knightmb Posted November 24, 2007 Report Share Posted November 24, 2007 Hi Everyone, I've run into a strange issue and once again call upon the great minds here for assistance I have a base Mandriva 2008.0 setup. It has Postfix, SpamAssassin, ClamAV, Procmail, etc. In a previous setup on Mandriva 2006.0, I was using Procmail to send all mail messages first to ClamAV for virus scanning, if the message had a virus in it, ClamAV would write it to the header. The next Procmail rule was to forward this message to an e-mail account to contain the message. It would never be delivered to the intended target this way. The next rules did the same thing, pass the message to SpamAssassin, then check for the header for if it was a spam message, forward to a special "spam" account for collection. Everything works fine in 2006.0, so I figured the same setup would be easy in Mandriva 2008.0 but I've run into a snag. Procmail appears to only "half" function. It passes the e-mail to the scanners and they do their thing of checking and writing the results into mail headers. The only thing is, it won't forward the message afterwards to the "holding" accounts for later inspection/deletion. So for example, here's the rules that worked in 2006.0 release LOGFILE=/var/log/promail.log VERBOSE=off DROPPRIVS=yes :0fw * !^(To|Cc|X-Original-To).*virus-holder@localhost | /usr/local/bin/clamscan-procfilter.pl :0H * ^X-CLAMAV * !^(To|Cc|X-Original-To).*virus-holder@localhost ! virus-holder@localhost :0wf * !^(To|Cc|X-Original-To).*spam-holder@localhost * !^(To|Cc|X-Original-To).*virus-holder@localhost | /usr/bin/spamc :0H * ^X-Spam-Level:.*(\*\*\*\*) * !^(To|Cc|X-Original-To).*spam-holder@localhost ! spam-holder@localhost So when loading up the 2008.0 release, I made sure Postfix had the right mailbox command to direct all mail through Procmail and made sure that ClamAV and SpamAssassin Daemons were fired up and running properly. I send myself a test e-mail with a virus attachment and well it comes directly back to me. I look at the headers in the message and I see where ClamAV tagged the message with a "virus found" result. I even see the SpamAssassin scan results with the spam score and all that. So I know both of those rules are working in feeding the message to the scanners and waiting for a result. My only snag is why it appears the forwarding is broken. I turned on logging for Procmail and nothing odd is in the log file. I tried adding a simple dummy rule to forward everything to my e-mail account and it appears it doesn't work either after trying some messages from my gmail, yahoo, hotmail, accounts, etc. I'm at a loss as to why this rule recipe works in 2006.0 but not in 2008.0 I know 2008.0 has the newer version of Postfix, ClamAV, SpamAssassin, etc. But I think the Procmail version hasn't changed since like 2001 or something, LOL. Has anyone run into this issue before? Any ideas of where to start to troubleshoot? I've never had this kind of problem with Procmail before. I've searched around the web for this issue, it appears I'm the only one so far. Thanks all! Quote Link to comment Share on other sites More sharing options...
knightmb Posted November 24, 2007 Author Report Share Posted November 24, 2007 I have some extra info to add to this. I think I found the cause, but not the solution. On the Mandriva 2006.0 system, Procmail would call up "sendmail" when it forwards a message via one of it's rules. As per this log file snippet: procmail: [4105] Fri Nov 23 19:36:51 2007 procmail: Assigning "DROPPRIVS=yes" procmail: Assuming identity of the recipient, VERBOSE=off From knightmb@knightmb.dyndns.org Fri Nov 23 19:36:51 2007 Subject: virus test Folder: /usr/sbin/sendmail -oi virus-holder@localhost When checking the the log files on the Mandriva 2008.0 machine, the same "virus" laden e-mail generates this error instead using the exact same rules: procmail: [7930] Fri Nov 23 19:26:17 2007 procmail: Assigning "DROPPRIVS=yes" procmail: Assuming identity of the recipient, VERBOSE=off /bin/sh: : No such file or directory procmail: Error while writing to "" From knightmb@knightmb.dyndns.org Fri Nov 23 19:26:17 2007 Subject: virus test Folder: /var/spool/mail/knightmb I think that's the root of my Procmail sending problem. Every other rule works just fine, but it can't forward a message because it's not calling up Sendmail; but I guess nothing at all, just a path to the bash for some reason. So, does anyone know if Procmail has an easy to change configuration for this or is this problem buried in the actual code of Procmail ? Quote Link to comment Share on other sites More sharing options...
knightmb Posted November 24, 2007 Author Report Share Posted November 24, 2007 I think that's the root of my Procmail sending problem. Every other rule works just fine, but it can't forward a message because it's not calling up Sendmail; but I guess nothing at all, just a path to the bash for some reason. So, does anyone know if Procmail has an easy to change configuration for this or is this problem buried in the actual code of Procmail ? I seem to be really good at talking to myself today :P Ok, actually went into the source for this Mandriva 2008.0 package and checked the headers. It has the correct path to sendmail coded in. So, the problem may be something else. I've traced the links around on my system for the sendmail and they point back to the "postfix" program they use to emulate sendmail message sending so that other programs don't notice the difference. So, I've hit another dead end. Procmail seems to have the correct command to forward e-mail with and I can do one from the console just as it would, so I know that part works. I'm stumped to the problem as to why it won't relay/forward mail. This error I'm seeing in the log file must be related to something else that no one has encountered yet, but I'm still hoping someone out there has an idea or clue to this error/bug/configuration? Quote Link to comment Share on other sites More sharing options...
knightmb Posted December 14, 2007 Author Report Share Posted December 14, 2007 A SOLUTION HAS BEEN FOUND!! I'm not sure why this is left out of the distro, but I'll have to contact the package maintainer for procmail so that they know. (Anyone know the best way?) The default procmail package for Mandriva 2008.0 is missing the sendmail variables to properly forward e-mail. The problem's I listed above can be remedied in this manner. You need to add these variables to any procmail receipe SENDMAIL=/usr/sbin/sendmail SENDMAILFLAGS=-oi Problem is then solved, apparently these were left blank in the package which any default Mandriva 2008.0 system won't be able to forward e-mail using any procmail recipes until these are added. So, for example, to fix that config I listed above, it would look like this. LOGFILE=/var/log/promail.log VERBOSE=off DROPPRIVS=yes SENDMAIL=/usr/sbin/sendmail SENDMAILFLAGS=-oi :0fw * !^(To|Cc|X-Original-To).*virus-holder@localhost | /usr/local/bin/clamscan-procfilter.pl :0H * ^X-CLAMAV * !^(To|Cc|X-Original-To).*virus-holder@localhost ! virus-holder@localhost :0wf * !^(To|Cc|X-Original-To).*spam-holder@localhost * !^(To|Cc|X-Original-To).*virus-holder@localhost | /usr/bin/spamc :0H * ^X-Spam-Level:.*(\*\*\*\*) * !^(To|Cc|X-Original-To).*spam-holder@localhost ! spam-holder@localhost I hope this saves anyone else that encounters the same issue, weeks and weeks of research! Quote Link to comment Share on other sites More sharing options...
spinynorman Posted December 14, 2007 Report Share Posted December 14, 2007 Thanks for reporting back. ;) Quote Link to comment Share on other sites More sharing options...
jkerr82508 Posted December 14, 2007 Report Share Posted December 14, 2007 I'm not sure why this is left out of the distro, but I'll have to contact the package maintainer for procmail so that they know. (Anyone know the best way?) Report a bug: http://qa.mandriva.com/ Jim Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.