mikefish
asked on
Sendmail not running but mail log fills
Red Hat 9
Sendmail is not set to run at boot time. It has never been used on this server.
Mail is handled by InsightServer (www.bynari.net) - uses Postfix. InsightServer lives in a chroot environ, /opt/is4. Everything is logged in /opt/is4/var/log. This all works fine.
I was checking /var/log recently and opened maillog. It contained lots of entries like:
Oct 31 06:01:00 linux sendmail[18342]: i9V610PB018342: from=root, size=290, class=0, nrcpts=1, msgid=<200410310601.i9V610
Oct 31 06:01:00 linux sendmail[18342]: STARTTLS=client, relay=[127.0.0.1], version=TLSv1/SSLv3, verify=FAIL, cipher=EDH-RSA-DES-CBC3-SH
Oct 31 06:01:01 linux sendmail[18342]: i9V610PB018342: to=root, ctladdr=root (0/0), delay=00:00:01, xdelay=00:00:01, mailer=relay, pri=30247, relay=[127.0.0.1] [127.0.0.1], dsn=5.1.1, stat=User unknown
Oct 31 06:01:02 linux sendmail[18342]: i9V610PB018342: i9V610PC018342: DSN: User unknown
Oct 31 06:01:03 linux sendmail[18342]: i9V610PC018342: to=root, delay=00:00:01, xdelay=00:00:01, mailer=relay, pri=31314, relay=[127.0.0.1] [127.0.0.1], dsn=5.1.1, stat=User unknown
Considering that sendmail shouldn't be running and that postfix is logging to /opt/is4/var/mail.log, this doesn't look right.
Removing /etc/mail/sendmail.cf changed the logs to:
Nov 17 01:05:00 linux sendmail[745]: NOQUEUE: SYSERR(root): /etc/mail/sendmail.cf: line 0: cannot open: No such file or directory
Nov 17 05:05:01 linux sendmail[1406]: NOQUEUE: SYSERR(root): /etc/mail/sendmail.cf: line 0: cannot open: No such file or directory
Nov 17 05:05:01 linux sendmail[1409]: NOQUEUE: SYSERR(root): /etc/mail/sendmail.cf: line 0: cannot open: No such file or directory
Nov 18 05:05:01 linux sendmail[5870]: NOQUEUE: SYSERR(root): /etc/mail/sendmail.cf: line 0: cannot open: No such file or directory
Nov 18 19:11:09 linux sendmail[9473]: NOQUEUE: SYSERR(root): /etc/mail/sendmail.cf: line 0: cannot open: No such file or directory
Nov 19 05:05:01 linux sendmail[15200]: NOQUEUE: SYSERR(root): /etc/mail/sendmail.cf: line 0: cannot open: No such file or directory
How can I track down what's trying to send via sendmail instead of postfix?
Why am I getting sendmail entries in /var/log/maillog when sendmail is off?
Confused and concerned.
Sendmail is not set to run at boot time. It has never been used on this server.
Mail is handled by InsightServer (www.bynari.net) - uses Postfix. InsightServer lives in a chroot environ, /opt/is4. Everything is logged in /opt/is4/var/log. This all works fine.
I was checking /var/log recently and opened maillog. It contained lots of entries like:
Oct 31 06:01:00 linux sendmail[18342]: i9V610PB018342: from=root, size=290, class=0, nrcpts=1, msgid=<200410310601.i9V610
Oct 31 06:01:00 linux sendmail[18342]: STARTTLS=client, relay=[127.0.0.1], version=TLSv1/SSLv3, verify=FAIL, cipher=EDH-RSA-DES-CBC3-SH
Oct 31 06:01:01 linux sendmail[18342]: i9V610PB018342: to=root, ctladdr=root (0/0), delay=00:00:01, xdelay=00:00:01, mailer=relay, pri=30247, relay=[127.0.0.1] [127.0.0.1], dsn=5.1.1, stat=User unknown
Oct 31 06:01:02 linux sendmail[18342]: i9V610PB018342: i9V610PC018342: DSN: User unknown
Oct 31 06:01:03 linux sendmail[18342]: i9V610PC018342: to=root, delay=00:00:01, xdelay=00:00:01, mailer=relay, pri=31314, relay=[127.0.0.1] [127.0.0.1], dsn=5.1.1, stat=User unknown
Considering that sendmail shouldn't be running and that postfix is logging to /opt/is4/var/mail.log, this doesn't look right.
