you don't know what you're looking at, get someone who does...it's not that hard.

Looking at a VERY old .gz file of that software says that the xamime software gets shoved into the .m4 file, which is then compiled into the sendmail.cf using the m4 processor. From the build file:

Code:

R$*                     $#xamime $@$1 $:$1
MAILER(`local')
MAILER(`procmail')
MAILER(`smtp')
MAILER_DEFINITIONS
Mxamime,        P=/usr/local/xamime/xamime, F=0lsDFM5:/|@qSPhn9, S=0, R=0
                T=DNS/RFC822/X-Unix,
                A=xamime $h $u $f /usr/local/xamime/xamime.conf

....which *DOES* reference the program that gets built, and shows how it ties in. There is even probably an old copy of the sendmail.m4 file somewhere, before that stuff got added, and if there isn't, pretty much any .m4 file from that sendmail package (downloadable from various sources), has one. You can modify it to have your relay host/rules and remove that software. You can also check the /etc/init.d/sendmail script, because you can also specify command-line options, such as additional config files and/or programs. Run "crontab -e" as root, and remove any jobs that reference xamime scripts. That removes the cron error.

But again the question is "Why bother??" If your plan is to replace the server, and it is currently running....leave it alone if you don't plan on upgrading it, and are going to replace it instead.

Yes. That was the first thought I had: Why do you want to remove xamime?
Is it not working? What's happening that you think it needs to be removed?

I certainly agree that in your place, I'd be focusing on building and testing a replacement server, but if something is broken and needs to be fixed, perhaps we could help better if you tell us what's not working.

(It's possible that the problem isn't with xamime...)

My thinking is that since the little bit of info I can find on it, it takes the mail from sendmail and edits the header after it's been scanned for email. As of right now all mail send out of my server to gmail is being designated at spam. I've checked all the black lists and domain reputation against various sites with good results back. I just figured I could remove something from the loop since I don't receive email back to this server and since xamime is editing the original emails, this might be the reason google is marking my email as spam.

Quote:

Originally Posted by mikeg1203 My thinking is that since the little bit of info I can find on it, it takes the mail from sendmail and edits the header after it's been scanned for email. As of right now all mail send out of my server to gmail is being designated at spam. I've checked all the black lists and domain reputation against various sites with good results back. I just figured I could remove something from the loop since I don't receive email back to this server and since xamime is editing the original emails, this might be the reason google is marking my email as spam.

Gmail will tell you why it's marked as spam.
Have you followed the link in the BOUNCE message and looked up the referenced code? What does it say?
Have you checked the IP address you're using in the RBLs? (not the domain name...spam block lists block by IP address)
Does email to other non-gmail addresses also get BOUNCEd?
Can you post the headers of one such outbound email? (in code tags obfuscated, of course)

Quote:

Originally Posted by mikeg1203 My thinking is that since the little bit of info I can find on it, it takes the mail from sendmail and edits the header after it's been scanned for email. As of right now all mail send out of my server to gmail is being designated at spam. I've checked all the black lists and domain reputation against various sites with good results back. I just figured I could remove something from the loop since I don't receive email back to this server and since xamime is editing the original emails, this might be the reason google is marking my email as spam.

...and now the real issue comes to light, and we go full circle.

You probably ARE spamming, because of the ancient software with incredibly outdated security. Your server may very well have been compromised...xamime only scans INCOMING emails, and removes potential problems (when it was working/relevant more than a decade ago).

Quote:

Originally Posted by TB0ne ...and now the real issue comes to light, and we go full circle. You probably ARE spamming, because of the ancient software with incredibly outdated security. Your server may very well have been compromised...xamime only scans INCOMING emails, and removes potential problems (when it was working/relevant more than a decade ago).

Good point. With that old a sendmail installation, having an open relay is a real possibility. When I decided 15 years ago not to use sendmail, it was because it was way to easy to mis-configure.

No they have no clue. They have been working on it for almost 5 days with intermittent periods where all mail flows fine. The funny thing about the referenced code is that when you open it, it takes you to a different code altogether. I've looked by domain name and ip address. Yes all emails get bounced no matter the email address. The header below is just an echo test email ran from the command line of the server.



