Mail disaster - semi-new system

Jon Radel jon at radel.com
Tue May 16 03:03:16 IST 2006


G. Armour Van Horn wrote:
> 
> A new hint just arrived. One of my many test messages just generated a
> bounce, here's a snip:
> 
>   ----- Transcript of session follows -----
> procmail: Couldn't create "/var/mail/vanhorn"
> procmail: Error while writing to "/var/log/maillog"
> <vanhorn at verbose.twistedhistory.com>... Deferred: local mailer
> (/usr/bin/procmail) exited with EX_TEMPFAIL
> 
> 
> Suddenly I'm wondering what's with "/var/mail/vanhorn" as mail on this
> machine get written to /var/spool/mail as far as I know. There is a
> /var/mail, but it's a link to /var/spool/mail anyway. Privs on
> /var/spool/mail were 755 and owned by root, I just did go+w on it to
> eliminate that possibility, but it doesn't look like it actually changed
> anything.

Try it with selinux turned off.  Any reasonable policy, if selinux is in
enforcing mode, which you appear to have it in per previous mail, will
block many programs from doing many things.  Or, to put it another way,
you could set every directory on your box to 777 and have trouble
creating files in certain places.

My suggestion is you either

1)  turn selinux off entirely if you don't want to pursue it,

2)  set selinux to log violations only and then use the log file to help
 build a policy customized for what you're actually doing on the box.
Preferably out of sight of the restless natives.  :-)

Take the above with a grain of salt, as I make no claim to have gotten
past the look at the logs, read the docs, and sigh about how much work
it all seems to write a useful policy, stage myself.

BTW, good call on Mike Kercher's part to bring selinux up in the first
place....

--Jon Radel


More information about the MailScanner mailing list