Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

sendmail cannot save rejected email anywhere 1

Status
Not open for further replies.

Einstein47

Programmer
Nov 29, 2001
737
US
Ok - this is really bugging me. We are "virtualizing" our AIX servers from individual boxes to a single box with several LPARS. All have been moved over except for the web server (HTTP Server). And the reason it can't move is because of sendmail issues.

So, I am trying to find out what's up with the sendmail and the message:
mail: alert sendmail[procId]: nBVJuuIj393426: SYSERR(root): savemail: cannot save rejected mail anywhere

I realize that isn't the root cause of the sendmail issue, but the logs are just filling with this crap and I am getting very frustrated with having to wade through so many useless messages.

So, can I either turn off that silly message, or how could I fix the location to save the rejected mail so I can effectively trouble-shoot the real problem with the mail. Where would I even look to identify where the rejected mail location is defined? The sendmail.cf is NOT helpful.

Thanks in advance -

Einstein47 (Starbase47.com)
“PI is like love - simple, natural, irrational, endless, and very important“
 
Yeah - I googled all those same links - none of those sheds new light on this "cannot save rejected email anywhere" problem.

I think it must be a permissions thing, but for the life of me I can't see where it is trying to put the "rejected email". Would you know where in the sendmail.cf it defines that location?

Einstein47 (Starbase47.com)
“PI is like love - simple, natural, irrational, endless, and very important“
 
I believe sendmail tries to send rejected mail to the postmaster. If your system can't send mail to postmaster then that would be the cause of the error message. Typically you would define postmaster in /etc/aliases and it would be something like, "postmaster:root". You can test this by:

echo "hello" | sendmail -v postmaster

If it works that is not it.
 
ok - the alias is defined correctly [blue]postmaster:root[/blue], and I can see in the verbose output that it is doing that.

It then tries to relay the email to the lotus notes server (even this local mail ???) and is denied for policy reasons (which makes sense).

Then I get the sendmail panic and the message that sendmail cannot save rejected email anywhere.

Is there a way to make local email NOT go to the external relay server? Or is that just the way AIX does things?

Einstein47 (Starbase47.com)
“PI is like love - simple, natural, irrational, endless, and very important“
 
Two thoughts.

If you have smarthost set in sendmail.cf that could be one cause for all mail going there.

If you use it, what do you have set in your /etc/mail/access file? This controls what gets sent to where as far as relaying goes. I suspect you have an internal domain name that appears in the email messages that cannot be delivered.

Take a look at:

 
ok - I think I figured out the "cannot save rejected email anywhere" part. There was a /dead.letter file on the box, but either the permissions got messed up for the file itself became corrupt. I deleted the file, then recreated it with touch and chmod 664 and now the mail seems give that garbage message.

As far as the SMARTHOST entry - yeah, all mail is intended to be sent by the Lotus Notes server, but I didn't think that even local mail would be sent there. My access file is empty - could that be the reason that local mail is sent to the Lotus Notes server?

I wish I knew more about sendmail - right now, I just know enough to cause trouble.

Einstein47 (Starbase47.com)
“PI is like love - simple, natural, irrational, endless, and very important“
 
I think I spoke too soon - I now no longer get the "cannot save rejected email anywhere" when I do the [blue]> sendmail -bv postmaster[/blue] command - but when crontab runs the [red]daemon[/red] user doesn't get the email, so I see the message on my console, and I see the undelivered mail in the mqueue.

This is just so frustrating - no wonder email is such an easy way to compromise a system, you need a PHD just to be able to configure the stupid thing.

And the worst part is that this error is not the show stopper - it is when we try to have this server take over for the current box, we will be in a world of hurt if email doesn't work.

And I have Googled until my fingers are sore - I really am running out of ideas - any new suggestions?

Einstein47 (Starbase47.com)
“PI is like love - simple, natural, irrational, endless, and very important“
 
Did you stop sendmail and not restart it properly. If you do "ps -ef | grep sendmail" is it running? Simply recreating the dead letter mail box should not have caused the problem you describe. sendmail needs to be started a certain way, as....
to stop:
stopsrc -s sendmail or kill the process
to start:
startsrc -s sendmail -a "-bd -q15m"

You can also use "refresh -s sendmail" if it is running.

which you should do anytime you change sendmail.cf

If you have entries in /var/spool/mqueue and do refresh, then ps -ef | grep sendmail, you should see the messages going. If sendmail is not running then look in syslog for errors.
 
well - that was my problem a few days back - I stopped sendmail to clear out the queue and didn't restart it correctly - but I did find the [blue]startsrc -s sendmail -a "-bd -q30m"[/blue] command and that got me back on track.

But the [blue]sendmail -bv postmaster[/blue] no longer reports the error. However, trying to send mail does still have issue (namely the "cannot save rejected email anywhere" message).

If I posted my sendmail.cf file (which is huge and ugly) or the m4 files that were used to build it (much more understandable IMO) - would you be able to help me figure out what's going on?

I don't want to take up too much time with my silly issue. But I really am just beating my head against the wall right now.


Einstein47 (Starbase47.com)
“PI is like love - simple, natural, irrational, endless, and very important“
 
been years since i did anything with sendmail but normally it writes the emails to /var/spool/mqueue unless you've explicitly set it differently in sendmail.cf like:
Code:
# queue directory
O QueueDirectory=/var/spool/mqueue

at least if i were getting this error that'd be the first place i look.
 
Lets try the following to collect more info. Please send two emails and post the result. One to someone on the inside and one to someone on the outside.

mail -v somebody@inside.com
mail -v anybody@outside.com

Then please post ONLY the changed lines in sendmail.cf. This is typically lines that have something to do with you domain name.