Delivered-To: www@mydomain.com
Received: by 2002:a17:906:2404:0:0:0:0 with SMTP id z4csp1043116eja;
Tue, 13 Aug 2019 07:54:36 -0700 (PDT)
X-Received: by 2002:ac8:30ad:: with SMTP id v42mr31178710qta.371.1565708076568;
Tue, 13 Aug 2019 07:54:36 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1565708076; cv=none;
d=google.com; s=arc-20160816;
b=Ha8SJazNyImR38ciTRobTekOQzabGlcw2gEH4Qn2pOLx3LpFfSSaIt9ImnBOhgJCbS
XJaX5cjUKRcoDaaJFRunNGaLUVjZURrj3cRT5E3pjE1D9ympEvZFlPjUMu10NelmJ3XS
DSXM2IzYrvnmA4DBd9QKBw0I+ND62SuMRNIe/gm2qrXfj1QA8fsqqz2RdOwqNU+br6qs
EWtwGracjyEdoKmt7MzM8yNNAQiB8Mb31B94ipwHVCT0Sg3THqFLbQrXaRwOlDzIlo3E
MJ/ovAE4ZEV6yMPhzGFG2XcgiyuaqcIBabTz25pn8U6EuVLnnlfWoRIh1AT+80sIhNBo
A/Aw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
h=date:message-id:in-reply-to:references:subject:auto-submitted:to
:from:dkim-signature;
bh=klTn19dz1x3hxA4OuAsmFfk5pJb8f+Ji/nlUUAmOZuQ=;
b=i0hLsoNCLWl6+G9broQuik6Nq9jEQyM/Dgn5EzCuEXPJK6411Imbpb5bm7uE9C4C+s
wny+OB+r/ALozLgGJxE88mrIkoWtoHVevtauY6QDAqCo2sS7CbMY7k6Fv7xM2XdVf2Hh
6ePHouzL23ZYdyl5paaVqx1nPhWQTH6ctJU6tVsLHtpvssP95yhYOb+KLSaptudWZxcY
1OyDO6yMwdOfTEQ7ecSpHWkJgNCELg+PsuirRgpovM650rpNrACMzMZuQaJN0Ef2Igp/
SQxHqZbLzmGPjT09jbfEiqqjbRc5J+xrckwIL8nDIwX5BmJvSVLq/9KbIofeEWAxDPBE
LpdQ==
ARC-Authentication-Results: i=1; mx.google.com;
dkim=pass header.i=@googlemail.com header.s=20161025 header.b=bohlr6Xl;
spf=pass (google.com: best guess record for domain of postmaster@mail-sor-f101.google.com designates 209.85.220.101 as permitted sender) smtp.helo=mail-sor-f101.google.com;
dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=googlemail.com
Return-Path: <>
Received: from mail-sor-f101.google.com (mail-sor-f101.google.com. [209.85.220.101])
by mx.google.com with SMTPS id y201sor10702264qka.204.2019.08.13.07.54.36
for <www@mydomain.com>
(Google Transport Security);
Tue, 13 Aug 2019 07:54:36 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of postmaster@mail-sor-f101.google.com designates 209.85.220.101 as permitted sender) client-ip=209.85.220.101;
Authentication-Results: mx.google.com;
dkim=pass header.i=@googlemail.com header.s=20161025 header.b=bohlr6Xl;
spf=pass (google.com: best guess record for domain of postmaster@mail-sor-f101.google.com designates 209.85.220.101 as permitted sender) smtp.helo=mail-sor-f101.google.com;
dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=googlemail.com
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=googlemail.com; s=20161025;
h=from:to:auto-submitted:subject:references:in-reply-to:message-id
:date;
bh=klTn19dz1x3hxA4OuAsmFfk5pJb8f+Ji/nlUUAmOZuQ=;
b=bohlr6Xl1Wvmmr4aoYoaxI4LpW+xN50HM/pP4DKh+uubeU/cQVWOMd0oahaGvQKQPA
sjMqYV/LQqukTC0RQm9ACnD8Y2Qhmo1w67XR7CWXunKd7Mso0NPPW9CpgNRiKaIDIVnI
L3IKO9nG93AWup3qrRrfiBNfz9W8q7NpwTs+N10GXgowmjAGEcAoI3YdXJgj0jcf7iMs
yjP+IEYisjjLGEDPO6a3polJb8LNPZmxAL7vGHL6A9YpDfW7Dyz/KBZ+oTG6lUAycmGw
cq/ZQ898aPvFr4emBHYceQ6+SZrmmsETC4vRlHNZIg7D41WzheTAxbo1eGvz6rj704nU
xrbA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20161025;
h=x-gm-message-state:from:to:auto-submitted:subject:references
:in-reply-to:message-id:date;
bh=klTn19dz1x3hxA4OuAsmFfk5pJb8f+Ji/nlUUAmOZuQ=;
b=n7Q7oUHZ7okqR4/05x0k1P4q09QxclWZMwoV1qF/U3dIS0k6vAkoj5heL5V+kw9L/Z
opiIxH+dJ/73ZDCfdyWWwXIZ/CUIw4QenRJAzoqa1CXQ11O2bUa2a1bsul3U3edzM8j6
C5ENiOFDm6Nd75kfRTrxltlVN5mAyS8/OS5qOCIlLfk7i7qNR7TwLJwmG15KG1NHnB9O
QQMQHy3rfExfZ5qIKfLVFATSx1KNdyWiBJmzTYFaRoAUNOTgBWgmn1tjPjcWnfiSB0VG
Jdd0Q4WF8EkZQuU4Fe1Lzznb84luX7nycSvrUFYAwa6SRHDC16a0XZl2uAOC9U31xyD0
A1mg==
X-Gm-Message-State: APjAAAU8G4Ab1jgBlB9RRqXyiWprjObmNCEHJXUMS+UpKQ5TB79qZF21 CnuhG6e+Kt7JmjSJulAshEtIsNYjsHnvZHET56zMSQ==
X-Google-Smtp-Source: APXvYqzETzcX5D/v810vuWmkf8+uXTqKRZf6dw5qeYKX7RBrPHi6+AriKy8ZWd5YK5TTiDoI34J9id1ZczxaYeGyuUIEQih1JxlCeBs=
X-Received: by 2002:a37:61c3:: with SMTP id v186mr32542307qkb.158.1565708076395;
Tue, 13 Aug 2019 07:54:36 -0700 (PDT)
Content-Type: multipart/report; boundary="000000000000b71eef059000d1f9"; report-type=delivery-status
Return-Path: <>
Received: by 2002:a37:61c3:: with SMTP id v186mr31538503qkb.158; Tue, 13 Aug 2019 07:54:36 -0700 (PDT)
From: Mail Delivery Subsystem <mailer-daemon@googlemail.com>
To: www@mydomain.com
Auto-Submitted: auto-replied
Subject: Delivery Status Notification (Failure)
References: <201908131454.x7DEsZOo010740@mydomain.com>
In-Reply-To: <201908131454.x7DEsZOo010740@mydomain.com>
X-Failed-Recipients: mikeg1203@gmail.com
Message-ID: <5d52cf2c.1c69fb81.fe310.d131.GMR@mx.google.com>
Date: Tue, 13 Aug 2019 07:54:36 -0700 (PDT)

