Problem using amavisd 2.9.and sendmail on Centos 7

Tue May 12 10:18:23 CEST 2015

Hi Fabian,
our permission of  "/var/spool/clientmqueue"
is good and SELINUX is already DISABLE.
What else can I investigate?

Thanks a lot.
Daniela Bortolotti

On 05/11/2015 05:25 PM, Fabian Melters wrote:
> Hi Daniela,
>
> this could be a centos/rhel related issue. maybe even a sendmail
> specific one.
>
> anyway...
>
> what does the permission of "/var/spool/clientmqueue" look like?
> should be like this:
> # ls -al /var/spool
> ...
> drwxrwx---. smmsp  smmsp  system_u:object_r:mqueue_spool_t:s0 clientmqueue
> ...
>
> did you check /var/log/audit/audit.log? Any denies?
> Maybe you should deactivate selinux to check if that's the problem
> (setenforce 0). If you don't see anything in the audit.log it could be
> helpful to set "semodule -DB" to see "hidden audit messages" (can be
> reverted with "semodule -B"
>
> Fabian 'xx4h' Melters
>
> On Mon, May 11, 2015 at 05:00:10PM +0200, bortolotti wrote:
>> Good morning,
>> we have a problem with amavis-new and sendmail.
>>
>> We have a S.O. CentOS 7 with the following packages installed:
>>
>> amavisd-milter-1.6.0-6.el7.centos.x86_64
>> amavisd-new-2.9.1-5.el7.noarch
>> clamav-lib-0.98.7-1.el7.x86_64
>> clamav-0.98.7-1.el7.x86_64
>> clamav-data-0.98.7-1.el7.noarch
>> clamav-server-0.98.7-1.el7.x86_64
>> clamav-update-0.98.7-1.el7.x86_64
>> clamav-filesystem-0.98.7-1.el7.noarch
>> clamav-server-systemd-0.98.7-1.el7.noarch
>>
>> sendmail-milter-8.14.7-4.el7.x86_64
>> sendmail-8.14.7-4.el7.x86_64
>> sendmail-cf-8.14.7-4.el7.noarch
>> sendmail-devel-8.14.7-4.el7.x86_64
>>
>> cyrus-sasl-lib-2.1.26-17.el7.x86_64
>> cyrus-sasl-gssapi-2.1.26-17.el7.x86_64
>> cyrus-sasl-plain-2.1.26-17.el7.x86_64
>> cyrus-sasl-2.1.26-17.el7.x86_64
>>
>>
>>
>> Our sendmail setup defines:
>>
>> dnl # amavis milter definitions 9-3-2015
>> INPUT_MAIL_FILTER(`amavis-milter',
>> `S=local:/var/run/amavisd/amavisd-milter.sock, F=T,
>> T=S:10m;R:10m;E:10m')
>>
>>
>> We can send email via 25/587 ports and there are no problem if our
>> messages are without virus.
>>
>> But if we include a test virus we have an error like:
>>
>> ---------------------------------------------------------------------------------------------------------------------------------------------------------------
>> May  5 06:38:42 postman clamd[767]:
>> /var/spool/amavisd/tmp/aft454cfc2004721/parts/p005:
>> Eicar-Test-Signature FOUND
>> May  5 06:38:42 postman clamd[767]:
>> /var/spool/amavisd/tmp/aft454cfc2004721/parts/p003:
>> Eicar-Test-Signature FOUND
>> *May  5 06:38:42 postman sendmail[4727]: NOQUEUE: SYSERR(amavis):
>> can not chdir(/var/spool/clientmqueue/): Permission denied*
>> May  5 06:38:42 postman amavis[4541]: (04541-01) (!!)TROUBLE in
>> check_mail: quar+notif FAILED: temporarily unable to notify admin:
>> 451 4.5.0 Failed to submit a message: exit 78, id=04541-01 at
>> /usr/sbin/amavisd line 16713.
>> May  5 06:38:42 postman sendmail[4721]: t454cfc2004721:
>> milter=amavis-milter, reject=451 4.5.0 Error in processing,
>> id=04541-01, quar+notif FAILED: temporarily unable to notify admin:
>> 451 4.5.0 Failed to submit a message: exit 78, id=04541-01 at
>> /usr/sbin/amavisd line 16713.
>> May  5 06:38:42 postman sendmail[4721]: t454cfc2004721: Milter:
>> data, reject=451 4.5.0 Error in processing, id=04541-01, quar+notif
>> FAILED: temporarily unable to notify admin: 451 4.5.0 Failed to
>> submit a message: exit 78, id=04541-01 at /usr/sbin/amavisd line
>> 16713.
>> May  5 06:38:42 postman sendmail[4721]: t454cfc2004721: --- 451
>> 4.5.0 Error in processing, id=04541-01, quar+notif FAILED:
>> temporarily unable to notify admin: 451 4.5.0 Failed to submit a
>> message: exit 78, id=04541-01 at /usr/sbin/amavisd line 16713.
>> (hold)
>> ----------------------------------------------------------------------------------------------------------------------------------------------------------------
>>
>> We don't receive notification to this address
>> $virus_admin               = "virusalert\@$mydomain";  #
>> notifications recip.
>>
>> because amavis can't flush its email in /var/spool/clientmqueue
>>
>>
>> We have the same problem with the dir /var/spool/clientmqueue if we
>> use the "amavisd-release" command.
>>
>> Selinux is disabled.
>>
>> Our sendmail and amavis (amavisd-new-2.8) setup are good on SL 5.5 systems.
>>
>> Do you have any suggestions?
>>
>> Thanks a lot in advance.
>> Best regards.
>>
>> Daniela Bortolotti
>>
>>
>>
>>
>>
>>
>>
>>