Sendmail not running but mail log fills

Red Hat 9

Sendmail is not set to run at boot time. It has never been used on this server.

Mail is handled by InsightServer (www.bynari.net) - uses Postfix. InsightServer lives in a chroot environ, /opt/is4. Everything is logged in /opt/is4/var/log. This all works fine.

I was checking /var/log recently and opened maillog. It contained lots of entries like:
Oct 31 06:01:00 linux sendmail[18342]: i9V610PB018342: from=root, size=290, class=0, nrcpts=1, msgid=<200410310601.i9V610PB018342@linux.elcotcapital.com>, relay=root@localhost
Oct 31 06:01:00 linux sendmail[18342]: STARTTLS=client, relay=[127.0.0.1], version=TLSv1/SSLv3, verify=FAIL, cipher=EDH-RSA-DES-CBC3-SHA, bits=168/168
Oct 31 06:01:01 linux sendmail[18342]: i9V610PB018342: to=root, ctladdr=root (0/0), delay=00:00:01, xdelay=00:00:01, mailer=relay, pri=30247, relay=[127.0.0.1] [127.0.0.1], dsn=5.1.1, stat=User unknown
Oct 31 06:01:02 linux sendmail[18342]: i9V610PB018342: i9V610PC018342: DSN: User unknown
Oct 31 06:01:03 linux sendmail[18342]: i9V610PC018342: to=root, delay=00:00:01, xdelay=00:00:01, mailer=relay, pri=31314, relay=[127.0.0.1] [127.0.0.1], dsn=5.1.1, stat=User unknown

Considering that sendmail shouldn't be running and that postfix is logging to /opt/is4/var/mail.log, this doesn't look right.

Removing /etc/mail/sendmail.cf changed the logs to:
Nov 17 01:05:00 linux sendmail[745]: NOQUEUE: SYSERR(root): /etc/mail/sendmail.cf: line 0: cannot open: No such file or directory
Nov 17 05:05:01 linux sendmail[1406]: NOQUEUE: SYSERR(root): /etc/mail/sendmail.cf: line 0: cannot open: No such file or directory
Nov 17 05:05:01 linux sendmail[1409]: NOQUEUE: SYSERR(root): /etc/mail/sendmail.cf: line 0: cannot open: No such file or directory
Nov 18 05:05:01 linux sendmail[5870]: NOQUEUE: SYSERR(root): /etc/mail/sendmail.cf: line 0: cannot open: No such file or directory
Nov 18 19:11:09 linux sendmail[9473]: NOQUEUE: SYSERR(root): /etc/mail/sendmail.cf: line 0: cannot open: No such file or directory
Nov 19 05:05:01 linux sendmail[15200]: NOQUEUE: SYSERR(root): /etc/mail/sendmail.cf: line 0: cannot open: No such file or directory

How can I track down what's trying to send via sendmail instead of postfix?

Why am I getting sendmail entries in /var/log/maillog when sendmail is off?

Confused and concerned.

mikefishAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

_GeG_Commented:
hmm, do you have sendmail and postfix installed?
They come both with a sendmail program, so some application will call sendmail without path, and use the sendmail which comes first in the PATH, and others will call sendmail with it's full path.
Uninstall sendmail and you will be fine.
0
mikefishAuthor Commented:
Sendmail came pre-installed - will try to remove and get back to you

Any way of tracing what's calling sendmail?
0
_GeG_Commented:
i guess that they are the output of cron jobs. They are sent in the night, from root, to root, so just check what cronjob runs at the time the mails are in the log, and you will find the usual suspects ;)
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

mikefishAuthor Commented:
I thought about CRON jobs, so set MAILTO="", which I believe means "don't mail". Is this correct?

0
jlevieCommented:
GeG has it pretty correct. Those messages are a result of cron jobs and system tasks trying to mail results and notices. Ordinarily, the installation of Postfix would have replaced the /usr/sbin/sendmail with its own agent so that local mail would work, but since you are running Postfix in a chrooted env that didn't happen.

Removing sendmail isn't a solution. You need those messages delivered in case there are any serious errors reported by the system.
0
_GeG_Commented:
afaik removing sendmail would take care of the problem.
As I explained in my first post, there are probably 2 sendmail programs on his system. And it seems that all mails send via postfix are sent correctly. It doesn't matter if postfix is running chrooted, but it should be the only MTA on the system.
There are 2 sendmail programs on the system. One from sendmail.rpm and one from postfix.rpm. This is bad. As it seems the sendmail program out of the postfix rpm works correcly (or can be configured easily to alias root to a real email account). Now the second sendmail program from the sendmail rpm is probably not configured properly to work with postfix, but with the sendmail application, which is not started. Two MTA cannot be running at the same time. So one is enough, the other is too much. If mikefish chooses postfix, it doesn't make sense to keep sendmail.rpm, but this only creates problems. That's why I recommend removing sendmail.rpm and it needed configure postfix properly to deliver mails to root.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
jlevieCommented:
Not quite true... When Postfix is installed correctly it will replace /usr/sbin/sendmail with a Postfix equivalent of the same name. That's necessary since most system tools will invoke /usr/sbin/sendmail. That appears not to be the case here.
0
makhanCommented:
Hi!

1. Is your problem solved.?

2. You mentioned that u removed sendmail.cf and the error messages changed. This should never be done.
    Please restore the sendmail.cf


3. jlevie is correct in his contention When Postfix is installed correctly it will replace /usr/sbin/sendmail
    with a Postfix equivalent of the same name

    BUT

4. There is a command which can be used to change the MTA from postfix to sendmail (back and forth) therefore
    even if you have configured POSTFIX as your default MTA, some applications can always change the MTA to sendmail
    and then send the mail.

5. As per the logs you have posted... some applications are using this localhost as mail relay.
   They may be running on your linux box.


Regards!



0
mikefishAuthor Commented:
removed sendmail rpm and sendmail.cf. Couldn't see any reason to keep this since I have an MTA in the chroot enviro.

Also sorted a cron problem and redirected root's mail.

/var/log/maillog now remains empty.

Thanks everyone

0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Linux

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.