--000000000000b71eef059000d1f9
Content-Type: multipart/related; boundary="000000000000b726eb059000d1fd"

--000000000000b726eb059000d1fd
Content-Type: multipart/alternative; boundary="000000000000b726f7059000d1fe"

--000000000000b726f7059000d1fe
Content-Type: text/plain; charset="UTF-8"


** Message blocked **

Your message to mikeg1203@gmail.com has been blocked. See technical details below for more information.

Learn more here: https://support.google.com/mail/answer/69585

The response was:

Message rejected. See https://support.google.com/mail/answer/69585 for more information.

--000000000000b726f7059000d1fe
Content-Type: text/html; charset="UTF-8"


<html>
<head>
<style>
* {
font-family:Roboto, "Helvetica Neue", Helvetica, Arial, sans-serif;
}
</style>
</head>
<body>
<table cellpadding="0" cellspacing="0" class="email-wrapper" style="padding-top:32px;background-color:#ffffff;"><tbody>
<tr><td>
<table cellpadding=0 cellspacing=0><tbody>
<tr><td style="max-width:560px;padding:24px 24px 32px;background-color:#fafafa;border:1px solid #e0e0e0;border-radius:2px">
<img style="padding:0 24px 16px 0;float:left" width=72 height=72 alt="Error Icon" src="cid:icon.png">
<table style="min-width:272px;padding-top:8px"><tbody>
<tr><td><h2 style="font-size:20px;color:#212121;font-weight:bold;margin:0">
Message blocked
</h2></td></tr>
<tr><td style="padding-top:20px;color:#757575;font-size:16px;font-weight:normal;text-align:left">
Your message to <a style='color:#212121;text-decoration:none'><b>mikeg1203@gmail.com</b></a> has been blocked. See technical details below for more information.
</td></tr>
<tr><td style="padding-top:24px;color:#4285F4;font-size:14px;font-weight:bold;text-align:left">
<a style="text-decoration:none" href="https://support.google.com/mail/answer/69585">LEARN MORE</a>
</td></tr>
</tbody></table>
</td></tr>
</tbody></table>
</td></tr>
<tr style="border:none;background-color:#fff;font-size:12.8px;width:90%">
<td align="left" style="padding:48px 10px">
The response was:<br/>
<p style="font-family:monospace">
Message rejected. See https://support.google.com/mail/answer/69585 for more information.
</p>
</td>
</tr>
</tbody></table>
</body>
</html>

--000000000000b726f7059000d1fe--
--000000000000b726eb059000d1fd
Content-Type: image/png; name="icon.png"
Content-Disposition: attachment; filename="icon.png"
Content-Transfer-Encoding: base64
Content-ID: <icon.png>


--000000000000b726eb059000d1fd--
--000000000000b71eef059000d1f9
Content-Type: message/delivery-status


--000000000000b71eef059000d1f9
Content-Type: message/rfc822

X-Google-Smtp-Source: APXvYqz09+uNez1xKBW3bVlFa0TEr2MRlYDFivCMNyq9NBlodcVOuwUcddUJ0Gd2dNZRF2HeCLjQed6uSWUY
X-Received: by 2002:a37:61c3:: with SMTP id v186mr32542298qkb.158.1565708076273;
Tue, 13 Aug 2019 07:54:36 -0700 (PDT)
Return-Path: <www@mydomain.com>
Received: from mydomain.com (server.mydomain.com. [x.x.x.x])
by smtp-relay.gmail.com with ESMTP id r3sm716637qkm.9.2019.08.13.07.54.35
for <mikeg1203@gmail.com>;
Tue, 13 Aug 2019 07:54:36 -0700 (PDT)
X-Relaying-Domain: stingrayboats.com
Received: (from root@localhost) by mydomain.com (8.14.4/8.14.4) id x7DEsZOo010740 for mikeg1203@gmail.com; Tue, 13 Aug 2019 10:54:35 -0400
Date: Tue, 13 Aug 2019 10:54:35 -0400
From: Stingray Powerboats <www@mydomain.com>
Message-Id: <201908131454.x7DEsZOo010740@smydomain.com>
Subject: test

test


--000000000000b71eef059000d1f9--

@scasey I had a nightmare security wise when I got here 3 months ago I've since somewhat updated the system and put the server behind a firewall. Yes behind the firewall, Previously it was just out there after the router, sitting waiting to be hacked. I've also blocked all incoming ports and services that allow mail, not saying there's still nothing there on the server, but I can't see anything with the watch guards I've put into place. I've also thought about switching over to postfix. There's an install file on the server but it's not installed or running.

PLEASE use code tags when posting output.

I'll grant that Google's support pages are a bit obtuse, but it looks like that error is because your server is sending too many emails...it's not actually saying it's spam. That's consistent with it works sometimes and not others. When the volume drops, the block gets lifted.

How many emails are being sent per hour? I think the block happens at > 150 per hour? Are "they" doing that? Bulk emails?

What's in the maillog (or wherever sendmail logs outgoing traffic)?

I'm not exactly sure on the number per hour, but the engineer from the G-suite team said it was being shown as spam from what he was seeing in his system and the return emails show up in the users spam folder in gmail. i.e. webserver@mydomain.com sends out email to user@gmail.com, webserver gets a bounce back but it's marked as spam and put in spam folder in gmail. According to gmails reports, we are in the neighborhood of 1500 - 2000 emails a day, but that is well within the limits of g-suite. Their policy for smtp relay service is 130 times the number of user licenses in your G Suite account. I have 43 user licenses so that puts me in the neighborhood of around a 5500 send limit per day. All of my logs are fine now, all are saying sent using relay=smpt-relay.l.gmail.com sent=ok