Hi Fabian,
our permission of "/var/spool/clientmqueue"
is good and SELINUX is already DISABLE.
What else can I investigate?
Thanks a lot.
Daniela Bortolotti
On 05/11/2015 05:25 PM, Fabian Melters wrote:
Hi Daniela,
this could be a centos/rhel related issue. maybe even a sendmail
specific one.
anyway...
what does the permission of "/var/spool/clientmqueue" look like?
should be like this:
# ls -al /var/spool
...
drwxrwx---. smmsp smmsp system_u:object_r:mqueue_spool_t:s0 clientmqueue
...
did you check /var/log/audit/audit.log? Any denies?
Maybe you should deactivate selinux to check if that's the problem
(setenforce 0). If you don't see anything in the audit.log it could be
helpful to set "semodule -DB" to see "hidden audit messages" (can be
reverted with "semodule -B"
Fabian 'xx4h' Melters
On Mon, May 11, 2015 at 05:00:10PM +0200, bortolotti wrote:
Good morning,
we have a problem with amavis-new and sendmail.
We have a S.O. CentOS 7 with the following packages installed:
amavisd-milter-1.6.0-6.el7.centos.x86_64
amavisd-new-2.9.1-5.el7.noarch
clamav-lib-0.98.7-1.el7.x86_64
clamav-0.98.7-1.el7.x86_64
clamav-data-0.98.7-1.el7.noarch
clamav-server-0.98.7-1.el7.x86_64
clamav-update-0.98.7-1.el7.x86_64
clamav-filesystem-0.98.7-1.el7.noarch
clamav-server-systemd-0.98.7-1.el7.noarch
sendmail-milter-8.14.7-4.el7.x86_64
sendmail-8.14.7-4.el7.x86_64
sendmail-cf-8.14.7-4.el7.noarch
sendmail-devel-8.14.7-4.el7.x86_64
cyrus-sasl-lib-2.1.26-17.el7.x86_64
cyrus-sasl-gssapi-2.1.26-17.el7.x86_64
cyrus-sasl-plain-2.1.26-17.el7.x86_64
cyrus-sasl-2.1.26-17.el7.x86_64
Our sendmail setup defines:
dnl # amavis milter definitions 9-3-2015
INPUT_MAIL_FILTER(`amavis-milter',
`S=local:/var/run/amavisd/amavisd-milter.sock, F=T,
T=S:10m;R:10m;E:10m')
We can send email via 25/587 ports and there are no problem if our
messages are without virus.
But if we include a test virus we have an error like:
---------------------------------------------------------------------------------------------------------------------------------------------------------------
May 5 06:38:42 postman clamd[767]:
/var/spool/amavisd/tmp/aft454cfc2004721/parts/p005:
Eicar-Test-Signature FOUND
May 5 06:38:42 postman clamd[767]:
/var/spool/amavisd/tmp/aft454cfc2004721/parts/p003:
Eicar-Test-Signature FOUND
*May 5 06:38:42 postman sendmail[4727]: NOQUEUE: SYSERR(amavis):
can not chdir(/var/spool/clientmqueue/): Permission denied*
May 5 06:38:42 postman amavis[4541]: (04541-01) (!!)TROUBLE in
check_mail: quar+notif FAILED: temporarily unable to notify admin:
451 4.5.0 Failed to submit a message: exit 78, id=04541-01 at
/usr/sbin/amavisd line 16713.
May 5 06:38:42 postman sendmail[4721]: t454cfc2004721:
milter=amavis-milter, reject=451 4.5.0 Error in processing,
id=04541-01, quar+notif FAILED: temporarily unable to notify admin:
451 4.5.0 Failed to submit a message: exit 78, id=04541-01 at
/usr/sbin/amavisd line 16713.
May 5 06:38:42 postman sendmail[4721]: t454cfc2004721: Milter:
data, reject=451 4.5.0 Error in processing, id=04541-01, quar+notif
FAILED: temporarily unable to notify admin: 451 4.5.0 Failed to
submit a message: exit 78, id=04541-01 at /usr/sbin/amavisd line
16713.
May 5 06:38:42 postman sendmail[4721]: t454cfc2004721: --- 451
4.5.0 Error in processing, id=04541-01, quar+notif FAILED:
temporarily unable to notify admin: 451 4.5.0 Failed to submit a
message: exit 78, id=04541-01 at /usr/sbin/amavisd line 16713.
(hold)
----------------------------------------------------------------------------------------------------------------------------------------------------------------
We don't receive notification to this address
$virus_admin = "virusalert\@$mydomain"; #
notifications recip.
because amavis can't flush its email in /var/spool/clientmqueue
We have the same problem with the dir /var/spool/clientmqueue if we
use the "amavisd-release" command.
Selinux is disabled.
Our sendmail and amavis (amavisd-new-2.8) setup are good on SL 5.5 systems.
Do you have any suggestions?
Thanks a lot in advance.
Best regards.
Daniela Bortolotti
