Mail disaster - semi-new system

G. Armour Van Horn vanhorn at whidbey.com
Tue May 16 05:16:32 IST 2006 

Bingo! Set SELinux to disabled, restarted, and eventually the machine 
restarted and processed all the backed up mail in thirty seconds. 
(Eventually because the machine was unable to run X due to an install 
error and I hadn't changed the default runlevel to 3, so I had to drive 
fifteen miles to get to the console and get it running again.)

Perhaps in a year or so I'll dig into SELinux enough to try again, for 
now I'm comfortable with the current security level. The firewall allows 
exactly what I want to come through (though obviously that includes 
things that could be used to attack the machine - as long as I'm not on 
the same local network I have to allow enough access for myself to 
administer the thing), and everything is now completely up to date.

Thanks a lot for your astute observation. I wish I'd asked a day earlier!

Van



Mike Kercher wrote:

>Could this be an SELinux issue?  Anyone?
> 
>Mike
> 
>
>
>________________________________
>
>	From: mailscanner-bounces at lists.mailscanner.info
>[mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of G.
>Armour Van Horn
>	Sent: Monday, May 15, 2006 5:09 PM
>	To: MailScanner discussion
>	Subject: Re: Mail disaster - semi-new system
>	
>	
>	Mike Kercher wrote: 
>
>		mailscanner-bounces at lists.mailscanner.info <> scribbled
>on :
>		
>		  
>
>			I've been pulling my hair out for a couple of
>days, and
>			decided that tracking down "the usual suspect"
>either isn't
>			sufficient here, or I've been pulling out brains
>along with the hair.
>			
>			Because one of my servers was compromised I had
>to rebuild
>			it. I copied most of /usr /etc/ and /home to a
>second disk
>			and installed Fedora Core
>			5 on the primary disk. I got BIND and Apache
>running before I
>			even started on mail, which in this case is
>8.13.5.
>			
>			With the firewall still turned on so no mail
>traffic was
>			getting to the box, I downloaded and installed
>the current
>			f-prot (manual rpm install) and clamav (yum
>install) RPMs,
>			then downloaded MailScanner 4.53.8.
>			
>			I had brought over most of my old MailScanner
>configuration
>			files prior to installing MailScanner, but I
>went through
>			most of MailScanner.conf to make sure things
>made sense, then
>			started it up and disabled the firewall.
>			
>			I had to edit the Sendmail config that keeps you
>from
>			receiving mail from outside, of course.
>			
>			At this point, no mail is coming in to the local
>mail spool.
>			The files that are sitting there from last week
>have been
>			carefully set to the correct ownership
>(username:mail) but
>			nothing is being added to them.
>			Mail to users who don't currently have files in
>			/var/spool/mail do not result in new files being
>created.
>			
>			the maillog is getting lots of entries like this
>one:
>			May 15 14:16:22 verbose sendmail[9479]:
>k4FLCHkZ009386:
>			to=<r_james at in-tel-a-choice.com>
><mailto:r_james at in-tel-a-choice.com> , delay=00:04:04,
>			xdelay=00:00:00, mailer=local, pri=216546,
>dsn=4.0.0,
>			stat=Deferred: local mailer
>			(/usr/bin/procmail) exited with EX_TEMPFAIL
>			
>			The error appears to be the same whether the
>user is one of
>			those that has a file in /var/spool/mail or not.
>			
>			Procmail is running, apparently, and is version
>3.22. I can
>			find no trace of a procmail log, nor have I been
>able to
>			learn how to enable procmail logging.
>(Everything I come up
>			with talks about how to control a user's
>personal procmail
>			log, not a global/system one.)
>			
>			At one point I was getting errors from clamav
>that there was
>			no user clamav (the installer had ignored that
>and proceeded
>			as root). I finally removed clamav from the
>MailScanner.conf
>			list of virus scanners. At least that eliminated
>those log entries.
>			
>			The natives are getting restless, and I'm
>frustrated beyond
>			measure. I'm sure there's some obvious step I've
>ommitted and
>			am hoping that one of you can tell me just how
>stupid I am -
>			preferrably while telling me what the ommitted
>step should have been!
>			
>			Van
>			    
>
>		
>		Also, give me the output of:
>		
>		grep procmail /etc/mail/sendmail.mc
>		
>		Mike
>		  
>
>	[root at verbose mail]# grep procmail /etc/mail/sendmail.mc
>	define(`PROCMAIL_MAILER_PATH',`/usr/bin/procmail')dnl
>	FEATURE(local_procmail,`',`procmail -t -Y -a $h -d $u')dnl
>	MAILER(procmail)dnl
>	
>	
>	
>	
>	-- 
>	----------------------------------------------------------
>	Sign up now for Quotes of the Day, a handful of quotations
>	on a theme delivered every morning.
>	Enlightenment! Daily, for free! 
>	mailto:twisted at whidbey.com?subject=Subscribe_QOTD
>	
>	For photography, web design, hosting, and maintenance, 
>	visit Van's home page: http://www.domainvanhorn.com/van/
>	-----------------------------------------------------------
>
>  
>

-- 
----------------------------------------------------------
Sign up now for Quotes of the Day, a handful of quotations
on a theme delivered every morning.
Enlightenment! Daily, for free! 
mailto:twisted at whidbey.com?subject=Subscribe_QOTD

For photography, web design, hosting, and maintenance, 
visit Van's home page: http://www.domainvanhorn.com/van/
-----------------------------------------------------------

More information about the MailScanner mailing list