Removing /etc/mail/sendmail.cf changed the logs to:
Nov 17 01:05:00 linux sendmail[745]: NOQUEUE: SYSERR(root): /etc/mail/sendmail.cf: line 0: cannot open: No such file or directory
Nov 17 05:05:01 linux sendmail[1406]: NOQUEUE: SYSERR(root): /etc/mail/sendmail.cf: line 0: cannot open: No such file or directory
Nov 17 05:05:01 linux sendmail[1409]: NOQUEUE: SYSERR(root): /etc/mail/sendmail.cf: line 0: cannot open: No such file or directory
Nov 18 05:05:01 linux sendmail[5870]: NOQUEUE: SYSERR(root): /etc/mail/sendmail.cf: line 0: cannot open: No such file or directory
Nov 18 19:11:09 linux sendmail[9473]: NOQUEUE: SYSERR(root): /etc/mail/sendmail.cf: line 0: cannot open: No such file or directory
Nov 19 05:05:01 linux sendmail[15200]: NOQUEUE: SYSERR(root): /etc/mail/sendmail.cf: line 0: cannot open: No such file or directory
How can I track down what's trying to send via sendmail instead of postfix?
Why am I getting sendmail entries in /var/log/maillog when sendmail is off?
Confused and concerned.
ASKER
Sendmail came pre-installed - will try to remove and get back to you
Any way of tracing what's calling sendmail?
Any way of tracing what's calling sendmail?
i guess that they are the output of cron jobs. They are sent in the night, from root, to root, so just check what cronjob runs at the time the mails are in the log, and you will find the usual suspects ;)
ASKER
I thought about CRON jobs, so set MAILTO="", which I believe means "don't mail". Is this correct?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Not quite true... When Postfix is installed correctly it will replace /usr/sbin/sendmail with a Postfix equivalent of the same name. That's necessary since most system tools will invoke /usr/sbin/sendmail. That appears not to be the case here.
Hi!
1. Is your problem solved.?
2. You mentioned that u removed sendmail.cf and the error messages changed. This should never be done.
Please restore the sendmail.cf
3. jlevie is correct in his contention When Postfix is installed correctly it will replace /usr/sbin/sendmail
with a Postfix equivalent of the same name
BUT
4. There is a command which can be used to change the MTA from postfix to sendmail (back and forth) therefore
even if you have configured POSTFIX as your default MTA, some applications can always change the MTA to sendmail
and then send the mail.
5. As per the logs you have posted... some applications are using this localhost as mail relay.
They may be running on your linux box.
Regards!
1. Is your problem solved.?
2. You mentioned that u removed sendmail.cf and the error messages changed. This should never be done.
Please restore the sendmail.cf
3. jlevie is correct in his contention When Postfix is installed correctly it will replace /usr/sbin/sendmail
with a Postfix equivalent of the same name
BUT
4. There is a command which can be used to change the MTA from postfix to sendmail (back and forth) therefore
even if you have configured POSTFIX as your default MTA, some applications can always change the MTA to sendmail
and then send the mail.
5. As per the logs you have posted... some applications are using this localhost as mail relay.
They may be running on your linux box.
Regards!
ASKER
removed sendmail rpm and sendmail.cf. Couldn't see any reason to keep this since I have an MTA in the chroot enviro.
Also sorted a cron problem and redirected root's mail.
/var/log/maillog now remains empty.
Thanks everyone
Also sorted a cron problem and redirected root's mail.
/var/log/maillog now remains empty.
Thanks everyone
They come both with a sendmail program, so some application will call sendmail without path, and use the sendmail which comes first in the PATH, and others will call sendmail with it's full path.
Uninstall sendmail and you will be fine.