[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now


Sendmail not running but mail log fills

Posted on 2004-11-19
Medium Priority
Last Modified: 2013-12-15
Red Hat 9

Sendmail is not set to run at boot time. It has never been used on this server.

Mail is handled by InsightServer (www.bynari.net) - uses Postfix. InsightServer lives in a chroot environ, /opt/is4. Everything is logged in /opt/is4/var/log. This all works fine.

I was checking /var/log recently and opened maillog. It contained lots of entries like:
Oct 31 06:01:00 linux sendmail[18342]: i9V610PB018342: from=root, size=290, class=0, nrcpts=1, msgid=<200410310601.i9V610PB018342@linux.elcotcapital.com>, relay=root@localhost
Oct 31 06:01:00 linux sendmail[18342]: STARTTLS=client, relay=[], version=TLSv1/SSLv3, verify=FAIL, cipher=EDH-RSA-DES-CBC3-SHA, bits=168/168
Oct 31 06:01:01 linux sendmail[18342]: i9V610PB018342: to=root, ctladdr=root (0/0), delay=00:00:01, xdelay=00:00:01, mailer=relay, pri=30247, relay=[] [], dsn=5.1.1, stat=User unknown
Oct 31 06:01:02 linux sendmail[18342]: i9V610PB018342: i9V610PC018342: DSN: User unknown
Oct 31 06:01:03 linux sendmail[18342]: i9V610PC018342: to=root, delay=00:00:01, xdelay=00:00:01, mailer=relay, pri=31314, relay=[] [], dsn=5.1.1, stat=User unknown

Considering that sendmail shouldn't be running and that postfix is logging to /opt/is4/var/mail.log, this doesn't look right.

Removing /etc/mail/sendmail.cf changed the logs to:
Nov 17 01:05:00 linux sendmail[745]: NOQUEUE: SYSERR(root): /etc/mail/sendmail.cf: line 0: cannot open: No such file or directory
Nov 17 05:05:01 linux sendmail[1406]: NOQUEUE: SYSERR(root): /etc/mail/sendmail.cf: line 0: cannot open: No such file or directory
Nov 17 05:05:01 linux sendmail[1409]: NOQUEUE: SYSERR(root): /etc/mail/sendmail.cf: line 0: cannot open: No such file or directory
Nov 18 05:05:01 linux sendmail[5870]: NOQUEUE: SYSERR(root): /etc/mail/sendmail.cf: line 0: cannot open: No such file or directory
Nov 18 19:11:09 linux sendmail[9473]: NOQUEUE: SYSERR(root): /etc/mail/sendmail.cf: line 0: cannot open: No such file or directory
Nov 19 05:05:01 linux sendmail[15200]: NOQUEUE: SYSERR(root): /etc/mail/sendmail.cf: line 0: cannot open: No such file or directory

How can I track down what's trying to send via sendmail instead of postfix?

Why am I getting sendmail entries in /var/log/maillog when sendmail is off?

Confused and concerned.

Question by:mikefish
  • 3
  • 3
  • 2
  • +1

Expert Comment

ID: 12624333
hmm, do you have sendmail and postfix installed?
They come both with a sendmail program, so some application will call sendmail without path, and use the sendmail which comes first in the PATH, and others will call sendmail with it's full path.
Uninstall sendmail and you will be fine.

Author Comment

ID: 12624444
Sendmail came pre-installed - will try to remove and get back to you

Any way of tracing what's calling sendmail?

Expert Comment

ID: 12625253
i guess that they are the output of cron jobs. They are sent in the night, from root, to root, so just check what cronjob runs at the time the mails are in the log, and you will find the usual suspects ;)
Configuration Guide and Best Practices

Read the guide to learn how to orchestrate Data ONTAP, create application-consistent backups and enable fast recovery from NetApp storage snapshots. Version 9.5 also contains performance and scalability enhancements to meet the needs of the largest enterprise environments.


Author Comment

ID: 12625305
I thought about CRON jobs, so set MAILTO="", which I believe means "don't mail". Is this correct?

LVL 40

Assisted Solution

jlevie earned 800 total points
ID: 12625322
GeG has it pretty correct. Those messages are a result of cron jobs and system tasks trying to mail results and notices. Ordinarily, the installation of Postfix would have replaced the /usr/sbin/sendmail with its own agent so that local mail would work, but since you are running Postfix in a chrooted env that didn't happen.

Removing sendmail isn't a solution. You need those messages delivered in case there are any serious errors reported by the system.

Accepted Solution

_GeG_ earned 1200 total points
ID: 12626913
afaik removing sendmail would take care of the problem.
As I explained in my first post, there are probably 2 sendmail programs on his system. And it seems that all mails send via postfix are sent correctly. It doesn't matter if postfix is running chrooted, but it should be the only MTA on the system.
There are 2 sendmail programs on the system. One from sendmail.rpm and one from postfix.rpm. This is bad. As it seems the sendmail program out of the postfix rpm works correcly (or can be configured easily to alias root to a real email account). Now the second sendmail program from the sendmail rpm is probably not configured properly to work with postfix, but with the sendmail application, which is not started. Two MTA cannot be running at the same time. So one is enough, the other is too much. If mikefish chooses postfix, it doesn't make sense to keep sendmail.rpm, but this only creates problems. That's why I recommend removing sendmail.rpm and it needed configure postfix properly to deliver mails to root.
LVL 40

Expert Comment

ID: 12628071
Not quite true... When Postfix is installed correctly it will replace /usr/sbin/sendmail with a Postfix equivalent of the same name. That's necessary since most system tools will invoke /usr/sbin/sendmail. That appears not to be the case here.

Expert Comment

ID: 12685090

1. Is your problem solved.?

2. You mentioned that u removed sendmail.cf and the error messages changed. This should never be done.
    Please restore the sendmail.cf

3. jlevie is correct in his contention When Postfix is installed correctly it will replace /usr/sbin/sendmail
    with a Postfix equivalent of the same name


4. There is a command which can be used to change the MTA from postfix to sendmail (back and forth) therefore
    even if you have configured POSTFIX as your default MTA, some applications can always change the MTA to sendmail
    and then send the mail.

5. As per the logs you have posted... some applications are using this localhost as mail relay.
   They may be running on your linux box.



Author Comment

ID: 12693716
removed sendmail rpm and sendmail.cf. Couldn't see any reason to keep this since I have an MTA in the chroot enviro.

Also sorted a cron problem and redirected root's mail.

/var/log/maillog now remains empty.

Thanks everyone


Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Fine Tune your automatic Updates for Ubuntu / Debian
This article will show you step-by-step instructions to build your own NTP CentOS server.  The network diagram shows the best practice to setup the NTP server farm for redundancy. ┬áThis article also serves as your NTP server documentation.
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.
Suggested Courses
Course of the Month19 days, 1 hour left to enroll

834 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question