Mail disaster - semi-new system

Mike Kercher mike at
Mon May 15 23:27:37 IST 2006

Could this be an SELinux issue?  Anyone?


	From: mailscanner-bounces at
[mailto:mailscanner-bounces at] On Behalf Of G.
Armour Van Horn
	Sent: Monday, May 15, 2006 5:09 PM
	To: MailScanner discussion
	Subject: Re: Mail disaster - semi-new system
	Mike Kercher wrote: 

		mailscanner-bounces at <> scribbled
on :

			I've been pulling my hair out for a couple of
days, and
			decided that tracking down "the usual suspect"
either isn't
			sufficient here, or I've been pulling out brains
along with the hair.
			Because one of my servers was compromised I had
to rebuild
			it. I copied most of /usr /etc/ and /home to a
second disk
			and installed Fedora Core
			5 on the primary disk. I got BIND and Apache
running before I
			even started on mail, which in this case is
			With the firewall still turned on so no mail
traffic was
			getting to the box, I downloaded and installed
the current
			f-prot (manual rpm install) and clamav (yum
install) RPMs,
			then downloaded MailScanner 4.53.8.
			I had brought over most of my old MailScanner
			files prior to installing MailScanner, but I
went through
			most of MailScanner.conf to make sure things
made sense, then
			started it up and disabled the firewall.
			I had to edit the Sendmail config that keeps you
			receiving mail from outside, of course.
			At this point, no mail is coming in to the local
mail spool.
			The files that are sitting there from last week
have been
			carefully set to the correct ownership
(username:mail) but
			nothing is being added to them.
			Mail to users who don't currently have files in
			/var/spool/mail do not result in new files being
			the maillog is getting lots of entries like this
			May 15 14:16:22 verbose sendmail[9479]:
			to=<r_james at>
<mailto:r_james at> , delay=00:04:04,
			xdelay=00:00:00, mailer=local, pri=216546,
			stat=Deferred: local mailer
			(/usr/bin/procmail) exited with EX_TEMPFAIL
			The error appears to be the same whether the
user is one of
			those that has a file in /var/spool/mail or not.
			Procmail is running, apparently, and is version
3.22. I can
			find no trace of a procmail log, nor have I been
able to
			learn how to enable procmail logging.
(Everything I come up
			with talks about how to control a user's
personal procmail
			log, not a global/system one.)
			At one point I was getting errors from clamav
that there was
			no user clamav (the installer had ignored that
and proceeded
			as root). I finally removed clamav from the
			list of virus scanners. At least that eliminated
those log entries.
			The natives are getting restless, and I'm
frustrated beyond
			measure. I'm sure there's some obvious step I've
ommitted and
			am hoping that one of you can tell me just how
stupid I am -
			preferrably while telling me what the ommitted
step should have been!

		Also, give me the output of:
		grep procmail /etc/mail/

	[root at verbose mail]# grep procmail /etc/mail/
	FEATURE(local_procmail,`',`procmail -t -Y -a $h -d $u')dnl
	Sign up now for Quotes of the Day, a handful of quotations
	on a theme delivered every morning.
	Enlightenment! Daily, for free! 
	mailto:twisted at
	For photography, web design, hosting, and maintenance, 
	visit Van's home page:

More information about the MailScanner mailing list