Mail disaster - semi-new system

Mike Kercher mike at vesol.com
Mon May 15 22:38:54 IST 2006 

mailscanner-bounces at lists.mailscanner.info <> scribbled on :

> I've been pulling my hair out for a couple of days, and
> decided that tracking down "the usual suspect" either isn't
> sufficient here, or I've been pulling out brains along with the hair.
> 
> Because one of my servers was compromised I had to rebuild
> it. I copied most of /usr /etc/ and /home to a second disk
> and installed Fedora Core
> 5 on the primary disk. I got BIND and Apache running before I
> even started on mail, which in this case is 8.13.5.
> 
> With the firewall still turned on so no mail traffic was
> getting to the box, I downloaded and installed the current
> f-prot (manual rpm install) and clamav (yum install) RPMs,
> then downloaded MailScanner 4.53.8.
> 
> I had brought over most of my old MailScanner configuration
> files prior to installing MailScanner, but I went through
> most of MailScanner.conf to make sure things made sense, then
> started it up and disabled the firewall.
> 
> I had to edit the Sendmail config that keeps you from
> receiving mail from outside, of course.
> 
> At this point, no mail is coming in to the local mail spool.
> The files that are sitting there from last week have been
> carefully set to the correct ownership (username:mail) but
> nothing is being added to them.
> Mail to users who don't currently have files in
> /var/spool/mail do not result in new files being created.
> 
> the maillog is getting lots of entries like this one:
> May 15 14:16:22 verbose sendmail[9479]: k4FLCHkZ009386:
> to=<r_james at in-tel-a-choice.com>, delay=00:04:04,
> xdelay=00:00:00, mailer=local, pri=216546, dsn=4.0.0,
> stat=Deferred: local mailer
> (/usr/bin/procmail) exited with EX_TEMPFAIL
> 
> The error appears to be the same whether the user is one of
> those that has a file in /var/spool/mail or not.
> 
> Procmail is running, apparently, and is version 3.22. I can
> find no trace of a procmail log, nor have I been able to
> learn how to enable procmail logging. (Everything I come up
> with talks about how to control a user's personal procmail
> log, not a global/system one.)
> 
> At one point I was getting errors from clamav that there was
> no user clamav (the installer had ignored that and proceeded
> as root). I finally removed clamav from the MailScanner.conf
> list of virus scanners. At least that eliminated those log entries.
> 
> The natives are getting restless, and I'm frustrated beyond
> measure. I'm sure there's some obvious step I've ommitted and
> am hoping that one of you can tell me just how stupid I am -
> preferrably while telling me what the ommitted step should have been!
> 
> Van
> 

Are there any messages being sent to the postmaster@ account on that
box?  What is the filesize of /var/spool/mail/root?
Are there any procmail rules running?  Have you tried to enable logging
within procmail?

Mike

More information about the MailScanner mailing list