CAN SEND BUT NOT RECEIVE EMAIL

An inherited system running FreeBSD 3.4 has crashed after a suspected hack, and now will not allow receipt of email to local user machines. Using Webmin, can see that the messages are in fact arriving, but that's where it stops. Was initially brought on as a web site designer, have inherited this problem, and not sure where to turn. Error msg's being shown at the server machine level are:

chown: root: illegal user name

mail inetd[164]: ftp/tcp: no such user 'root'

mail sendmail[173]: j689evj00173: Losing ./qfj689euj00173: savemail panic SYSERR(toor): savemail: cannot save rejected email anywhere: no such file or directory

Those are the most prevalent messages that I can see.

ANY HELP OFFERED GRATEFULLY APPRECIATED, ESPECIALLY IF SOMEONE NEAR MY AREA (RI) that I can call.
cpwilsonAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

gheistCommented:
Probably you quickly jump over missed eight years or so - install brand new FreeBSD 5.4 on newer machine, and copy sendmail configs over or create them anew.

For instance I feel exim to be easiest to configure, posfix or qmail a bit harder, but they are faster, and sendmail being last choice for being ultra-slow and its black-art configuration.

Be very careful - disconnect hacked machine from network, and never ever use it to log in to normal machines, copy its disk for future reference, and extract only few necessary files from it.
cpwilsonAuthor Commented:
Probably simple for someone who understands it. Me, just the idiot they have made responsible and have no clue with this one.

Is there a way to fix this without going to new machine (not budgeted for that until sometime next year). I see in Webmin that posfix or qmail can be installed, but not sure what is needed.

What I am (hopefully) looking for is a quick fix that can be used to at least start receiving email again, and will deal with the possible security issues after.
gheistCommented:
"mail sendmail[173]: j689evj00173: Losing ./qfj689euj00173: savemail panic SYSERR(toor): savemail: cannot save rejected email anywhere: no such"
probably means that disk is getting bad

Basically I suggest you read this:
 (3 days maximum - was 1 day for me)
and in the meantime
* get new machine ( not new but with new big disks and good (Intel or 3com or any gigabit) netcard)
* install FreeBSD 5.4
* read exim manual from www.exim.org
* install exim from FreeBSD ports
* adjust config and make it work in place of sendmail
* tell here in what form is your user databases
( next week )
http://slett.net/spam-filtering-for-mx/
* implement filtering on input with at least antivirus
* add accesslist, so your machine does not accept mails to missing mailboxes and generate bounces
* forget problems for next 3-5 years or so ( I advise updating system & running software at least once a year, best twice , if you have no better reasons)

Sorry FreeBSD 3.4 is *historical* now
You cannot make its sendmail safe, nor it's C library safe and stable to look up network names.

Become a CompTIA Certified Healthcare IT Tech

This course will help prep you to earn the CompTIA Healthcare IT Technician certification showing that you have the knowledge and skills needed to succeed in installing, managing, and troubleshooting IT systems in medical and clinical settings.

David PiniellaCommented:
diagnostics:
run "df -h" as root to see how much free space you've got left. "du" is another handy command for you to look at.
telnet to yourself on port 25 and see if you can talk to the mail server (see http://www.raiden.net/techhelp/pop3_smtp_commands.html). to do this, from the freebsd host itself, run "telnet localhost 25" and when you get the SMTP greeting, enter "ehlo". See the previous link for stuff to check for (ie, that you can send mail to your server.)

That said, I tend to agree with ghest's assesment about FreeBSD 3.4 (and software installed on it) being too old to easily troubleshoot and/or work with. Back up your data to CD/DVD/removeable hard drive adn reinstall a more current FreeBSD/Linux. I would recommend qmail as a sendmail replacement since yes, sendmail is a tough program to configure ("black art configuration" rings too true) and is known for security problems (although things are supposed to be better now...).

See http://freebsdwiki.net/index.php/Mail_toaster for a "quick set up on a mail-everything" server using qmail. A similar but somewhat less clear (more is done for you via scripts, so likely you'll understand less,) guide is at http://freebsd.qmailrocks.org/.

If your server is compromised, nothing short of a complete wipe and reinstall should ever let you trust it or anything on it. I'd be suspicious of any machines that it's connected to as well. Save yourself the headache later and reinstall FreeBSD on your box.
gheistCommented:
I'sd vote against building qmail outside ports tree for example. Otherwise instructions are perfectly reasonable.
byttaCommented:
snippet from www.acme.com:
Note that qmail ... generates post-reception bounce messages in circumstances where other mail transports would have refused the reception. This means every qmail site is basically an open spam relay. For this reason alone, qmail should never be used by anyone.
David PiniellaCommented:
regarding qmail's bounce messages, see http://en.wikipedia.org/wiki/Qmail#Controversy -- note the address wildcard stuff. To say that qmail is automagically an open spam relay is incorrect, although it _can_ be if misconfigured (just as any other SMTP mailer can be).
gheistCommented:
Try follow my exim link.
It prety well describes that a filterin is worth only in SMTP session, bounce generation is bad, so leave it to others. ( all can be done with sendmail using milter modules, and with postfix and qmail using specific filters)
I suggested exim because its configuration is pretty straightforward:
1) configure "routers" to get mail ot
2) add access lists, so you accept mail from "routable" addresses ( at different grade - domain lookup, server callou etc)
3) add more access lists so your users use your allocated subnet and other use the rest
4) while you are at it - antivirus takes 5 config lines without any dangerous software changes

So more or less it all can fit in file as small as 2k - and it does only what it is required to do, especially you can avoid bounces and delivery delay reports with ease.
David PiniellaCommented:
I agree that exim config is pretty straightforward (although compared to sendmail, almost everything is straightforward). Exim, postfix, qmail all good alternatives to sendmail and if you're kind of new to unix admin/mail admin stuff, you might want to avoid qmail as well (although I have found it pretty straightforward too, I can see how it might be daunting for a new admin.)
gheistCommented:
One with very good explanations, to get anyone started:
http://www.exim.org/exim-html-4.50/doc/html/spec_7.html#IX605

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
jrssystemsnetCommented:
Saying that using qmail as a mailer is a bad idea because it generates bounce messages is the silliest thing I've heard in quite some time.  Qmail either will or won't generate a bounce depending on how you configure it.  Personally, I don't let any of my own mailservers generate bounces, EVER.  I set them to accept anything coming from a non-RBL'ed source, then quietly deal with it on an internal level.  Mail to non-existent accounts is either redirected to a catch-all or /dev/null'ed, depending on whether I want to see it or not.

In particular, if you set up qmail (and associated daemons and tools) from the article dpiniella mentioned, http://www.freebsdwiki.net/index.php/Mail_toaster, you'll get an easy-to-use GUI that allows you to manage every level of message delivery / rejection / you name it right from a web interface.
David PiniellaCommented:
...or you can install webmin and control qmail via _that_, but since the mail_toaster article already has instructions on that GUI, I didn't really think it was worth mentioning.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Unix OS

From novice to tech pro — start learning today.