Mail disaster - semi-new system

G. Armour Van Horn vanhorn at
Mon May 15 23:07:43 IST 2006

Mike Kercher wrote:

>mailscanner-bounces at <> scribbled on :
>>I've been pulling my hair out for a couple of days, and
>>decided that tracking down "the usual suspect" either isn't
>>sufficient here, or I've been pulling out brains along with the hair.
>>Because one of my servers was compromised I had to rebuild
>>it. I copied most of /usr /etc/ and /home to a second disk
>>and installed Fedora Core
>>5 on the primary disk. I got BIND and Apache running before I
>>even started on mail, which in this case is 8.13.5.
>>With the firewall still turned on so no mail traffic was
>>getting to the box, I downloaded and installed the current
>>f-prot (manual rpm install) and clamav (yum install) RPMs,
>>then downloaded MailScanner 4.53.8.
>>I had brought over most of my old MailScanner configuration
>>files prior to installing MailScanner, but I went through
>>most of MailScanner.conf to make sure things made sense, then
>>started it up and disabled the firewall.
>>I had to edit the Sendmail config that keeps you from
>>receiving mail from outside, of course.
>>At this point, no mail is coming in to the local mail spool.
>>The files that are sitting there from last week have been
>>carefully set to the correct ownership (username:mail) but
>>nothing is being added to them.
>>Mail to users who don't currently have files in
>>/var/spool/mail do not result in new files being created.
>>the maillog is getting lots of entries like this one:
>>May 15 14:16:22 verbose sendmail[9479]: k4FLCHkZ009386:
>>to=<r_james at>, delay=00:04:04,
>>xdelay=00:00:00, mailer=local, pri=216546, dsn=4.0.0,
>>stat=Deferred: local mailer
>>(/usr/bin/procmail) exited with EX_TEMPFAIL
>>The error appears to be the same whether the user is one of
>>those that has a file in /var/spool/mail or not.
>>Procmail is running, apparently, and is version 3.22. I can
>>find no trace of a procmail log, nor have I been able to
>>learn how to enable procmail logging. (Everything I come up
>>with talks about how to control a user's personal procmail
>>log, not a global/system one.)
>>At one point I was getting errors from clamav that there was
>>no user clamav (the installer had ignored that and proceeded
>>as root). I finally removed clamav from the MailScanner.conf
>>list of virus scanners. At least that eliminated those log entries.
>>The natives are getting restless, and I'm frustrated beyond
>>measure. I'm sure there's some obvious step I've ommitted and
>>am hoping that one of you can tell me just how stupid I am -
>>preferrably while telling me what the ommitted step should have been!
>Are there any messages being sent to the postmaster@ account on that
>box?  What is the filesize of /var/spool/mail/root?
>Are there any procmail rules running?  Have you tried to enable logging
>within procmail?
I'm not aware of anyone sending anything to postmaster, but that address 
is aliased to root so I might not ever notice.

[root at verbose mail]# ls -l
total 6772
-rw------- 1 root            mail  336470 May 15 10:50 root

No procmail rules have been setup for any user or for the system.

I've been all over the flipping net looking for hints on how to enable 
logging for procmail, all if find is instructions on setting procmail 
logging for individual users - and that doesn't apply here.


Sign up now for Quotes of the Day, a handful of quotations
on a theme delivered every morning.
Enlightenment! Daily, for free! 
mailto:twisted at

For photography, web design, hosting, and maintenance, 
visit Van's home page:

-------------- next part --------------
An HTML attachment was scrubbed...

More information about the MailScanner mailing list