Do you have an inside (ibm.mydomain.com) and outside (mydomain.com) domain. For example, if you do "hostname" on the ibm what does it return. When sending email is it from the hostname as domain. If you have an internal name what do you get if you do "nslookup ibm.mydomain.com". Are you running your own dns server?

I think you said that emails now go in the dead.letter mailbox when you get the error. Can you post one. To clarify, is the current situation that you cannot send any email at all? Not sure where you are with all the posts.

 
Ok - when I send and email using [blue]mail -v address[/blue], then the message does end up in the [blue]/dead.letter[/blue] file. However, the emails that are generated from [blue]at[/blue] and [blue]cron[/blue] are the ones that are rejected and cannot be saved anywhere.

Here is a little bit more history so you know what's going on and what I'm trying to do.

Initially we had 3 separate boxes:
careweb (B50 - HTTP Server),
careapp (M80 - WebSphere Server),
carelot (B50 - Lotus Notes Server).

They were getting old and the maintenance was such that it made more sense to consolidate them as LPARs on a P550. That was all said and good for the app server and mail server, however the HTTP server when it was moved over was unable to send emails. So we kept that box as the B50 and left its LPAR as newcareweb so I could research why emails didn't work. That was over a year ago.

Well, the maintenance on this last B50 has come up again and they really want me to find a way to move the HTTP server on to the LPAR. So I am messing with [red]newcareweb[/red] to get it to work.

The first thing I see is that [blue]ALL[/blue] email is routed to the [blue]carelot[/blue] server. Even internal email. And [blue]carelot[/blue] is configured to reject any mail that is not from [blue]careweb[/blue]. I will try to get with the Lotus Notes admin to allow emails to be sent externally.

However, why would even the [red]internal email[/red] have to be relayed to this Lotus Notes server. Is there a way that completely internal email (such as cron to root) be able to configured to be sent internally?

Einstein47 (Starbase47.com)
“PI is like love - simple, natural, irrational, endless, and very important“
 
This is somewhat confusing. It appears that your post office is on carelot, from which you send all your mail. If this is true, then all you mail should be sent there and then distributed. If carelot is ONLY supposed to get mail from careweb, why? Why don't you just send email from careweb directly? Where does all you normal mail send/receive come from? Do you have a separate mail server? If careweb does not receive mail, then why are you running sendmail? You can still send mail from careweb without it.

Try stopping sendmail on careweb and sending an email using the -v option. Does it now work?
 
I don't feel comfortable turning off sendmail on a production server when I know that the existing environment is working.

I turned off sendmail on [blue]newcareweb[/blue] and then sent and email with the -v option. It still tried to connect to [blue]carelot[/blue] and was rejected for policy reasons and saved the email in the /dead.letter file.

The emails that seem to get stuck in the mailq are those that are send from cron and at. Those emails are normally sent to root. I will leave sendmail off on [blue]newcareweb[/blue] and see if an email send from cron or at will still cause the errors.

Einstein47 (Starbase47.com)
“PI is like love - simple, natural, irrational, endless, and very important“
 
Does the default gateway on newcareweb point to carelot or your real gateway? Type "netstat -rn" and look at the line labeled default. What does this ip address represent on your network. If you do "mail -v root" on newcareweb (with sendmail off), does it work?

In your last reply you metioned turning off sendamil on a production server. Are you running sendmail on all the LPARS, and if so, why? I am assuming all your users have their mail (pop and smtp) pointed to carelot. Correct?
 
Ok psi - you asked a few questions, so let me answer them:

1) netstat -rn | grep default shows our local DNS server newmerlin.utcourts.gov (actually an alias because we have 2 segments 4 and 9: 4 for production servers and 9 for development,test servers)

2) doing "mail -v root" with sendmail off communicates with carelot.utcourts.gov but then is rejected for policy reasons, the message is then saved locally in the /dead.letter file on newcareweb. Again, I need to speak with the Lotus Notes Admin about allowing email from newcareweb.

3) sendmail is NOT running on all of the servers in the LPAR. In fact ONLY careweb has sendmail running (well, newcareweb does now too). The way it works is like this: incoming email for "user@care.utcourts.gov" goes to careweb which is then relayed to carelot to the user's Domino email box. All outgoing email from users will be composed on the Domino box in a Lotus Notes app. System generated emails initiate from careapp (Application Server) and are routed through carelot for delivery or to be sent out to the internet. Is that clear as mud?

[red]Now I have an additional question:[/red]

What is the difference between [blue]sendmail[/blue] and [blue]smtp[/blue]? I thought they were pretty much the same thing, sendmail being the daemon process and smtp the protocol. However, I have a monitoring process that reports that [red]SMTP is down on newcareweb[/red]? Even when the [blue]sendmail[/blue] process is running. How can that be?

Einstein47 (Starbase47.com)
“PI is like love - simple, natural, irrational, endless, and very important“
 
It sounds like carelot (lotus notes) is not configured to accept a mail relay from careweb and maybe other systems. Each system must be explicitly permitted to relay mail to the post office. Not sure where you do that on lotus notes but on AIX you must place the hostname that is permitted to relay in /etc/mail/relay-domains on the post office.

sendmail is the main transfer agent (MTA) and smtp is the protocol that establishes a connection to the MTA and sends mail to it. An anology is that the postman who delivers mail to your home is the MTA and the post office system is SMTP that provides mail to the postman. Not sure how you are deciding SMTP is down but if you do:
netstat -an | grep LISTEN
and look for port 25 you should see that there is a process listening there, which is smtp.
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top